Network concepts introduction & wireshark

Similar documents
Network concepts introduction & wireshark. workshop

ICS 351: Networking Protocols

SC/CSE 3213 Winter Sebastian Magierowski York University CSE 3213, W13 L8: TCP/IP. Outline. Forwarding over network and data link layers

Layer 4: UDP, TCP, and others. based on Chapter 9 of CompTIA Network+ Exam Guide, 4th ed., Mike Meyers

IP Protocols. ALTTC/Oct

Internet Control Message Protocol (ICMP)

TCP/IP Networking. Training Details. About Training. About Training. What You'll Learn. Training Time : 9 Hours. Capacity : 12

TCP/IP Networking Basics

ECE697AA Lecture 2. Today s lecture

The Application Layer: & SMTP

Chapter 2 - Part 1. The TCP/IP Protocol: The Language of the Internet

Networking Revision. TCP/IP Protocol Stack & OSI reference model. Basic Protocols. TCP/IP Model ANTHONY KAO NETWORKING FINAL EXAM SPRING 2014 REVISION

General Network Troubleshooting

DNS and SMTP. James Walden CIT 485: Advanced Cybersecurity. James WaldenCIT 485: Advanced Cybersecurity DNS and SMTP 1 / 31

Network Protocols - Revision

CS 455/555 Spring 2011 Weigle

ENEE 457: Computer Systems Security 11/07/16. Lecture 18 Computer Networking Basics

( A ) 1. WAP is a (A) protocol (B) hardware (C) software (D) network architecture

Copyleft 2005, Binnur Kurt. Objectives

IPv4 addressing, NAT. Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley.

TCP/IP Overview. Basic Networking Concepts. 09/14/11 Basic TCP/IP Networking 1

Internet Technology. 03r. Application layer protocols: . Paul Krzyzanowski. Rutgers University. Spring 2016

Internet. Organization Addresses TCP/IP Protocol stack Forwarding. 1. Use of a globally unique address space based on Internet Addresses

Computer Networks. More on Standards & Protocols Quality of Service. Week 10. College of Information Science and Engineering Ritsumeikan University

Agenda L2 versus L3 Switching IP Protocol, IP Addressing IP Forwarding ARP and ICMP IP Routing First Hop Redundancy

CSCE 463/612 Networks and Distributed Processing Spring 2018

Fundamentals of Networking. OSI & TCP/IP Model. Kuldeep Sonar 1

interface Question 1. a) Applications nslookup/dig Web Application DNS SMTP HTTP layer SIP Transport layer OSPF ICMP IP Network layer

MTA_98-366_Vindicator930

Ethernet / TCP-IP - Training Suite Application level protocols

Defining Networks with the OSI Model. Module 2

Guide to Networking Essentials, 6 th Edition. Chapter 5: Network Protocols

Computer Engineering II Solution to Exercise Sheet Chapter 4

TCP /IP Fundamentals Mr. Cantu

To make a difference between logical address (IP address), which is used at the network layer, and physical address (MAC address),which is used at

ECE 650 Systems Programming & Engineering. Spring 2018

WWW: the http protocol

App. App. Master Informatique 1 st year 1 st term. ARes/ComNet Applications (6 points) Anonymous ID: stick number HERE

THE OSI MODEL. Application Presentation Session Transport Network Data-Link Physical. OSI Model. Chapter 1 Review.

Lecture 18 Overview. Last Lecture. This Lecture. Next Lecture. Internet Protocol (1) Internet Protocol (2)

Application Level Protocols

Network Security. Thierry Sans

Chapter 2: outline. 2.6 P2P applications 2.7 socket programming with UDP and TCP

Chapter 5 TCP/IP SUITE

Internet Protocol Stack! Principles of Network Applications! Some Network Apps" (and Their Protocols)! Application-Layer Protocols! Our goals:!

Different Layers Lecture 20

Information Network Systems The application layer. Stephan Sigg

Review. Review. Review. How to Send a Message over a Network? LAN LAN. LAN Routing Addressing Reliable Data Transfer Congestion Control LAN

Networking. Layered Model. DoD Model. Application Layer. ISO/OSI Model

IP - The Internet Protocol. Based on the slides of Dr. Jorg Liebeherr, University of Virginia

CIT 380: Securing Computer Systems. Network Security Concepts

ITdumpsFree. Get free valid exam dumps and pass your exam test with confidence

(Chapters 2 3 in Huitema) E7310/Internet basics/comnet 1

Introduction to Network. Topics

Vorlesung Kommunikationsnetze

Module 7 Internet And Internet Protocol Suite

Examination 2D1392 Protocols and Principles of the Internet 2G1305 Internetworking 2G1507 Kommunikationssystem, fk SOLUTIONS

Interconnecting Cisco Networking Devices Part 1 (ICND1) Course Overview

CSC 4900 Computer Networks:

Examination 2D1392 Protocols and Principles of the Internet 2E1605 Internetworking. Date: June 1 st 2007 at 14:00 19:00 SOLUTIONS

TCP/IP Protocol Suite

CN Assignment I. 1. With an example explain how cookies are used in e-commerce application to improve the performance.

Review of Internet Architecture and Protocols

CS61C Machine Structures Lecture 37 Networks. No Machine is an Island!

Chapter 2 Application Layer

Lab 1: Creating Secure Architectures (Revision)

Introduction to computer networking

TSIN02 - Internetworking

COMS3200/7201 Computer Networks 1 (Version 1.0)

Trp. Trp. Master Informatique 1 st year 1 st term. ARes/ComNet Transport layer (7 points) Anonymous ID: stick number HERE

Chapter 2: Application layer

Lecture 17 Overview. Last Lecture. Wide Area Networking (2) This Lecture. Internet Protocol (1) Source: chapters 2.2, 2.3,18.4, 19.1, 9.

The Internet Protocol (IP)

01/17/08 TDC /17/08 TDC363-03

Layered Model. DoD Model. ISO/OSI Model

TCP/IP Networking. Part 4: Network and Transport Layer Protocols

ELEC / COMP 177 Fall Some slides from Kurose and Ross, Computer Networking, 5 th Edition

(ICMP), RFC

Electronic Mail. Three Components: SMTP SMTP. SMTP mail server. 1. User Agents. 2. Mail Servers. 3. SMTP protocol

Lab 2: Creating Secure Architectures

Internet Protocols (chapter 18)

CSE 565 Computer Security Fall 2018

CSE 127: Computer Security Network Security. Kirill Levchenko

Internet Layers. Physical Layer. Application. Application. Transport. Transport. Network. Network. Network. Network. Link. Link. Link.

IPv6: An Introduction

Assignment - 1 Chap. 1 Wired LAN s

Chapter 12 Network Protocols

Operating Systems. 16. Networking. Paul Krzyzanowski. Rutgers University. Spring /6/ Paul Krzyzanowski

Networking By: Vince

Single Network: applications, client and server hosts, switches, access links, trunk links, frames, path. Review of TCP/IP Internetworking

Internetworking Part 2

CPSC 826 Internetworking. The Network Layer: Routing & Addressing Outline. The Network Layer

Network and Security: Introduction

06/02/ Local & Metropolitan Area Networks 0. INTRODUCTION. 1. History and Future of TCP/IP ACOE322

1. Which OSI layers offers reliable, connection-oriented data communication services?

Chapter 7. Local Area Network Communications Protocols

Configuring attack detection and prevention 1

NETWORK PACKET ANALYSIS PROGRAM

Review of Important Networking Concepts

Chapter 09 Network Protocols

Transcription:

Network concepts introduction & wireshark W0RKSH0P @KirilsSolovjovs

Why am I doing this? Many people attending hacker conferences are not in fact experts, but come here to learn and have fun Opportunity to learn something new Those who are experts may well not be experts at networking Widening your area of interest Lack of understanding of basic principles of operation forbids you to fully understand how attacks are carried out impedes your ability to invent novel ideas and techniques

What will we learn about? Network layer models Ethernet, WiFi Layer3: ARP, ICMP, IPv4, IPv6 Layer4: UDP, TCP Routing Application level protocols: DNS, SMTP, FTP, HTTP, Punching holes in firewalls, breaking WPA2 and much more

How is this different? (from other networking courses) We'll be taking the academic approach and talking a lot: about what we see about why stuff happens We'll be taking the hacker approach and start the other way around: with the hands-on Shoot first, ask questions later

Getting to know wireshark

ISO/OSI+DoD model

Encapsulation

Physical layer Specifies the electrical, mechanical, procedural, and functional requirements for activating, maintaining, and deactivating a physical link between end systems.

Data Link Layer Delivers messages to the proper device. Formats the message into data frames and adds a header containing the hardware destination and source address Ethernet = MAC addresses (6 bytes) Consists of two parts: Media Access Control Logical Link Control

Ethernet e.g. Manchester encoding MAC addresses = 6 bytes First 3 bytes = OUI Organizationally Unique Identifier assigned by the IEEE First byte usually xxxxxx00 Last 3 bytes = Vendor assigned

WiFi standards Standard Year Frequency Bandwidth Modulation Speeds 802.11-1997 1997 2.4 GHz 22 MHz DSSS & FHSS 1 2 Mbps 802.11a 1999 5 GHz 20 MHz OFDM 6 54 Mbps 802.11b 1999 2.4 GHz 22 MHz DSSS 1 11 Mbps 802.11g 2003 2.4 GHz 20 MHz OFDM 6 54 Mbps 802.11n 2009 2.4 & 5 GHz 40 MHz MIMO-OFDM 7.2 135 Mbps 802.11ac 2013 5 GHz 160 MHz MIMO-OFDM 7.2 780 Mbps 802.11ad 2012 60 GHz 2.16 GHz OFDM 626 6756.75 Mbps

WiFi security no encryption WEP WPA WPA2 802.1x

Network layer Responsible for addressing and routing between devices that are not locally attached.

ARP Address Resolution Protocol allows to find the hardware address of a host from a known IP address. 10.0.1.254 00:c0:3a:21:11:99

ICMP ICMP is a management protocol and messaging service provider for IP. e.g. Destination unreachable TTL exceeded echo request and echo reply

IP Internet Protocol checks the destination address of each packet, and, using a routing table, decides where a packet is to be sent next, choosing the best path. IP addresses are assigned in a hierarchical system Network part and host part IPv4 vs IPv6 NB! Addresses are by far not the only difference between IPv6 and IPv4.

IPv4 addresses 4 bytes, e.g. 203.0.113.237 Classes: A 1.0.0.0 to 126.255.255.255 B 128.0.0.0 to 191.255.255.255 C 192.0.0.0 to 223.255.255.255 D 224.0.0.0 to 239.255.255.255 multicast E 240.0.0.0 to 254.255.255.255 r&d

IPv4 addresses (cont.) CIDR notation All 1 = all networks/nodes All 0 = this network/host 0.0.0.0 default route 127.0.0.1 loopback 255.255.255.255 all nodes on the current network (broadcast)

Private IPv4 address space 10.0.0.0 to 10.255.255.255 172.16.0.0 to 172.31.255.255 192.168.0.0 to 192.168.255.255 Can be used with NAT Network address translation intended to help limit the effects of IPv4 address exhaustion

IPv6 IPv6 essentially creates a parallel, independent Layer3 network. 340282366920938463463374607431768211456 addresses 2001:14d8:ffa2:0000:0000:0000:0312:7007 2001:14d8:ffa2::312:7007

Transport layer Responsible for the reliable transfer of data, by ensuring that data arrives at its destination error-free and in order. Connection-oriented requires that a connection with specific agreed-upon parameters be established before data is sent. Connectionless requires no connection before data is sent.

User Datagram Protocol Stateless, transaction-oriented "Best effort" transport Notable features include: Minimalist design No control No retransmissions

Fun demo Punching holes in NAT routers via UDP

Transport Control Protocol Stateful, connection-oriented "Reliable" transport Notable features include: 3-way handshake Error detection Ordered transfer Flow control

Three-way handshake

zmap Modular and open-source network scanner specifically designed for Internet-wide scans Scans the whole IPv4 address space in 45 minutes (1Gbps) How does it work?

Routing TTL decreased with every hop Routing decisions taken based on the routing table and route distance Routing types Static routing Default routing Dynamic routing

Static routing Manually setting up routes on each router Does not scale well

Default routing Used to send packets having a destination address in a remote network not in the routing table to the next hop router.

Dynamic routing Dynamically updates routing tables on the router using routing protocols: distance-vector protocols determine the route with the least number of hops to be the best route RIP, IGRP, etc. link state protocols (also called shortest path first) use additional metrics and recreate the topology representation on each router; e.g. they can take congestion into account OSPF, etc.

Application level protocols DNS SMTP FTP HTTP...

DNS overview Domain Name Space NS RR ("resource record") names the nameserver authoritative for delegated subzone "delegated subzone" When a system administrator wants to let another administrator manage a part of a zone, the first administrator's nameserver delegates part of the zone to another nameserver. = resource = zone records associated with name of authority, managed by a name server see also: RFC 1034 4.2: How the database is divided into zones.

(some) DNS record types A / AAAA Address Returns an IP address MX Mail exchange Maps a domain name to a list of message transfer agents NS Name server Delegates a DNS zone to use the given authoritative name servers PTR Pointer Pointer to a canonical name Unlike a CNAME, DNS processing stops and just the name is returned

DNS queries dig @nameserver domain record-type +trace dig PCH.RCP.pe ANY pseudo-record self explanatory dig @ns.example.com example.com AXFR pseudo-record authoritative transfer

SMTP Simple Mail Transfer Protocol @

SMTP protocol 220 mail.example.org ESMTP Sendmail; Fri, 15 Jan 2016 16:27:08 +0000 HELO relay.example.org 250 mail.example.org Hello relay.example.org [192.168.2.3] (may be forged), pleased to meet you MAIL FROM: <alice@example.org> 250 2.1.0 alice@example.org... Sender ok RCPT TO: <bob@example.com> 250 2.1.5 bob@example.com... Recipient ok

SMTP protocol DATA 354 Enter mail, end with "." on a line by itself From: "Alice Alice" <alice@example.com> To: "Bob Bob" <bob@example.org> Date: Fri, 15 Jan 2016 16:27:03 +0000 Subject: Test e-mail Testing..

SMTP protocol 250 2.0.0 vb3dj2cp000123 Message accepted for delivery QUIT 221 2.0.0 mail.example.org closing connection

FTP 220 Hello, this is the Acme FTP server. USER username 331 Password required to access user account username. PASS A6Va2MkOOL 230 Logged in. CWD data 250 "/home/username/data" is new working directory.

FTP PORT 192,168,1,2,7,138 200 PORT command successful. LIST 150 Opening ASCII mode data connection for /bin/ls. 226 Listing completed.

FTP PORT 192,168,1,2,7,139 200 PORT command successful. RETR information.txt 150 Opening ASCII mode data connection for information.txt. 226 Transfer completed. QUIT 221 Goodbye.

HTTP request GET /page HTTP/1.1 Host: example.com User-Agent: Mozilla/5.0 Gecko/20100101 Firefox/50.0 Accept: text/html,application/xhtml+xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip, deflate Cookie: hell=o; data=1001090933 Connection: keep-alive

HTTP response HTTP/1.1 200 OK Date: Thu, 01 Aug 2016 12:02:57 GMT Server: Apache Content-Length: 2667 Keep-Alive: timeout=3, max=20 Connection: Keep-Alive Content-Type: text/html <html>

Encrypted protocols TLS (Transport Layer Security) widely used Allows to add encryption to: telnet ssh http https smtp smtps etc.

Back to wireshark Step-by-step analysis of opening a webpage

That is all folks! For the intro that is. Have a superb Congress and see you around! Visit me at: @KirilsSolovjovs kirils.org

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback