wireshark and tcp/ip basics acm sig-security lance pendergrass
TRANSCRIPT
Network Concepts
Protocol - set of rules and procedures agreed upon for communication
Ex: USPS mailing network• Letter contained in envelope• Standard Source/Destination Address Format• Postage Based on Package Weight• Packaging->Addressing->Payment->Sending
Network Packets are like small digital envelopes
Transport Layer Protocols
Transmission Control Protocol• Provides reliable data flow control• Stateful - connection established first• 3-Way Handshake• Sequencing• Checksums• Src/Dest Ports
Transport Layer Protocols
User Datagram Protocol• Stateless connection• No guarantee of delivery• Low overhead• Good for simple query & response, streaming• Used by: DHCP, DNS, streaming, VoIP
Internet Layer Protocols
Internet Protocol (IPv4)• Encapsulates Data Payload• Defines node addressing• Routes packets from source to destination
Address Resolution Protocol (ARP)• Resolves IP address into Ethernet address
Internet Control Message Protocol (ICMP)• Diagnostic and error messaging
Common Application Protocols
• HyperText Transfer Protocol• Domain Name System• File Transfer Protocol• Secure SHell• Simple Mail Transfer Protocol
IP Addresses
Used to identify network and host interfaceIPv4• 32bit address comprised of 4 binary octets• Dec Representation: 172.16.254.1• Subnet Masks
IPv6• 128bit address comprised of 8 16-bit fields• ex: 2001:0db8:0:1234:0:567:8:1
Wireshark
• Open Source Packet Analyzer• Places interface in Promiscuous Mode• Ability to parse most common protocols• Support for filters, graphing, plugins, etc
Traffic can be captured via:Switch Port Mirroring, Arp Cache Poisoning, UTM Router, LAN Tap