NFJS Software Symposium Series 2012 The ACK and NACK of Programming Ken Sipe
About Speaker http://kensipe.blogspot.com/ http://del.icio.us/kensipe twitter: @kensipe ken.sipe@gmail.com Developer: Embedded, C++, Java, Groovy, Grails, C#, Objective C Speaker: JavaOne 2009 Rock Star, NFJS, JAX Microsoft MCP Sun Certified Java 2 Architect Master of Scrums Agile Coach Instructor: VisiBroker CORBA Rational Rose, OOAD
How Well Do You Know Your Computer? 3
The network is the computer -- John Gage 4
Motivations n Understand One Abstraction Lower then where you are n Developer Productivity n Security
192.168.0.1 6
7
Agenda n Understanding the Challenges n OSI n Tools of the trade n WiFi
Networking is Hard n Asynchronous n Bandwidth n Latency n Service Discovery
OSI Model 13
7 Layers n Physical Layer n Data-Link Layer n Network Layer n Transport Layer n Session Layer n Presentation Layer n Application Layer
Layers n Each Layer Has a Header n contains protocol info Has a Body n data Wraps the Previous Layer n The body of a layer is the head + body of the previous layer
Socket TCP IP Ethernet Ports Hardware
Host to Host Point to Point
Physical Layer (Layer 1) n Cables n Physical Connections
== promiscuous mode cloaking
n Hub extends single LAN n Bridge / Layer-2 Switch connects 2 or more LANs together works a data link layer n Router / Layer-3 Switch connects any combination of LANs and WANs works at network layer
{ Data Link Layer (Layer 2) n <inter-office mail> relative to postal system n Media Access Control (MAC) addresses globally unique address 6 bytes xx:xx:xx:xx:xx:xx 90:27:e4:f8:b5:15 27 e4 f8 b5 15 {90 vendor code interface serial number
MAC(s) n Ethernet Header 14 bytes source and destination MAC for this packet n MAC isn t intended to change fingerprint of the network
ARP n Address Resolution Protocol (ARP) associates MAC - IP broadcast n Hey... Who has IP X? n Resolution usually is cached
n arp tools arp n arp -a n arpon -l n arpon -i wlan0 -D n mac spoofing ifconfig wlan0 hw ether 00:80:48:BA:d1:30 n arp poisoning arpspoof n arpspoof -t <router_id> <local_ip> n arpspoof -t <local_ip> <router_id> ettercap -NaC <router_id> <local_ip>
Network Layer (Layer 3) n Internet Protocol (IP) n Protocols ICMP ARP RARP
IP n Internet Protocol (IP) versions: n Form: n IPv4 n IPv6 xx.xx.xx.xx 192.169.0.1 or 10.0.1.1 n Size: 20 bytes
n IPv4 32 bits n private 10.0.0.0-10.255.255.255 172.16.0.0-172.31.255.255 192.168.0.0-192.168.255.255
Datagrams Header
n IPv6 128 bits (16 bytes) n 2001:0db8:3241:0000:0000:9a8f:00c9:952e leading zeros not written consecutive all-zero groups can be replaced with :: n 2001:0db8:3241::9a8f:00c9:952e Reserved n ::1/128 (127.0.0.1 in IPv4)
IP n IP alone does NOT guarantee: connections ensure delivery
DNS n Domain Name System resolve host name to IP address (A) resolve an IP address to host name (PTR) find mail servers for domain (MX) find name servers for domain (NS) find host name for IP (AAAA) alias (CNAME)
IP Tools n ifconfig / ipconfig n whois n ping n dhclient DNS utility n nslookup n dsniff - DNS Spoofing dnsspoof
Where in the IP? n traceroute n netstat -r n zenmap
Transport Layer (Layer 5) n Major Protocols Transmission Control Protocol (TCP) User Datagram Protocol (UDP) n TCP used by: HTTP SMTP FTP
UDP n Less overhead no connection establishment n more effiecient no guaranteed delivery n Data reception from more than one machine n apps weather, time, video, games
TCP n TCP Reliable Bi-Directional n Ensures packets are ordered prior to sending to the next layer TCP Flags sequence numbers
TCP header
TCP TCP Flag Meaning Purpose URG Urgent Important data ACK Acknowledgement Acks a packet PSH Push Do not buffer RST Reset Resets a connection SYN Synchronize Synchronizes the sequence numbers at the beginning of a connection FIN Finish Goodbye
TCP Tools n tcpdump n wireshark n Note: pcap - packet capture n libpcap n WinPcap
Wireshark n find top talkers on the net n recognize the most common connection problems n spot delays between client request n detect network congestion n graph application throughput n identify service response times
Session Layer n Ports 64k possible ports < 1024 privileged ports n Well Known (/etc/services) 22 - ssh 25 - smtp 80 - http 443 - https
Socket n Socket IP Port 192.168.0.1:80
Socket Tools n lsof lsof -i n open connections lsof -i -n n just TCP/UDP lsof -i :8080 n who owns 8080 lsof -u ksipe n what owned by ksipe lsof +p 6565 n what all does pid 6565 own
nmap n nmap -O localhost guess the OS n nmap -T4 -A localhost agressively scan, at a level 4 (O, sc, traceroute)
Session Tools - Proxy
Other useful tools n netcat $ nc -l 3333 $ nc 192.168.0.1 3333 n $ ssh -f -L 23333:127.0.0.1:3333 me@192.168.0.1 sleep 10; nc 127.0.0.1 3333 pv -b > backup.iso ssh with a port forward copy of file through nc port 3333 firewalled, port 22 open for ssh
Wifi 58
WiFi Almost impossible to secure 61
Management Frame n Auth n De-Auth n Association Req n Association Resp n Reassociation Req n Reassociation Resp n Beacon n Probe Request n Probe Resp
WEP Crack n In 2007 3 seconds to crack 104-bit WEP key 1.7GHz Pentium M < 1 min for data capture n Today with GPU fjr8n n CPU in 24 sec w/ 9.8 million guesses/sec n GPU < one sec w/ 3.3 billion guesses/sec fh0gh5h n CPU ~ 4 days n GPU ~ 17 mins 30 secs
Securing your WiFi Access n Business VPN n TorGuard n Tor Project https://www.torproject.org/
Summary n Top Tools WireShark nmap lsof netstat routetrace
Questions Please Fill Out Surveys ken.sipe@gmail.com twitter: @kensipe