Layered Networking and Port Scanning

Similar documents
Packet Header Formats

Introduction to TCP/IP networking

Introduction to Internet. Ass. Prof. J.Y. Tigli University of Nice Sophia Antipolis

The Transport Layer. Internet solutions. Nixu Oy PL 21. (Mäkelänkatu 91) Helsinki, Finland. tel fax.

The Transport Layer. Part 1

Internet Layers. Physical Layer. Application. Application. Transport. Transport. Network. Network. Network. Network. Link. Link. Link.

CPSC156a: The Internet Co-Evolution of Technology and Society. Lecture 4: September 16, 2003 Internet Layers and the Web

CSCI-GA Operating Systems. Networking. Hubertus Franke

TCP /IP Fundamentals Mr. Cantu

User Datagram Protocol

Experiment 2: Wireshark as a Network Protocol Analyzer

Network Security. Kitisak Jirawannakool Electronics Government Agency (public organisation)

network security s642 computer security adam everspaugh

K2289: Using advanced tcpdump filters

TCP TCP/IP: TCP. TCP segment. TCP segment. TCP encapsulation. TCP encapsulation 1/25/2012. Network Security Lecture 6

CSC 574 Computer and Network Security. TCP/IP Security

Layer 4: UDP, TCP, and others. based on Chapter 9 of CompTIA Network+ Exam Guide, 4th ed., Mike Meyers

CCNA 1 Chapter 7 v5.0 Exam Answers 2013

CSE/EE 461 Lecture 13 Connections and Fragmentation. TCP Connection Management

tcp6 v1.2 manual pages

SE 4C03 Winter Final Examination Answer Key. Instructor: William M. Farmer

Application Note 11. Main mode IPSec between a Windows 2000 / XP (responder) and a Digi Transport Router (initiator)

QUIZ: Longest Matching Prefix

ECE4110 Internetwork Programming. Introduction and Overview

Hands-On Ethical Hacking and Network Defense

CSCI-1680 Network Layer: IP & Forwarding Rodrigo Fonseca

Just enough TCP/IP. Protocol Overview. Connection Types in TCP/IP. Control Mechanisms. Borrowed from my ITS475/575 class the ITL

ICS 351: Networking Protocols

Linux Firewalls. Frank Kuse, AfNOG / 30

Scanning. Scanning. Goals Useful Tools. The Basics NMAP. Scanning 1 / 34

Paper solution Subject: Computer Networks (TE Computer pattern) Marks : 30 Date: 5/2/2015

Introduction to Internetworking

TCP : Fundamentals of Computer Networks Bill Nace

IPv4. Christian Grothoff.

Dan Lo Department of Computer Science and Software Engineering Southern Polytechnic State University

Stateless Firewall Implementation

! ' ,-. +) +))+, /+*, 2 01/)*,, 01/)*, + 01/+*, ) 054 +) +++++))+, ) 05,-. /,*+), 01/-*+) + 01/.*+)

Single Network: applications, client and server hosts, switches, access links, trunk links, frames, path. Review of TCP/IP Internetworking

Lab - Using Wireshark to Examine TCP and UDP Captures

Guide to Networking Essentials, 6 th Edition. Chapter 5: Network Protocols

Protocol Layers & Wireshark TDTS11:COMPUTER NETWORKS AND INTERNET PROTOCOLS

ELEC5616 COMPUTER & NETWORK SECURITY

Muhammad Farooq-i-Azam CHASE-2006 Lahore

Multiple unconnected networks

Computer Networks/DV2 Lab

Configuring attack detection and prevention 1

CIT 480: Securing Computer Systems

Reliable Transport I: Concepts and TCP Protocol

Assignment 2 TCP/IP Vulnerabilities

E : Internet Routing

Fundamentals of Computer Networking AE6382

The Internetworking Problem. Internetworking. A Translation-based Solution

precise rules that govern communication between two parties TCP/IP: the basic Internet protocols IP: Internet protocol (bottom level)

Computer Network Vulnerabilities

IP : Internet Protocol

Network Security: Firewalls. Tuomas Aura T Network security Aalto University, Nov-Dec 2013

Outline. What is TCP protocol? How the TCP Protocol Works SYN Flooding Attack TCP Reset Attack TCP Session Hijacking Attack

Instituto Superior Técnico, Universidade de Lisboa Network and Computer Security. Lab guide: Traffic analysis and TCP/IP Vulnerabilities

A quick theorical introduction to network scanning. 23rd November 2005

INF5290 Ethical Hacking. Lecture 3: Network reconnaissance, port scanning. Universitetet i Oslo Laszlo Erdödi

Lesson 5 TCP/IP suite, TCP and UDP Protocols. Chapter-4 L05: "Internet of Things ", Raj Kamal, Publs.: McGraw-Hill Education

Network Security. Thierry Sans

EEC-682/782 Computer Networks I

Internet Protocol and Transmission Control Protocol


CIS 551 / TCOM 401 Computer and Network Security. Spring 2007 Lecture 8

UDP and TCP. Introduction. So far we have studied some data link layer protocols such as PPP which are responsible for getting data

Network and Security: Introduction

Ref: A. Leon Garcia and I. Widjaja, Communication Networks, 2 nd Ed. McGraw Hill, 2006 Latest update of this lecture was on

Sirindhorn International Institute of Technology Thammasat University

How to Configure a Remote Management Tunnel for an F-Series Firewall

CYBER ATTACKS EXPLAINED: PACKET SPOOFING

TCP Strategies. Keepalive Timer. implementations do not have it as it is occasionally regarded as controversial. between source and destination

Sequence Number. Acknowledgment Number. Checksum. Urgent Pointer plus Sequence Number indicates end of some URGENT data in the packet

Concept Questions Demonstrate your knowledge of these concepts by answering the following questions in the space that is provided.

CS457 Transport Protocols. CS 457 Fall 2014

Scanning. Course Learning Outcomes for Unit III. Reading Assignment. Unit Lesson UNIT III STUDY GUIDE

Computer Networks A Simple Network Analyzer PART A undergraduates and graduates PART B graduate students only

ch02 True/False Indicate whether the statement is true or false.

CCNA R&S: Introduction to Networks. Chapter 7: The Transport Layer

Host Identity Sources

Firewalls N E T W O R K ( A N D D ATA ) S E C U R I T Y / P E D R O B R A N D Ã O M A N U E L E D U A R D O C O R R E I A

IP - The Internet Protocol. Based on the slides of Dr. Jorg Liebeherr, University of Virginia

Configuring attack detection and prevention 1

Chapter 2 - Part 1. The TCP/IP Protocol: The Language of the Internet

Interconnecting Networks with TCP/IP

CSCI-1680 Network Layer: IP & Forwarding Rodrigo Fonseca

Prof. Bill Buchanan Room: C.63

CHAPTER-2 IP CONCEPTS

Linux Networking: tcp. TCP context and interfaces

Computer Networks (Introduction to TCP/IP Protocols)

Internet Protocol. Outline Introduction to Internet Protocol Header and address formats ICMP Tools CS 640 1

Applied Networks & Security

CSc 466/566. Computer Security. 18 : Network Security Introduction

Sequence Number. Acknowledgment Number. Data

CSE/EE 461 The Network Layer. Application Presentation Session Transport Network Data Link Physical

CS61C Machine Structures Lecture 37 Networks. No Machine is an Island!

Supporting Protocols and Technologies in TCP/IP Suites

Network Control, Con t

ACL Rule Configuration on the WAP371

Transcription:

Layered Networking and Port Scanning David Malone 22nd June 2004 1

IP Header IP a way to phrase information so it gets from one computer to another. IPv4 Header: Version Head Len ToS Total Length 4 bit 4 bit 8 bit 16 bit ID Flags Frag Offset 16 bit 3 bit 13 bit Time to Live Protocol Header Checksum 8 bit 8 bit 16 bit Source Address 32 bit Destination Address 32 bit Options variable 2

An actual packet 4510 003c (version, len, ToS, tot len) 3fac 4000 (ID, flags, frag offset) 4006 e3f1 (TTL, protocol, hdr sum) 0a00 030a (src IP) 0a00 0005 (dst IP) cb44 0017 ca13 4473 0000 0000 a002 ffff 1212 0000 0204 05b4 0103 0300 0101 080a 3510 12f5 Hard for people to read, easy for computer. IP TCP SYN 10.0.3.10 port 52036 to 10.0.0.5 port 23. 3

IP over??? IP says what the data is, and where it is to go. IP does not say how it gets there. Many other technologies may be used. Eg: Ethernet. Modem (PPP). ATM. More headers must be added (and removed) as the IP packet moves from network to network. IP part stays the same, but other headers come and go. 4

IP over Ethernet Ethernet is much simpler than IP and can only deliver packets to machines on the same LAN. An Ethernet header looks like: ethernet dst, ethernet src, packet type For example: 00:30:65:03:d9:72, 00:08:74:ba:39:f2, IP This is the ethernet header of a packet from my laptop to the local router. This header would be followed by the IP header and then any data. 5

Packets within Packets The idea of putting packets in packets is called encapsulation. It gives us a layered view of networking. Layer Name Description Example 1 Physical Physical operation of the medium Ethernet over UTP 2 Data Link Management of interface Ethernet (upper level) 3 Network How subnets interoperate IP 4 Transport Packetisation, retransmission,... TCP There is a standard 7 layer model, but these 4 layers are enough for now. 6

Problems with packets Packets may not make it to their destination: Lost because network is overloaded. Damaged by faulty hardware, stretched fiber, radio noise, Dropped because of firewalls, misrouting, rebooting, Sometimes even duplicated! It may be that you want to retransmit, it may be that you want to resend packet to someone else, you may want to send a different packet. Layer 4 helps programs make these choices. 7

Layer 4 protocols TCP The most popular IP protocol. Sends data to the other end and makes sure it gets their safely, in the right order UDP If data gets to the far end, it is probably the data you sent. Makes no effort to ensure data gets there. ICMP Used by IP itself for testing and diagnostics. Ping lives here. Each of TCP, UDP and ICMP have their own headers that go after the IP header! 8

More about TCP TCP is more complicated than UDP, IP or Ethernet. It begins with each side SYNchronising, so they know what data to expect. As data is sent it is ACKnowledged, so TCP knows when to retransmit lost packets. TCP is careful not to send data too fast. When the data is transfered the connection is FINished. Unexpected connections are ReSeT. SYN, SYN ACK, ACK, Data is transfered and ACKed, FIN, FIN. 9

Ports On any one computer multiple programs might want to use TCP and UDP at the same time. For this reason TCP and UDP headers include another address, called a port, which identifies which program you want to talk to. Since there is a program at both ends of the network connection, there is a source and destination ports. Ports are actually numbers between 0 and 65565. 10

Some port numbers identify standard programs (25 = mail server, 80 = web server). Others are just used while a connection is in progress to identify the program making the connection (usually high numbers). Official list at http://www.iana.org/assignments/port-numbers Note, there is nothing to stop someone having a program listen on a strange port. If you want to you can run your mail server on port 12345. 11

Encapsulation/Layering [ether dst] 00306503d972 [ether src] 000874ba39f2 [type=ip] 0800 (version, len, ToS, tot len, ID) 4510 003c 3fac (flags, frag off, TTL, proto, hdr sum) 4000 4006 e3f1 (src IP, dst IP) 0a00 030a 0a00 0005 {src port, dst port} cb44 0017 {sequence number/ack number} ca13 4473 0000 0000 {hdr len, flags=syn} a002 {win, csum, urgent} ffff 1212 0000 {tcp options} 0204 05b4 0103... 12

Port Scanning Port scanning is the equivalent of phoning extension numbers to see if you get an engaged/ringing/out-of-service tone of if you get a person or an answerphone. With port scanning you send a packet and see what response you get (might be SYN-ACK, might be RST, might be an ICMP message, might be no response at all). 13

More about port scanning Port scanning can have a few aims. Network administrators may use it to find what services are running in their networks. (Especially useful if a vulnerability in a program is discovered.) It can be targeted at a single computer to find all the services it is running. Alternatively it might be targeted at a single service to identify computers running this service. (The latter is very common.) 14

Example port scan Nmap, network mapping tool http://www.insecure.org/nmap/ 17:36:lanczos 3# nmap temp1 Starting nmap 3.50 ( http://www.insecure.org/nmap/ ) at 2004-06-20 17:37 BST Interesting ports on temp1.maths.tcd.ie (134.226.81.110): (The 1653 ports scanned but not shown below are in state: closed) PORT STATE SERVICE 7/tcp open echo 9/tcp open discard 22/tcp open ssh 111/tcp open rpcbind 113/tcp open auth 450/tcp open tserver Nmap run completed -- 1 IP address (1 host up) scanned in 9.584 seconds 15

Banner Collection Some programs identify themselves when you connect. 17:35:scooter 11% telnet kac.cnri.dit.ie 25 Trying 147.252.67.9... Connected to kac.cnri.dit.ie. Escape character is ^]. 220 kac.cnri.dit.ie ESMTP Sendmail 8.12.10/8.12.9; Sun, 20 Jun 2004 17:38:55 +0100 (IST) 17:39:scooter 13% telnet kac.cnri.dit.ie 80 Trying 147.252.67.9... Connected to kac.cnri.dit.ie. Escape character is ^]. GET / HTTP/1.0 HTTP/1.1 200 OK Date: Sun, 20 Jun 2004 16:39:54 GMT Server: Apache/2.0.43 (Unix) DAV/2 16

Port tricks Other clever tricks: Firewalls can filter packets based on port numbers and other header information. If you send packets with fake source IP addresses, you may be able to hide where your port scan comes from. Other machines can be tricked into port scanning for you, if you fake your source address. 17

Different operating systems respond to unusual packets in different ways. This allows you to fingerprint the OS running on a machine. Sometimes viruses and Trojan programs use unusual packets as a control mechanism. Packet sniffers can collect packets to check if they contain unencrypted passwords. All traffic from one network to another can be encrypted by adding an extra header to say the packet has been encrypted. This is one way to make a VPN (virtual private network). 18

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback