PLUS 내부 세미나 1/22 The Libnet Library 이병영 2004/05/06.

Slides:

Advertisements

Similar presentations

Discussion Monday ( ). ver length 32 bits data (variable length, typically a TCP or UDP segment) 16-bit identifier header checksum time to live.

Advertisements

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.

Computer Networks20-1 Chapter 20. Network Layer: Internet Protocol 20.1 Internetworking 20.2 IPv IPv6.

CS470, A.SelcukIPsec – AH & ESP1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

ECE Department: University of Massachusetts, Amherst ECE 354 Lab 3: Transmitting and Receiving Ethernet Packets.

Introduction1-1 message segment datagram frame source application transport network link physical HtHt HnHn HlHl M HtHt HnHn M HtHt M M destination application.

UDP & TCP Where would we be without them!. UDP User Datagram Protocol.

Instructor: Sam Nanavaty TCP/IP protocol. Instructor: Sam Nanavaty Version – Allows for the evolution of the protocol IHL (Internet header length) – Length.

CP476 Internet Computing TCP/IP 1 Lecture 3. TCP / IP Objective: A in-step look at TCP/IP Purposes and operations Header specifications Implementations.

Network Layer Packet Forwarding IS250 Spring 2010

The Network Layer Chapter 5. The IP Protocol The IPv4 (Internet Protocol) header.

Chapter 5 The Network Layer.

ECE Department: University of Massachusetts, Amherst ECE 354 Spring 2009 Lab 3: Transmitting and Receiving Ethernet Packets.

1 Application TCPUDP IPICMPARPRARP Physical network Application TCP/IP Protocol Suite.

Source Port # (16)Destination Port # (16) Sequence Number (32 bits) Acknowledgement Number (32 bits) Hdr Len (4) Flags (6)Window Size (16) Options (if.

Chapter 3 Review of Protocols And Packet Formats

Defining Network Protocols Application Protocols –Application Layer –Presentation Layer –Session Layer Transport Protocols –Transport Layer Network Protocols.

ECE Prof. John A. Copeland fax Office: Klaus 3362.

Gursharan Singh Tatla Transport Layer 16-May

Module A Panko and Panko Business Data Networks and Security, 9 th Edition © 2013 Pearson.

Transmission Control Protocol Internet Protocol TCP/IP.

Module 10. Internet Protocol (IP) is the routed protocol of the Internet. IP addressing enables packets to be routed from source to destination using.

4: Network Layer4a-1 IP datagram format ver length 32 bits data (variable length, typically a TCP or UDP segment) 16-bit identifier Internet checksum time.

Packet Analysis with Wireshark

Internet Protocol (IP)

Basic Socket Programming TCP/IP overview. TCP interface Reference: –UNIX Network Programming, by Richard Stevens. –UNIX man page.

Network Technologies essentials Week 4: Internetworking Compilation made by Tim Moors, UNSW Australia Original slides by David Wetherall, University of.

Midterm Review These slides contain 90% recycled content.

CDPA 網管訓練駭客任務 2 Ethernet Switching ARP, IP, LAN, Subnet IP Header, Routing ICMP

10/13/20151 TCP/IP Transmission Control Protocol Internet Protocol.

Transport Layer: TCP and UDP. Overview of TCP/IP protocols Comparing TCP and UDP TCP connection: establishment, data transfer, and termination Allocation.

1 IP : Internet Protocol Computer Network System Sirak Kaewjamnong.

Review the key networking concepts –TCP/IP reference model –Ethernet –Switched Ethernet –IP, ARP –TCP –DNS.

Chapter 81 Internet Protocol (IP) Our greatest glory is not in never failing, but in rising up every time we fail. - Ralph Waldo Emerson.

Lab 2: SSL Security Attack June 17, 2008 Hyun Jin Kim.

DoS Suite and Raw Socket Programming Group 16 Thomas Losier Paul Obame Group 16 Thomas Losier Paul Obame.

Internet Protocol Formats. IP (V4) Packet byte 0 byte1 byte 2 byte 3 data... – up to 65 K including heading info Version IHL Serv. Type Total Length Identifcation.

Network Layer4-1 Datagram networks r no call setup at network layer r routers: no state about end-to-end connections m no network-level concept of “connection”

Decoding an IP Header (1)

1 Introduction to TCP/IP. 2 OSI and Protocol Stack OSI: Open Systems Interconnect OSI ModelTCP/IP HierarchyProtocols 7 th Application Layer 6 th Presentation.

Network Layer by peterl. forwarding table routing protocols path selection RIP, OSPF, BGP IP protocol addressing conventions datagram format packet handling.

1 Figure 3-13: Internet Protocol (IP) IP Addresses and Security  IP address spoofing: Sending a message with a false IP address (Figure 3-17)  Gives.

Internet Protocol Version 4 VersionHeader Length Type of Service Total Length IdentificationFragment Offset Time to LiveProtocolHeader Checksum Source.

1 CSE 5346 Spring Network Simulator Project.

1 Figure 3-5: IP Packet Total Length (16 bits) Identification (16 bits) Header Checksum (16 bits) Time to Live (8 bits) Flags Protocol (8 bits) 1=ICMP,

Network Layer by peterl. forwarding table routing protocols path selection RIP, OSPF, BGP IP protocol addressing conventions datagram format packet handling.

Sem1 - Module 10 Routing Fundamentals and Subnets

or call for office visit,

Network Layer Protocols COMP 3270 Computer Networks Computing Science Thompson Rivers University.

IP Fragmentation. Network layer transport segment from sending to receiving host on sending side encapsulates segments into datagrams on rcving side,

Packet Switch Network Server client IP Ether IPTCPData.

Lecture 13 IP V4 & IP V6. Figure Protocols at network layer.

Introduction to Networks

© 2003, Cisco Systems, Inc. All rights reserved.

Introduction to TCP/IP networking

Introduction to TCP/IP

or call for office visit, or call Kathy Cheek,

or call for office visit,

Transport Layer.

Internet Protocol Formats

TCP/IP Explored Jun Wu 11/11/2018.

Internet Protocol (IP)

What does this packet do?

Internet Protocol Formats

46 to 1500 bytes TYPE CODE CHECKSUM IDENTIFIER SEQUENCE NUMBER OPTIONAL DATA ICMP Echo message.

Network Architecture Models: Layered Communications

16EC Computer networks unit II Mr.M.Jagadesh

32 bit destination IP address

Transport Layer 9/22/2019.

Presentation transcript:

PLUS 내부 세미나 1/22 The Libnet Library 이병영 2004/05/06

PLUS 내부 세미나 2/22 CONTENTS  Introduction of libnet  Building packets (with libnet-1.1)  Four steps to send a packet  Practical use example with libnet  ARP spoofing  TCP RESET attack

PLUS 내부 세미나 3/22 Introduction of Libnet  Libnet is a C library providing a high-level interface to packet injection.  Previous to libnet, programmers had to wrestle with confusing, obscure, and poorly documented interfaces to build and write network packets.

PLUS 내부 세미나 4/22 Introduction of Libnet

PLUS 내부 세미나 5/22 Introduction of Libnet  Libnet is a wonderful utility for writing security- related applications, tools and modules.  Many recent exploits and tools have been rapidly developed using libnet.

PLUS 내부 세미나 6/22 Building packets  Libnet contexts  typedef struct {... /* some declarations */ } libnet_t;

PLUS 내부 세미나 7/22 Building packets  Libnet pblock(packet block)  struct libnet_protocol_block { … /* some declarations */ }; typedef struct libnet_protocol_block libnet_pblock_t;

PLUS 내부 세미나 8/22 Building packets - our example’s plan  Suppose that we want to  build a simple UDP packet  work in link layer level  So we have to build a UDP, IPV4, ethernet header(pblock) in libnet contexts.

PLUS 내부 세미나 9/22

PLUS 내부 세미나 10/22 Building packets (1)Initializing the context  libnet_t* libnet_init ( int injection_type, char * device, char * err_buf)  injection type  Decides your working level  LIBNET_RAW4, LIBNET_LINK  device  Specify the device you will use  err_buf  Buffer to write the error message

PLUS 내부 세미나 11/22 Building packets (2)Building pblock (UDP)  Build a UDP header libnet_ptag_t libnet_build_udp( u_int16_t sp, // The src UDP port u_int16_t dp, // The dst UDP port u_int16_t len, // Length of UDP packet u_int16_t sum, // Checksum, 0 for libnet autofill u_int8_t *payload, // Optional payload u_int32_t payload_s, // Payload size libnet_t *l, // The libnet context pointer libnet_ptag_t ptag // Protocol tag );

PLUS 내부 세미나 12/22 Building packets (2)Building pblock (IPV4)  Build a IPV4 header libnet_ptag_t libnet_build_ipv4( u_int16_t len,// Length of IPV4 packet u_int8_t tos,// Type of service bits u_int16_t id, // IP identification u_int16_t frag, // Fragmentation bits u_int8_t ttl, // Time to live u_int8_t prot, // Upper layer protocol u_int16_t sum, // Checksum, 0 for libnet autofill u_int32_t src, // Src IP address u_int32_t dst, // Dst IP address u_int8_t *payload,// Optional payload u_int32_t payload_s,// Payload size libnet_t *l, // The libnet context pointer libnet_ptag_t ptag);// Protocol tag

PLUS 내부 세미나 13/22 Building packets (2)Building pblock (Ethernet)  Bulid a ethernet header libnet_ptag_t libnet_build_ethernet( u_int8_t *dst, // Dst ethernet address u_int8_t *src,// Src ethernet address u_int16_t type, // Upper layer type u_int8_t *payload, // Optional payload u_int32_t payload_s, // Payload size libnet_t *l,// The libnet context pointer libnet_ptag_t ptag);// Protocal tag

PLUS 내부 세미나 14/22 Building packets (3)Write the packet to wire  After building pblock, just call the function libnet_write with argument of libnet_t pointer.  int libnet_write ( libnet_t * )  Returns the amount of bytes written to the wire.

PLUS 내부 세미나 15/22 Building packets (4)Clean up a libnet context  void libnet_destroy ( libnet_t * )  This function frees memeory of libnet context.

PLUS 내부 세미나 16/22

PLUS 내부 세미나 17/22 Building packets - confirm with tcpdump

PLUS 내부 세미나 18/22 Practical use – (1) ARP spoofing

PLUS 내부 세미나 19/22 Practical use – (2) TCP RESET attack  In a traditional sequence number attack, the exact sequence number considered valid and accepted by the receiving TCP endpoint.  The utilization of the TCP window size to reduce the number of sequence numbers that must be guessed.  More details are in document “Slippling in the window : TCP Reset Attacks”.

PLUS 내부 세미나 20/22 Practical use – (2) TCP RESET attack

PLUS 내부 세미나 21/22 Practical use – (2) TCP RESET attack

PLUS 내부 세미나 22/22 References  1. Libnet reference manual   2. Building packets for dummies and others with libnet   3. TCP/IP Illustrated, Volume1 by Stevens  4. Slippling in the window : TCP Reset Attacks 