Hands-On Ethical Hacking and Network Defense

Similar documents
ch02 True/False Indicate whether the statement is true or false.

Layer 4: UDP, TCP, and others. based on Chapter 9 of CompTIA Network+ Exam Guide, 4th ed., Mike Meyers

TCP /IP Fundamentals Mr. Cantu

TSIN02 - Internetworking

OSI Transport Layer. objectives

TSIN02 - Internetworking

TSIN02 - Internetworking

CCNA Exploration Network Fundamentals. Chapter 04 OSI Transport Layer

TSIN02 - Internetworking

TCP/IP Transport Layer Protocols, TCP and UDP

CCNA 1 Chapter 7 v5.0 Exam Answers 2013

CCNA R&S: Introduction to Networks. Chapter 7: The Transport Layer

CHAPTER-2 IP CONCEPTS

Transport Layer. <protocol, local-addr,local-port,foreign-addr,foreign-port> ϒ Client uses ephemeral ports /10 Joseph Cordina 2005

TRANSMISSION CONTROL PROTOCOL. ETI 2506 TELECOMMUNICATION SYSTEMS Monday, 7 November 2016

Transport Layer. Gursharan Singh Tatla. Upendra Sharma. 1

network security s642 computer security adam everspaugh

CCNA 1 v3.11 Module 11 TCP/IP Transport and Application Layers

Single Network: applications, client and server hosts, switches, access links, trunk links, frames, path. Review of TCP/IP Internetworking

Interconnecting Networks with TCP/IP

Internet Layers. Physical Layer. Application. Application. Transport. Transport. Network. Network. Network. Network. Link. Link. Link.

Lab - Using Wireshark to Examine TCP and UDP Captures

Introduction to TCP/IP networking

EE 610 Part 2: Encapsulation and network utilities

ECE4110 Internetwork Programming. Introduction and Overview

Lesson 5 TCP/IP suite, TCP and UDP Protocols. Chapter-4 L05: "Internet of Things ", Raj Kamal, Publs.: McGraw-Hill Education

Scanning. Course Learning Outcomes for Unit III. Reading Assignment. Unit Lesson UNIT III STUDY GUIDE

Guide to Networking Essentials, 6 th Edition. Chapter 5: Network Protocols

6. The Transport Layer and protocols

Network+ Guide to Networks 6 th Edition. Chapter 4 Introduction to TCP/IP Protocols

Interconnecting Networks with TCP/IP. 2000, Cisco Systems, Inc. 8-1

Networking Technologies and Applications

Protocol Layers & Wireshark TDTS11:COMPUTER NETWORKS AND INTERNET PROTOCOLS

4.0.1 CHAPTER INTRODUCTION

n Understand EC-Council s scanning methodology n Describe scan types and the objectives of scanning

Introduction to Network. Topics

Review of Important Networking Concepts

Network Security. Kitisak Jirawannakool Electronics Government Agency (public organisation)

Chapter 2 - Part 1. The TCP/IP Protocol: The Language of the Internet

Introduction to Internet. Ass. Prof. J.Y. Tigli University of Nice Sophia Antipolis

TCP/IP Protocol Suite and IP Addressing

User Datagram Protocol

Business Data Networks and Security 10th Edition by Panko Test Bank

ELEC5616 COMPUTER & NETWORK SECURITY

06/02/ Local & Metropolitan Area Networks 0. INTRODUCTION. 1. History and Future of TCP/IP ACOE322

Packet Header Formats

Guide To TCP/IP, Second Edition UDP Header Source Port Number (16 bits) IP HEADER Protocol Field = 17 Destination Port Number (16 bit) 15 16

Lecture-4. TCP/IP-Overview:

Applied Networks & Security

M2-R4: INTERNET TECHNOLOGY AND WEB DESIGN

Unit 2.

UDP and TCP. Introduction. So far we have studied some data link layer protocols such as PPP which are responsible for getting data

NETWORK PROGRAMMING. Instructor: Junaid Tariq, Lecturer, Department of Computer Science

Chapter 2 Advanced TCP/IP

EEC-682/782 Computer Networks I

Fundamentals of Computer Networking AE6382

EITF25 Internet Techniques and Applications L7: Internet. Stefan Höst

Networking and Health Information Exchange: ISO Open System Interconnection (OSI)

Introduction to Networking

TCP/IP Overview. Basic Networking Concepts. 09/14/11 Basic TCP/IP Networking 1

QUIZ: Longest Matching Prefix

Set of IP routers. Set of IP routers. Set of IP routers. Set of IP routers

Lab 1: Packet Sniffing and Wireshark

SE 4C03 Winter Final Examination Answer Key. Instructor: William M. Farmer

Simulation of TCP Layer

ECE 650 Systems Programming & Engineering. Spring 2018

CSCI-GA Operating Systems. Networking. Hubertus Franke

Internet. Organization Addresses TCP/IP Protocol stack Forwarding. 1. Use of a globally unique address space based on Internet Addresses

Lecture 17 Overview. Last Lecture. Wide Area Networking (2) This Lecture. Internet Protocol (1) Source: chapters 2.2, 2.3,18.4, 19.1, 9.

Concept Questions Demonstrate your knowledge of these concepts by answering the following questions in the space provided.

TCP/IP Networking Basics

CCNA Semester 1 labs. Part 2 of 2 Labs for chapters 8 11

E&CE 358: Tutorial 1. Instructor: Sherman (Xuemin) Shen TA: Miao Wang

The Transport Layer. Internet solutions. Nixu Oy PL 21. (Mäkelänkatu 91) Helsinki, Finland. tel fax.

9th Slide Set Computer Networks

6.1 Internet Transport Layer Architecture 6.2 UDP (User Datagram Protocol) 6.3 TCP (Transmission Control Protocol) 6. Transport Layer 6-1

The Internet Protocol (IP)

TCP/IP Networking. Training Details. About Training. About Training. What You'll Learn. Training Time : 9 Hours. Capacity : 12

Sirindhorn International Institute of Technology Thammasat University

The Transport Layer. Part 1

Just enough TCP/IP. Protocol Overview. Connection Types in TCP/IP. Control Mechanisms. Borrowed from my ITS475/575 class the ITL

Significance of TCP/IP Model Divya Shree Assistant Professor (Resource Person), Department of computer science and engineering, UIET, MDU, Rohtak

Transport Layer. The transport layer is responsible for the delivery of a message from one process to another. RSManiaol

Network+ Guide to Networks 5 th Edition. Chapter 4 Introduction to TCP/IP Protocols

Transport Protocols. Raj Jain. Washington University in St. Louis

TCP TCP/IP: TCP. TCP segment. TCP segment. TCP encapsulation. TCP encapsulation 1/25/2012. Network Security Lecture 6

Software Engineering 4C03 Answer Key

AN TOÀN LỚP 4: TCP/IP ATTACKS NGUYEN HONG SON PTITHCM

Introduction to Information Science and Technology 2017 Networking II. Sören Schwertfeger 师泽仁

Chapter 7. Local Area Network Communications Protocols

Defining Networks with the OSI Model. Module 2

MODULE: NETWORKS MODULE CODE: CAN1102C. Duration: 2 Hours 15 Mins. Instructions to Candidates:

LESSON 3 PORTS AND PROTOCOLS

EEC-484/584 Computer Networks. Lecture 16. Wenbing Zhao

ARP, IP, TCP, UDP. CS 166: Introduction to Computer Systems Security 4/7/18 ARP, IP, TCP, UDP 1

Networking and Health Information Exchange Unit 1a ISO Open Systems Interconnection (OSI) Slide 1. Slide 2. Slide 3

K2289: Using advanced tcpdump filters

CS61C Machine Structures Lecture 37 Networks. No Machine is an Island!

Network and Security: Introduction

Introduction to TCP/IP

Transcription:

Hands-On Ethical Hacking and Network Defense Chapter 2 TCP/IP Concepts Review Last modified 1-11-17

Objectives Describe the TCP/IP protocol stack Explain the basic concepts of IP addressing Explain the binary, octal, and hexadecimal numbering system

Overview of TCP/IP Protocol Common language used by computers for speaking Transmission Control Protocol/Internet Protocol (TCP/IP) Most widely used protocol TCP/IP stack Contains four different layers Network Internet Transport Application

The Application Layer Front end to the lower-layer protocols What you can see and touch closest to the user at the keyboard HTTP, FTP, SMTP, SNMP, SSH, IRC and TELNET all operate in the Application Layer

The Transport Layer Encapsulates data into segments Segments can use TCP or UDP to reach a destination host TCP is a connection-oriented protocol TCP three-way handshake Computer A sends a SYN packet Computer B replies with a SYN-ACK packet Computer A replies with an ACK packet

TCP Header Format 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Source Port Destination Port +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Sequence Number +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Acknowledgment Number +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Data U A P R S F Offset Reserved R C S S Y I Window G K H T N N +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Checksum Urgent Pointer +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ Options Padding +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ data +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

TCP Segment Headers Critical components: TCP flags Initial Sequence Number (ISN) Source and destination port Abused by hackers finding vulnerabilities

TCP Flags Each flag occupies one bit Can be set to 0 (off) or 1 (on) Six flags SYN: synchronize flag ACK: acknowledge flag PSH: push flag URG: urgent flag RST: reset flag FIN: finish flag

Initial Sequence Number (ISN) 32-bit number Tracks packets received Enables reassembly of large packets Sent on steps 1 and 2 of the TCP threeway handshake By guessing ISN values, a hacker can hijack a TCP session, gaining access to a server without logging in

TCP Ports Port Logical, not physical, component of a TCP connection Identifies the service that is running Example: HTTP uses port 80 A 16-bit number 65,536 ports Each TCP packet has a source and destination port

Blocking Ports Helps you stop or disable services that are not needed Open ports are an invitation for an attack You can t block all the ports That would stop all networking At a minimum, ports 25 and 80 are usually open on a server, so it can send out Email and Web pages

TCP Ports (continued) Only the first 1023 ports are considered wellknown List of well-known ports Available at the Internet Assigned Numbers Authority (IANA) Web site (www.iana.org) Ports 20 and 21 File Transfer Protocol (FTP) Use for sharing files over the Internet Requires a logon name and password More secure than Trivial File Transfer Protocol (TFTP)

TCP Ports (continued) Port 25 Simple Mail Transfer Protocol (SMTP) E-mail servers listen on this port Port 53 Domain Name Service (DNS) Helps users connect to Web sites using URLs instead of IP addresses

TCP Ports (continued) Port 69 Trivial File Transfer Protocol Used for transferring router configurations Had the "Sorcer's Apprentice Syndrome" Denial-of-Service vulnerability (link Ch2i) (image from luharu.com)

TCP Ports (continued) Port 80 Hypertext Transfer Protocol (HTTP) Used when connecting to a Web server Port 110 Post Office Protocol 3 (POP3) Used for retrieving e-mail Port 119 Network News Transfer Protocol For use with newsgroups

TCP Ports (continued) Port 135 Remote Procedure Call (RPC) Critical for the operation of Microsoft Exchange Server and Active Directory Port 139 NetBIOS Used by Microsoft s NetBIOS Session Service File and printer sharing

TCP Ports (continued) Port 143 Internet Message Access Protocol 4 (IMAP4) Used for retrieving e-mail More features than POP3 19

Demonstration Telnet to hills.ccsf.edu and netstat to see the connections Port 23 (usual Telnet) Port 25 blocked off campus, but 110 connects Port 21 works, but needs a username and password

Demonstration Wireshark Packet Sniffer TCP Handshake: SYN, SYN/ACK, ACK TCP Ports TCP Status Flags

User Datagram Protocol (UDP) Fast but unreliable protocol Operates on transport layer Does not verify that the receiver is listening Higher layers of the TCP/IP stack handle reliability problems Connectionless protocol

The Internet Layer Responsible for routing packets to their destination address Uses a logical address, called an IP address IP addressing Packet delivery is connectionless

Internet Control Message Protocol (ICMP) Operates in the Internet layer of the TCP/IP stack Used to send messages related to network operations Helps in troubleshooting a network Some commands include Ping Traceroute

ICMP Type Codes

Wireshark Capture of a PING 33

Warriors of the Net Network+ Movie Warriorsofthe.net (link Ch 2d)

IP Addressing Consists of four bytes, like 147.144.20.1 Two components Network address Host address Neither portion may be all 1s or all 0s Classes Class A Class B Class C

IP Addressing (continued) Class A First byte is reserved for network address Last three bytes are for host address Supports more than 16 million host computers Limited number of Class A networks Reserved for large corporations and governments (see link Ch 2b) Format: network.node.node.node

IP Addressing (continued) Class B First two bytes are reserved for network address Last two bytes are for host address Supports more than 65,000 host computers Assigned to large corporations and Internet Service Providers (ISPs) Format: network.network.node.node CCSF has 147.144.0.0 147.144.255.255

IP Addressing (continued) Class C First three bytes are reserved for network address Last byte is for host address Supports up to 254 host computers Usually available for small business and home networks Format: network.network.network.node

IP Addressing (continued) Subnetting Each network can be assigned a subnet mask Helps identify the network address bits from the host address bits Class A uses a subnet mask of 255.0.0.0 Also called /8 Class B uses a subnet mask of 255.255.0.0 Also called /16 Class C uses a subnet mask of 255.255.255.0 Also called /24

Planning IP Address Assignments Each network segment must have a unique network address Address cannot contain all 0s or all 1s To access computers on other networks Each computer needs IP address of gateway

Planning IP Address Assignments TCP/IP uses subnet mask to determine if the destination computer is on the same network or a different network If destination is on a different network, it relays packet to gateway Gateway forwards packet to its next destination (routing) Packet eventually reaches destination 42

IPv6 Modern operating systems like Windows 7 use IPv6 in addition to IPv4 IPv6 addresses are much longer: 128 bits instead of the 32 bits used by IPv4

Binary

Binary, Hexadecimal, and Base64 Binary: uses only 0 and 1 Eight bits per byte Hexadecimal: uses 0-9 and a-f 4 bits per character Two characters per byte Base64 6 bits per character 4 characters for 3 bytes

Base 64 Encoding Used to evade anti-spam tools, and to obscure passwords Encodes six bits at a time (0 63) with a single ASCII character A - Z: 0 25 a z: 26 51 1 9: 52 61 + and - 62 and 63 See links Ch 3a, 3b

Base64 Example ORACLE -> T1JBQ0xF Link Ch 3r

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback