0% found this document useful (0 votes)
155 views55 pages

Hands-On Ethical Hacking and Network Defense: TCP/IP Concepts Review

The document provides an overview of TCP/IP concepts including the four layers of the TCP/IP stack (application, transport, internet, network), TCP and UDP protocols, IP addressing, and TCP and UDP ports. Key points covered include the TCP three-way handshake, TCP and UDP port numbers, ICMP, ping commands, IP address classes and subnet masking.
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
155 views55 pages

Hands-On Ethical Hacking and Network Defense: TCP/IP Concepts Review

The document provides an overview of TCP/IP concepts including the four layers of the TCP/IP stack (application, transport, internet, network), TCP and UDP protocols, IP addressing, and TCP and UDP ports. Key points covered include the TCP three-way handshake, TCP and UDP port numbers, ICMP, ping commands, IP address classes and subnet masking.
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 55

Hands-On Ethical

Hacking and Network


Defense
Chapter 2
TCP/IP Concepts Review
Objectives
 Describe the TCP/IP protocol stack
 Explain the basic concepts of IP
addressing
 Explain the binary, octal, and hexadecimal
numbering system

2
Overview of TCP/IP
 Protocol
 Common language used by computers for
speaking
 Transmission Control Protocol/Internet
Protocol (TCP/IP)
 Most widely used protocol
 TCP/IP stack
 Contains four different layers
 Network
 Internet
 Transport
 Application
3
4
The Application Layer
 Front end to the lower-layer protocols
 What you can see and touch – closest to
the user at the keyboard
 HTTP, FTP, SMTP, SNMP, SSH, IRC and
TELNET all operate in the Application
Layer

5
6
The Transport Layer
 Encapsulates data into segments
 Segments can use TCP or UDP to reach a
destination host
 TCP is a connection-oriented protocol
 TCP three-way handshake
 Computer A sends a SYN packet
 Computer B replies with a SYN-ACK packet

 Computer A replies with an ACK packet

7
TCP Header Format
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Source Port | Destination Port |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Sequence Number |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Acknowledgment Number |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Data | |U|A|P|R|S|F| |
| Offset| Reserved |R|C|S|S|Y|I| Window |
| | |G|K|H|T|N|N| |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Checksum | Urgent Pointer |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Options | Padding |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| data |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ 8
TCP Segment Headers
 Critical components:
 TCP flags
 Initial Sequence Number (ISN)

 Source and destination port

 Abused by hackers finding vulnerabilities

9
TCP Flags
 Each flag occupies one bit
 Can be set to 0 (off) or 1 (on)
 Six flags
 SYN: synchronize, (not synthesis) flag
 ACK: acknowledge flag
 PSH: push flag
 URG: urgent flag
 RST: reset flag
 FIN: finish flag
 Error in textbook on page 22: SYNchronize, not
SYNthesis (link Ch 2a, RFC 793) 10
Initial Sequence Number (ISN)
 32-bit number
 Tracks packets received
 Enables reassembly of large packets
 Sent on steps 1 and 2 of the TCP three-
way handshake
 By guessing ISN values, a hacker can hijack a
TCP session, gaining access to a server
without logging in

11
TCP Ports
 Port
 Logical, not physical, component of a TCP
connection
 Identifies the service that is running
 Example: HTTP uses port 80

 A 16-bit number – 65,536 ports


 Each TCP packet has a source and
destination port

12
Blocking Ports
 Helps you stop or disable services that are
not needed
 Open ports are an invitation for an attack
 You can’t block all the ports
 That would stop all networking
 At a minimum, ports 25 and 80 are usually
open on a server, so it can send out Email
and Web pages

13
TCP Ports (continued)
 Only the first 1023 ports are considered
well-known
 List of well-known ports
 Available at the Internet Assigned Numbers
Authority (IANA) Web site (www.iana.org)
 Ports 20 and 21
 File Transfer Protocol (FTP)
 Use for sharing files over the Internet
 Requires a logon name and password
 More secure than Trivial File Transfer
Protocol (TFTP) 14
15
TCP Ports (continued)
 Port 25
 Simple Mail Transfer Protocol (SMTP)
 E-mail servers listen on this port

 Port 53
 Domain Name Service (DNS)
 Helps users connect to Web sites using URLs
instead of IP addresses
 Port 69
 Trivial File Transfer Protocol
 Used for transferring router configurations
16
TCP Ports (continued)
 Port 80
 Hypertext Transfer Protocol (HTTP)
 Used when connecting to a Web server

 Port 110
 Post Office Protocol 3 (POP3)
 Used for retrieving e-mail

 Port 119
 Network News Transfer Protocol
 For use with newsgroups

17
TCP Ports (continued)
 Port 135
 Remote Procedure Call (RPC)
 Critical for the operation of Microsoft
Exchange Server and Active Directory
 Port 139
 NetBIOS
 Used by Microsoft’s NetBIOS Session Service
 File and printer sharing

18
TCP Ports (continued)
 Port 143
 Internet Message Access Protocol 4 (IMAP4)
 Used for retrieving e-mail

 More features than POP3

19
Demonstration
 Telnet to hills.ccsf.edu and netstat to see
the connections
 Port 23 (usual Telnet)
 Port 25 blocked off campus, but 110 connects
 Port 21 works, but needs a username and
password
Demonstration
 Wireshark Packet Sniffer
 TCP Handshake: SYN, SYN/ACK, ACK
 TCP
Ports
 TCP
Status
Flags
User Datagram Protocol
(UDP)
 Fast but unreliable protocol
 Operates on transport layer
 Does not need to verify whether the
receiver is listening
 Higher layers of the TCP/IP stack handle
reliability problems
 Connectionless protocol

22
The Internet Layer
 Responsible for routing packets to their
destination address
 Uses a logical address, called an IP
address
 IP addressing packet delivery is
connectionless

23
Internet Control Message
Protocol (ICMP)
 Operates in the Internet layer of the
TCP/IP stack
 Used to send messages related to network
operations
 Helps in troubleshooting a network
 Some commands include
 Ping
 Traceroute
ICMP Type Codes

25
Wireshark Capture of a PING

26
Warriors of the Net
 Network+ Movie
 Warriorsofthe.net (link Ch 2d)
IP Addressing
 Consists of four bytes, like 147.144.20.1
 Two components
 Network address
 Host address
 Neither portion may be all 1s or all 0s
 Classes
 Class A
 Class B
 Class C

28
29
IP Addressing (continued)
 Class A
 First byte is reserved for network address
 Last three bytes are for host address

 Supports more than 16 million host computers

 Limited number of Class A networks

 Reserved for large corporations and


governments (see link Ch 2b)
 Format: network.node.node.node

30
IP Addressing (continued)
 Class B
 First two bytes are reserved for network
address
 Last two bytes are for host address

 Supports more than 65,000 host computers

 Assigned to large corporations and Internet


Service Providers (ISPs)
 Format: network.network.node.node
 CCSF has 147.144.0.0 – 147.144.255.255

31
IP Addressing (continued)
 Class C
 First three bytes are reserved for network
address
 Last byte is for host address

 Supports up to 254 host computers

 Usually available for small business and home


networks
 Format: network.network.network.node

32
IP Addressing (continued)
 Subnetting
 Each network can be assigned a subnet mask
 Helps identify the network address bits from the host
address bits
 Class A uses a subnet mask of 255.0.0.0
 Also called /8
 Class B uses a subnet mask of 255.255.0.0
 Also called /16
 Class C uses a subnet mask of 255.255.255.0
 Also called /24
33
Planning IP Address
Assignments
 Each network segment must have a
unique network address
 Address cannot contain all 0s or all 1s
 To access computers on other networks
 Each computer needs IP address of gateway

34
Planning IP Address
Assignments
 TCP/IP uses subnet mask to determine if
the destination computer is on the same
network or a different network
 If destination is on a different network, it
relays packet to gateway
 Gateway forwards packet to its next
destination (routing)
 Packet eventually reaches destination

35
In-Class Exercises

These aren’t in the handout, but you


can practice them by doing project X1
for extra credit.
Good Network To the Internet

IP Address
Subnet Mask
Default Gateway

192.168.1.1
Hub
255.255.255.0
147.144.51.1

192.168.1.101 192.168.1.102 192.168.1.103


255.255.255.0 255.255.255.0 255.255.255.0
192.168.1.1 192.168.1.1 192.168.1.1
Duplicate IP Address To the Internet

IP Address
Subnet Mask
Default Gateway

192.168.1.1
Hub
255.255.255.0
147.144.51.1

192.168.1.101 192.168.1.101 192.168.1.103


255.255.255.0 255.255.255.0 255.255.255.0
192.168.1.1 192.168.1.1 192.168.1.1
IP Address To the Internet

Outside IP Address
Subnet Subnet Mask
Default Gateway

192.168.1.1
Hub
255.255.255.0
147.144.51.1

192.168.1.101 192.168.2.102 192.168.1.103


255.255.255.0 255.255.255.0 255.255.255.0
192.168.1.1 192.168.1.1 192.168.1.1
Wrong Subnet To the Internet
Mask
IP Address
Subnet Mask
Default Gateway

192.168.1.1
Hub
255.255.255.0
147.144.51.1

192.168.1.101 192.168.1.102 192.168.1.103


255.255.255.0 255.255.0.0 255.255.255.0
192.168.1.1 192.168.1.1 192.168.1.1
Wrong Default To the Internet
Gateway
IP Address
Subnet Mask
Default Gateway

192.168.1.1
Hub
255.255.255.0
147.144.51.1

192.168.1.101 192.168.1.102 192.168.1.103


255.255.255.0 255.255.255.0 255.255.255.0
192.168.1.1 192.168.1.101 192.168.1.1
Find the Problem #1 To the Internet

IP Address
Subnet Mask
Default Gateway

192.168.2.1
Hub
255.255.255.0
147.144.51.1

192.168.2.101 192.168.2.102 192.169.2.103


255.255.255.0 255.255.255.0 255.255.255.0
192.168.2.1 192.168.2.1 192.168.2.1
Find the Problem #2 To the Internet

IP Address
Subnet Mask
Default Gateway

192.168.1.1
Hub
255.255.255.0
147.144.51.1

192.168.1.101 192.168.1.102 192.168.1.103


255.255.255.255 255.255.255.0 255.255.255.0
192.168.1.1 192.168.1.1 192.168.1.1
Find the Problem #3 To the Internet

IP Address
Subnet Mask
Default Gateway

192.168.2.1
Hub
255.255.255.0
147.144.51.1

192.168.2.101 192.168.2.102 192.168.2.102


255.255.255.0 255.255.255.0 255.255.255.0
192.168.2.1 192.168.2.1 192.168.2.1
Find the Problem #4 To the Internet

IP Address
Subnet Mask
Default Gateway

192.168.0.1
Hub
255.255.255.0
147.144.51.1

192.168.0.101 192.168.0.102 192.168.0.103


255.255.255.0 255.255.255.0 255.255.255.0
192.168.2.1 192.168.0.1 192.168.0.1
Find the Problem #5 To the Internet

IP Address
Subnet Mask
Default Gateway

192.168.1.4
Hub
255.255.255.0
147.144.51.1

192.168.1.101 192.168.1.102 192.168.1.103


255.255.255.0 255.255.255.0 255.255.255.0
192.168.1.1 192.168.1.1 192.168.1.1
Answers

 #1: IP address out of subnet on rightmost machine


 #2: Bad subnet mask on leftmost machine
 #3: Duplicate IP address on rightmost machine
 #4: Bad default gateway on leftmost machine
 #5: All the default gateways are wrong (or the top
machine’s IP address is wrong)
Overview of Numbering
Systems
 Binary
 Octal
 Hexadecimal

48
Reviewing the Binary
Numbering System
 Uses the number 2 as its base
 Binary digits (bits): 0 and 1
 Byte
 Group of 8 bits
 Can represent 28 = 256 different values

49
UNIX and Linux Permissions
 UNIX and Linux File permissions are
represented with bits
 0 means removing the permission
 1 means granting the permission

 111 (rwx) means all permissions apply


Examples of Determining
Binary Values
 Each position represents a power of 2
value
 Usually the bit on the right is the less
significant bit
 Converting 1011 to decimal
 1 x 20 = 1
 1 x 21 = 2

 0 x 22 = 0

 1 x 23 = 8
 1 + 2 + 8 = 11 (decimal value) 51
Understanding Nibbles
 Half a byte or four bits
 Helps with reading the number by
separating the byte
 1111 1010
 Components
 High-order nibble (left side)
 Low-order nibble (right side)

52
Understanding Nibbles
(continued)
 Converting 1010 1010 to decimal
 Low-order nibble
 1010 = 10 (base 10)
 Multiply high-order nibble by 16
 1010 = 10 x 16 = 160 (base 10)
 160 + 10 = 170 (base 10)

53
Reviewing the Octal
Numbering System
 Uses 8 as its base
 Supports digits from 0 to 7
 Octal digits can be represented with three
bits
 Permissions on UNIX
 Owner permissions (rwx)
 Group permissions (rwx)

 Other permissions (rwx)

 Example: 111 101 001


 Octal representation 751 54
Reviewing the Hexadecimal
Numbering System
 Uses 16 as its base
 Support numbers from 0 to 15
 Hex number consists of two characters
 Each character represents a nibble
 Value contains alphabetic letters (A … F)
 A representing 10 and F representing 15
 Sometimes expressed with “0x” in front
 If you want more about binary, see Link
Ch 2c
55

You might also like