Presentation is loading. Please wait.

Presentation is loading. Please wait.

Hands-On Ethical Hacking and Network Defense

Published byBetty Poole Modified over 8 years ago

Similar presentations

Presentation on theme: "Hands-On Ethical Hacking and Network Defense"— Presentation transcript:

1 Hands-On Ethical Hacking and Network Defense
Chapter 2 TCP/IP Concepts Review Last modified

2 Objectives Describe the TCP/IP protocol stack
Explain the basic concepts of IP addressing Explain the binary, octal, and hexadecimal numbering system

3 Overview of TCP/IP Protocol
Common language used by computers for speaking Transmission Control Protocol/Internet Protocol (TCP/IP) Most widely used protocol TCP/IP stack Contains four different layers Network Internet Transport Application

4

5 The Application Layer Front end to the lower-layer protocols
What you can see and touch – closest to the user at the keyboard HTTP, FTP, SMTP, SNMP, SSH, IRC and TELNET all operate in the Application Layer

6

7 The Transport Layer Encapsulates data into segments
Segments can use TCP or UDP to reach a destination host TCP is a connection-oriented protocol TCP three-way handshake Computer A sends a SYN packet Computer B replies with a SYN-ACK packet Computer A replies with an ACK packet

8 TCP Header Format | Source Port | Destination Port | | Sequence Number | | Acknowledgment Number | | Data | |U|A|P|R|S|F| | | Offset| Reserved |R|C|S|S|Y|I| Window | | | |G|K|H|T|N|N| | | Checksum | Urgent Pointer | | Options | Padding | | data |

9 TCP Segment Headers Critical components:
TCP flags Initial Sequence Number (ISN) Source and destination port Abused by hackers finding vulnerabilities

10 TCP Flags Each flag occupies one bit Can be set to 0 (off) or 1 (on)
Six flags SYN: synchronize flag ACK: acknowledge flag PSH: push flag URG: urgent flag RST: reset flag FIN: finish flag

11 Initial Sequence Number (ISN)
32-bit number Tracks packets received Enables reassembly of large packets Sent on steps 1 and 2 of the TCP three-way handshake By guessing ISN values, a hacker can hijack a TCP session, gaining access to a server without logging in

12 TCP Ports Port A 16-bit number – 65,536 ports
Logical, not physical, component of a TCP connection Identifies the service that is running Example: HTTP uses port 80 A 16-bit number – 65,536 ports Each TCP packet has a source and destination port

13 Blocking Ports Helps you stop or disable services that are not needed
Open ports are an invitation for an attack You can’t block all the ports That would stop all networking At a minimum, ports 25 and 80 are usually open on a server, so it can send out and Web pages

14 TCP Ports (continued) Only the first 1023 ports are considered well-known List of well-known ports Available at the Internet Assigned Numbers Authority (IANA) Web site ( Ports 20 and 21 File Transfer Protocol (FTP) Use for sharing files over the Internet Requires a logon name and password More secure than Trivial File Transfer Protocol (TFTP)

15

16 TCP Ports (continued) Port 25 Port 53 Port 69
Simple Mail Transfer Protocol (SMTP) servers listen on this port Port 53 Domain Name Service (DNS) Helps users connect to Web sites using URLs instead of IP addresses Port 69 Trivial File Transfer Protocol Used for transferring router configurations

17 TCP Ports (continued) Port 80 Port 110 Port 119
Hypertext Transfer Protocol (HTTP) Used when connecting to a Web server Port 110 Post Office Protocol 3 (POP3) Used for retrieving Port 119 Network News Transfer Protocol For use with newsgroups

18 TCP Ports (continued) Port 135 Port 139 Remote Procedure Call (RPC)
Critical for the operation of Microsoft Exchange Server and Active Directory Port 139 NetBIOS Used by Microsoft’s NetBIOS Session Service File and printer sharing

19 TCP Ports (continued) Port 143
Internet Message Access Protocol 4 (IMAP4) Used for retrieving More features than POP3 19 19

20 Demonstration Telnet to hills.ccsf.edu and netstat to see the connections Port 23 (usual Telnet) Port 25 blocked off campus, but 110 connects Port 21 works, but needs a username and password

21 Demonstration Wireshark Packet Sniffer
TCP Handshake: SYN, SYN/ACK, ACK TCP Ports TCP Status Flags

22 iClicker Questions

23 What TCP/IP layer does HTTP operate in?
Application Transport Internet Network All Layers

24 What TCP/IP layer does IP operate in?
Application Transport Internet Network All Layers

25 How many TCP Ports are there?
256 1,024 65,536 16,777,216 Unlimited

26 What port does SMTP use? TCP 80 UDP 25 TCP 25 UDP 69 None of the above

27 What port does TFTP use? TCP 80 UDP 53 TCP 53 UDP 69 None of the above

28 A browser is opening the Web page www. ccsf. edu
A browser is opening the Web page What TCP flag bits are set on the first packet it sends to the CCSF Web server? ACK SYN SYN/ACK PSH None of the above

29 User Datagram Protocol (UDP)
Fast but unreliable protocol Operates on transport layer Does not need to verify whether the receiver is listening Higher layers of the TCP/IP stack handle reliability problems Connectionless protocol

30 The Internet Layer Responsible for routing packets to their destination address Uses a logical address, called an IP address IP addressing packet delivery is connectionless

31 Internet Control Message Protocol (ICMP)
Operates in the Internet layer of the TCP/IP stack Used to send messages related to network operations Helps in troubleshooting a network Some commands include Ping Traceroute

32 ICMP Type Codes

33 Wireshark Capture of a PING
33 33

34 Warriors of the Net Network+ Movie Warriorsofthe.net (link Ch 2d)

35 IP Addressing Consists of four bytes, like 147.144.20.1 Two components
Network address Host address Neither portion may be all 1s or all 0s Classes Class A Class B Class C

36

37 IP Addressing (continued)
Class A First byte is reserved for network address Last three bytes are for host address Supports more than 16 million host computers Limited number of Class A networks Reserved for large corporations and governments (see link Ch 2b) Format: network.node.node.node

38 IP Addressing (continued)
Class B First two bytes are reserved for network address Last two bytes are for host address Supports more than 65,000 host computers Assigned to large corporations and Internet Service Providers (ISPs) Format: network.network.node.node CCSF has –

39 IP Addressing (continued)
Class C First three bytes are reserved for network address Last byte is for host address Supports up to 254 host computers Usually available for small business and home networks Format: network.network.network.node

40 IP Addressing (continued)
Subnetting Each network can be assigned a subnet mask Helps identify the network address bits from the host address bits Class A uses a subnet mask of Also called /8 Class B uses a subnet mask of Also called /16 Class C uses a subnet mask of Also called /24

41 Planning IP Address Assignments
Each network segment must have a unique network address Address cannot contain all 0s or all 1s To access computers on other networks Each computer needs IP address of gateway

42 Planning IP Address Assignments
TCP/IP uses subnet mask to determine if the destination computer is on the same network or a different network If destination is on a different network, it relays packet to gateway Gateway forwards packet to its next destination (routing) Packet eventually reaches destination 42 42

43 In-Class Exercises These aren’t in the handout, but you can practice them by doing project X1 for extra credit.

44 Subnet Mask Exercise 1 IP Address: 10.2.3.4 Subnet Mask: 255.0.0.0
What is the Network Portion of the IP Address? 10 10.2 10.2.3

45 Subnet Mask Exercise 2 IP Address: 172.31.33.44
What is the Network Portion of the IP Address? 172 172.31

46 Subnet Mask Exercise 3 IP Address: 192.168.0.101
What is the Network Portion of the IP Address? 192

47 Good Network A B C D To the Internet Network: 192.168.1.0 IP Address
Subnet Mask Default Gateway A Hub B C D

48 Duplicate IP Address A B C D To the Internet Network: 192.168.1.0
Subnet Mask Default Gateway A Hub B C D

49 IP Address Outside Subnet
To the Internet Network: IP Address Subnet Mask Default Gateway A Hub B C D

50 Wrong Subnet Mask A B C D To the Internet Network: 192.168.1.0
IP Address Subnet Mask Default Gateway A Hub B C D

51 Wrong Default Gateway A B C D To the Internet IP Address Subnet Mask
A Network: Hub B C D

52 Find the Problem #1 A B C D To the Internet Network: 192.168.1.0
IP Address Subnet Mask Default Gateway A Hub B C D

53 Find the Problem #2 A B C D To the Internet Network: 192.168.100.0
IP Address Subnet Mask Default Gateway A Hub B C D

54 Find the Problem #3 A B C D To the Internet Network: 192.168.8.0
IP Address Subnet Mask Default Gateway A Hub B C D

55 Find the Problem #4 A B C D To the Internet Network: 172.16.0.0
IP Address Subnet Mask Default Gateway A Hub B C D

56 Find the Problem #5 A B C D To the Internet Network: 10.0.0.0
IP Address Subnet Mask Default Gateway A Hub B C D

57 Answers #1: Duplicate IP address on rightmost machine
#2: Bad subnet mask on rightmost machine #3: IP address out of subnet on leftmost machine #4: Bad default gateway on leftmost machine #5: All the default gateways are wrong (or the top machine’s IP address is wrong)

58 IPv6 Modern operating systems like Windows 7 use IPv6 in addition to IPv4 IPv6 addresses are much longer: 128 bits instead of the 32 bits used by IPv4

Download ppt "Hands-On Ethical Hacking and Network Defense"

Similar presentations

Cisco 2 - Routers Perrine. J Page 14/30/2015 Chapter 10 TCP/IP Protocol Suite The function of the TCP/IP protocol stack is to transfer information from.

Cisco 2 - Routers Perrine. J Page 14/30/2015 Chapter 10 TCP/IP Protocol Suite The function of the TCP/IP protocol stack is to transfer information from.
CISCO NETWORKING ACADEMY Chabot College ELEC 99.05 Transport Layer (4)

CISCO NETWORKING ACADEMY Chabot College ELEC Transport Layer (4)
CCNA – Network Fundamentals

CCNA – Network Fundamentals
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 OSI Transport Layer Network Fundamentals – Chapter 4.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 OSI Transport Layer Network Fundamentals – Chapter 4.
IST 201 Chapter 9. TCP/IP Model Application Transport Internet Network Access.

IST 201 Chapter 9. TCP/IP Model Application Transport Internet Network Access.
Ethical Hacking and Network Defense

Ethical Hacking and Network Defense
Communication Protocols II Ninth Meeting. TCP/IP family.

Communication Protocols II Ninth Meeting. TCP/IP family.
CS3505 The Internet and Info Hiway transport layer protocols : TCP/UDP.

CS3505 The Internet and Info Hiway transport layer protocols : TCP/UDP.
Lecture # 14 TCP/IP - UDP Computer Communication & Networks.

Lecture # 14 TCP/IP - UDP Computer Communication & Networks.
CCNA 1 v3.1 Module 11 Review.

CCNA 1 v3.1 Module 11 Review.
© Wiley Inc. 2006. All Rights Reserved. CCNA: Cisco Certified Network Associate Study Guide CHAPTER 2: Internet Protocols.

© Wiley Inc All Rights Reserved. CCNA: Cisco Certified Network Associate Study Guide CHAPTER 2: Internet Protocols.
Networking Theory (part 2). Internet Architecture The Internet is a worldwide collection of smaller networks that share a common suite of communication.

Networking Theory (part 2). Internet Architecture The Internet is a worldwide collection of smaller networks that share a common suite of communication.
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 1 v3.0 Module 11 TCP/IP Transport and Application Layers.

1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 1 v3.0 Module 11 TCP/IP Transport and Application Layers.
Lesson 7 – THE BUSINESS OF NETWORKING. TCP/IP and UDP Other Internet protocols Important Internet protocols OVERVIEW.

Lesson 7 – THE BUSINESS OF NETWORKING. TCP/IP and UDP Other Internet protocols Important Internet protocols OVERVIEW.
Chapter 2 Internet Protocol DoD Model Four layers: – Process/Application layer – Host-to-Host layer – Internet layer – Network Access layer.

Chapter 2 Internet Protocol DoD Model Four layers: – Process/Application layer – Host-to-Host layer – Internet layer – Network Access layer.
Institute of Technology Sligo - Dept of Computing Semester 2 Chapter 9 The TCP/IP Protocol Suite Paul Flynn.

Institute of Technology Sligo - Dept of Computing Semester 2 Chapter 9 The TCP/IP Protocol Suite Paul Flynn.
Chapter 4 OSI Transport Layer

Chapter 4 OSI Transport Layer
Chapter Overview TCP/IP Protocols IP Addressing.

Chapter Overview TCP/IP Protocols IP Addressing.
IST 228\Ch3\IP Addressing1 TCP/IP and DoD Model (TCP/IP Model)

IST 228\Ch3\IP Addressing1 TCP/IP and DoD Model (TCP/IP Model)
Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 12 Transmission Control Protocol (TCP) Basics.

Microsoft Windows Server 2003 TCP/IP Protocols and Services Technical Reference Slide: 1 Lesson 12 Transmission Control Protocol (TCP) Basics.

Similar presentations

Ads by Google