![Page 1: © ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 1 Essential TCP/IP Network Protocols and](https://reader035.vdocument.in/reader035/viewer/2022081605/5a4d1add7f8b9ab0599757c3/html5/thumbnails/1.jpg)
© ITT Educational Services, Inc. All rights reserved.
IS3220 Information Technology Infrastructure Security
Unit 1Essential TCP/IP Network Protocols and
Applications
![Page 2: © ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 1 Essential TCP/IP Network Protocols and](https://reader035.vdocument.in/reader035/viewer/2022081605/5a4d1add7f8b9ab0599757c3/html5/thumbnails/2.jpg)
• Name: Williams Obinkyereh MSc. IT, Post Masters Software
Engineering DSC (Doctor of Computer Science)
Student.• Contacts: • Phone: 612-516-9712• Email: [email protected]
![Page 3: © ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 1 Essential TCP/IP Network Protocols and](https://reader035.vdocument.in/reader035/viewer/2022081605/5a4d1add7f8b9ab0599757c3/html5/thumbnails/3.jpg)
Introduction• Class introduction• Introduction of Course Syllabus.
– Course Summary– Lab Infrastructure (Mock)– Course Plan– Evaluation– Academic integrity
• Discussion and questions about syllabus.
![Page 4: © ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 1 Essential TCP/IP Network Protocols and](https://reader035.vdocument.in/reader035/viewer/2022081605/5a4d1add7f8b9ab0599757c3/html5/thumbnails/4.jpg)
© ITT Educational Services, Inc. All rights reserved.Page 4IS3220 Information Technology Infrastructure Security
Learning Objective
Review essential Transmission Control Protocol/Internet Protocol (TCP/IP) behavior and applications used in IP networking
![Page 5: © ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 1 Essential TCP/IP Network Protocols and](https://reader035.vdocument.in/reader035/viewer/2022081605/5a4d1add7f8b9ab0599757c3/html5/thumbnails/5.jpg)
© ITT Educational Services, Inc. All rights reserved.Page 5IS3220 Information Technology Infrastructure Security
Key Concepts TCP/IP protocol analysis using NetWitness
Investigator
Differentiating clear-text from cipher-text
Essential TCP/IP characteristics
IP networking protocol behavior
Network management tools
![Page 6: © ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 1 Essential TCP/IP Network Protocols and](https://reader035.vdocument.in/reader035/viewer/2022081605/5a4d1add7f8b9ab0599757c3/html5/thumbnails/6.jpg)
© ITT Educational Services, Inc. All rights reserved.Page 6IS3220 Information Technology Infrastructure Security
EXPLORE: CONCEPTS
![Page 7: © ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 1 Essential TCP/IP Network Protocols and](https://reader035.vdocument.in/reader035/viewer/2022081605/5a4d1add7f8b9ab0599757c3/html5/thumbnails/7.jpg)
© ITT Educational Services, Inc. All rights reserved.Page 7IS3220 Information Technology Infrastructure Security
TCP/IP Networking and OSI Reference Models7. Application
6. Presentation
5. Session
4. Transport
3. Network
2. Data link
1. Physical
Application
Transport
Internet
Network Interface
![Page 8: © ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 1 Essential TCP/IP Network Protocols and](https://reader035.vdocument.in/reader035/viewer/2022081605/5a4d1add7f8b9ab0599757c3/html5/thumbnails/8.jpg)
© ITT Educational Services, Inc. All rights reserved.Page 8IS3220 Information Technology Infrastructure Security
TCP/IP Protocol Suite
• Domain Name System (DNS), Dynamic Host Configuration Protocol (DHCP), Hypertext Transfer Protocol (HTTP), Tele-network (Telnet), File Transfer Protocol (FTP)
Application
• Transmission Control Protocol (TCP), User Datagram Protocol (UDP)
Transport
• Internet Protocol (IP), IPSec, Internet Control Message Protocol (ICMP), Address Resolution Protocol (ARP), and Internet Group Management Protocol IGMP
Internet
• Serial Line Internet Protocol (SLIP), Purchasing Power Parity (PPP)
Network Interface
![Page 9: © ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 1 Essential TCP/IP Network Protocols and](https://reader035.vdocument.in/reader035/viewer/2022081605/5a4d1add7f8b9ab0599757c3/html5/thumbnails/9.jpg)
© ITT Educational Services, Inc. All rights reserved.Page 9IS3220 Information Technology Infrastructure Security
The Structure of a Packet
![Page 10: © ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 1 Essential TCP/IP Network Protocols and](https://reader035.vdocument.in/reader035/viewer/2022081605/5a4d1add7f8b9ab0599757c3/html5/thumbnails/10.jpg)
© ITT Educational Services, Inc. All rights reserved.Page 10IS3220 Information Technology Infrastructure Security
A Packet Moves Through the Protocol Stack
![Page 11: © ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 1 Essential TCP/IP Network Protocols and](https://reader035.vdocument.in/reader035/viewer/2022081605/5a4d1add7f8b9ab0599757c3/html5/thumbnails/11.jpg)
© ITT Educational Services, Inc. All rights reserved.Page 11IS3220 Information Technology Infrastructure Security
Protocol Analysis Functions of a Protocol Analyzer
Why analyze data packets?• Detect network problems, such as bottlenecks• Detect network intrusions• Check for vulnerabilities• Gather network statistics
What does a protocol analyzer do?• Captures and decodes data packets traveling on a
network• Allows you to read and analyze them
![Page 12: © ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 1 Essential TCP/IP Network Protocols and](https://reader035.vdocument.in/reader035/viewer/2022081605/5a4d1add7f8b9ab0599757c3/html5/thumbnails/12.jpg)
© ITT Educational Services, Inc. All rights reserved.Page 12IS3220 Information Technology Infrastructure Security
NetWitness Investigator Threat analysis software
− Protocol Analyzer
Captures raw packets from wired and wireless interfaces
Analyzes real-time data throughout the seven layers
![Page 13: © ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 1 Essential TCP/IP Network Protocols and](https://reader035.vdocument.in/reader035/viewer/2022081605/5a4d1add7f8b9ab0599757c3/html5/thumbnails/13.jpg)
© ITT Educational Services, Inc. All rights reserved.Page 13IS3220 Information Technology Infrastructure Security
NetWitness Investigator (cont.)
Filters by Media Access Control (MAC) address, IP address, user, and more
Supports Internet Protocol version 4 (IPv4) and Internet Protocol version 6 (IPv6)
Gets daily threat intelligence data from the SANS Internet Storm Center
Freely available
![Page 14: © ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 1 Essential TCP/IP Network Protocols and](https://reader035.vdocument.in/reader035/viewer/2022081605/5a4d1add7f8b9ab0599757c3/html5/thumbnails/14.jpg)
© ITT Educational Services, Inc. All rights reserved.Page 14IS3220 Information Technology Infrastructure Security
Wireshark Network protocol analyzer Captures Ethernet, IEEE 802.11, PPP/HDLC,
ATM, Bluetooth, USB, Token Ring, Frame Relay, FDDI, and other packets
Analyzes real-time and saved data Runs on Windows, Linux, OS X, Solaris,
FreeBSD, NetBSD, and others Supports IPv4 and IPv6 Allows Voice over IP (VoIP) analysis Freely available
![Page 15: © ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 1 Essential TCP/IP Network Protocols and](https://reader035.vdocument.in/reader035/viewer/2022081605/5a4d1add7f8b9ab0599757c3/html5/thumbnails/15.jpg)
© ITT Educational Services, Inc. All rights reserved.Page 15IS3220 Information Technology Infrastructure Security
EXPLORE: PROCESS
![Page 16: © ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 1 Essential TCP/IP Network Protocols and](https://reader035.vdocument.in/reader035/viewer/2022081605/5a4d1add7f8b9ab0599757c3/html5/thumbnails/16.jpg)
© ITT Educational Services, Inc. All rights reserved.Page 16IS3220 Information Technology Infrastructure Security
Packet Capture Using NetWitness Investigator
Start the capture
Verify capture configuration settingsNetwork Adapter, Advanced Capture Settings, and Evidence Handling
Define rules or captureFilters and alerts
Select parsers to use with captureGeolocation IP (GeoIP), Search, FLEXPARSE
![Page 17: © ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 1 Essential TCP/IP Network Protocols and](https://reader035.vdocument.in/reader035/viewer/2022081605/5a4d1add7f8b9ab0599757c3/html5/thumbnails/17.jpg)
© ITT Educational Services, Inc. All rights reserved.Page 17IS3220 Information Technology Infrastructure Security
Trace Analysis Using NetWitness Investigator
Navigation SearchSelect a
collection.
Click Navigation.
Select a report.
Select a group of sessions.
Search for specific content.
Open a collection.
Click the Content Search icon.
Search on keyword or regular
expression.
![Page 18: © ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 1 Essential TCP/IP Network Protocols and](https://reader035.vdocument.in/reader035/viewer/2022081605/5a4d1add7f8b9ab0599757c3/html5/thumbnails/18.jpg)
© ITT Educational Services, Inc. All rights reserved.Page 18IS3220 Information Technology Infrastructure Security
TCP/IP Transaction Sessions Connection-oriented• Sender
- Breaks data into packets- Attaches packet numbers
• Receiver- Acknowledges receipt; lost packets are resent- Reassembles packets in correct order
![Page 19: © ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 1 Essential TCP/IP Network Protocols and](https://reader035.vdocument.in/reader035/viewer/2022081605/5a4d1add7f8b9ab0599757c3/html5/thumbnails/19.jpg)
© ITT Educational Services, Inc. All rights reserved.Page 19IS3220 Information Technology Infrastructure Security
TCP Three-Way Handshake
ServerHost
1 - SYN
2 - SYN/ACK
3 - ACK
Synchronize (SYN)Acknowledge (ACK)
![Page 20: © ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 1 Essential TCP/IP Network Protocols and](https://reader035.vdocument.in/reader035/viewer/2022081605/5a4d1add7f8b9ab0599757c3/html5/thumbnails/20.jpg)
© ITT Educational Services, Inc. All rights reserved.Page 20IS3220 Information Technology Infrastructure Security
TCP Connection Termination
Acknowledge (ACK) Finish (FIN)
ServerHost
1 – ACK/FIN
2 –ACK
4 - ACK
3 –ACK/FIN
![Page 21: © ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 1 Essential TCP/IP Network Protocols and](https://reader035.vdocument.in/reader035/viewer/2022081605/5a4d1add7f8b9ab0599757c3/html5/thumbnails/21.jpg)
© ITT Educational Services, Inc. All rights reserved.Page 21IS3220 Information Technology Infrastructure Security
TCP Connection Reset
ServerHost
1 - SYN
2 –SYN/ACK
3 - RST
Synchronize (SYN)Acknowledge (ACK)Reset (RST)
![Page 22: © ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 1 Essential TCP/IP Network Protocols and](https://reader035.vdocument.in/reader035/viewer/2022081605/5a4d1add7f8b9ab0599757c3/html5/thumbnails/22.jpg)
© ITT Educational Services, Inc. All rights reserved.Page 22IS3220 Information Technology Infrastructure Security
EXPLORE: CONTEXT
![Page 23: © ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 1 Essential TCP/IP Network Protocols and](https://reader035.vdocument.in/reader035/viewer/2022081605/5a4d1add7f8b9ab0599757c3/html5/thumbnails/23.jpg)
© ITT Educational Services, Inc. All rights reserved.Page 23IS3220 Information Technology Infrastructure Security
IPv4 Addressing Assigned to computers for identification on a
network 32-bit address space Internet routing uses numeric IP addresses Dotted decimal notation
• Example: 192.168.0.10 IP addresses in packet headers A packet makes many hops between source and
destination
![Page 24: © ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 1 Essential TCP/IP Network Protocols and](https://reader035.vdocument.in/reader035/viewer/2022081605/5a4d1add7f8b9ab0599757c3/html5/thumbnails/24.jpg)
© ITT Educational Services, Inc. All rights reserved.Page 24IS3220 Information Technology Infrastructure Security
Network Protocol Examination Normal Packet
• Connecting to an FTP server• Port 53 (dns) in UDP• Three-way handshake completes
Packet Showing Evidence of Port Scan• Series of TCP packets, part of three-way handshake• Arrange segments in sequential order by source port• Destination ports also in sequential order• Classic TCP port scan
![Page 25: © ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 1 Essential TCP/IP Network Protocols and](https://reader035.vdocument.in/reader035/viewer/2022081605/5a4d1add7f8b9ab0599757c3/html5/thumbnails/25.jpg)
© ITT Educational Services, Inc. All rights reserved.Page 25IS3220 Information Technology Infrastructure Security
Clear-Text Vs Encrypted Protocols Clear-text Protocols
• Are human readable• FTP, Telnet, Simple Mail Transfer Protocol (SMTP),
HTTP, Post Office Protocol 3 (POP3), Internet Message Access Protocol (IMAPv4), Network Basic Input/Output System (NetBIOS), Simple Network Management Protocol (SNMP)
Encrypted Protocols• Are not human readable• Secure Shell (SSH), SSH File Transfer Protocol
(SFTP), HTTP Secure (HTTPS)
![Page 26: © ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 1 Essential TCP/IP Network Protocols and](https://reader035.vdocument.in/reader035/viewer/2022081605/5a4d1add7f8b9ab0599757c3/html5/thumbnails/26.jpg)
© ITT Educational Services, Inc. All rights reserved.Page 26IS3220 Information Technology Infrastructure Security
Summary TCP/IP protocol analysis using NetWitness
Investigator
Differentiating clear-text from cipher-text
Essential TCP/IP characteristics
IP networking protocol behavior
Network management tools