Guys, did you study well?
I really mean it, if you didn’t study the previous lessons by heart, then please go back immediately and do it. Otherwise everything will be messed up!!
Today we are going to start the second phase in “Ethical Hacking”; this phase is called “Scanning and Enumeration”. “Scanning” is the phase where we have a direct contact with our target; because as we have seen before in the “Reconnaissance” phase that we never dealt direct with the target. All what we did was to gather information without our target knowing about it.
But as usual, before we start delving into our new phase, we have to learn some basics; our lesson today is about TCP/IP. And because TCP/IP is a huge subject that deserves encyclopedias to be written about, so I will just simplify few terms that will help us in this phase. And at the same time I will refer you to other links for more reference.
Basics:
1- Layering
Networking – from the design point of view would look like this:
The same network – from the telecommunication point of view would look like that:
When 2 computers are communication with each other, data enters so many processes till it goes from one computer to the other. These processes take part in imaginary network layers; each layer is responsible for a process or more.
Let’s take a practical example so that we understand it better.
Layer 7 = Application Layer
You open your Internet browser and type in the name of the website of your target which you want to visit.
Layer 6 = Presentation Layer
Your browser knows how to show pictures from different format, such as JPG, PNG…
Your browser knows how to handle different file types, for example if the target’s web site is created using HTML or ASP, your browser know how to open these file types.
Also if the web page is encrypted, and you have the authority to open this page, then your browser will know how decrypt the page and show a readable format.
Layer 5 = Session Layer
This is the first step of networking, where your browser establishes a session between your computer and the Web Server, and terminates the session at the end.
Layer 4 = Transport Layer
The web page you requested needs to be divided into small chunks to be transferred, and arranged in order to be sent through the network.
Layer 3 = Network Layer
Now, the page is ready, but it doesn’t know how to reach you because your address is xxx.xxx.xxx.xxx, which is wired for the web server because it doesn’t know where this address is located, so in this step Addressing occurs and data is sent to the Network Card.
Layer 2 = Data Link Layer
Now, the data is ready to be transferred out of the computer, so the Data Link Layer starts packaging the data + the address of delivery
Layer 1 = Physical layer
This is the step when data is transferred into electrical signals that is understood by the network cables and devices
I think with this diagram, you have no excuse :) right?
2- Protocols
Each layer contains Protocols or/and Services that are responsible for performing its role; let’s see an example of these protocols and services
Layer 7 = Protocols such as HTTP (HyperText Transfer Protocol), FTP (File Transfer Protocol), POP3 (Post Office Protocol), SMTP (Simple Mail Transfer Protocol)…
Layer 6 = Standards such as ASCII (American Standard Code for Information Interchange), JPEG (Joint Photographic Experts Group), MIDI (Musical Instrument Digital Interface)…
Layer 5 = APIs such as SQL (Structured Query language), RPC (Remote Procedure Call), NetBIOS (Network Basic Input/Output System)…
Layer 4 = Protocols such as TCP (Transmission Control Protocol), UDP (User Datagram Protocol), SPX (Sequenced Packet Exchange)…
Layer 3 = Protocols such as IP (Internet Protocol), ICMP (Internet Control Message Protocol), IPX (Novel Internetwork Packet Exchange)…
Layer 2 = Protocols such as ARP (Address Resolution Protocol), PPP (Point to Point Protocol)…
Layer 1 = Standards such as 10Base-T, T1…
Don’t worry; we won’t be talking about all of these :)
We will choose 4 of these, because that’s what we will need in this phase, at least :)
3- Definitions
Header = Protocols messages are build of a Header (which is a piece of information that is needed for the protocol to do its work) followed by data. Each layer’s protocol adds a piece of header to the payload (data) coming from the higher layer.
Transport Protocols = these are protocols that have the ability to transfer data from one computer to the other.
Port = check the Whois lesson
Flag = check the Whois lesson
Reliable Delivery = what will happen if you send a postcard to a friend and it didn’t arrive? Well, it’s not a big deal because my friend wouldn’t be upset, and he doesn’t care himself :)
What if you are sending money to someone through the post? Then, will you care or not? :)
Of course you will, delivery at this moment is so important, it’s money, right?
Some transport protocols uses this method, they make sure that the message arrived to the right recipient
Connection Oriented = how would you feel if you are dialing a phone number of a friend, and your friend picked up the phone and didn’t say a word? And you keep talking to him, but he is just listening without a single word. Would you stay cool or would you jump and hit him through the phone line? :)
Some transport protocols are connection oriented, they make sure that the recipient is speaking the same language, hearing well, got every single word said, correct what was misunderstood, or undelivered.
TCP:
* TCP or “Transmission Control Protocol” is a connection oriented protocol, which means that handshaking between the 2 machines occurs before any data is sent. If the handshake is successful, then a virtual connection is established between the 2 machines.
* TCP is a reliable protocol in delivery, which means it ensures that the data reached the destination as soon as it receives the ACK flag from the destination (for more information, reread the Whois lesson)
* We said before that one of the Transport Protocol roles is to divide data into chunks and arrange the chunks in order and numbers to make sure of right delivery, this step is called sequencing.
* If I’m talking to you very quickly, you would tell me “please, slow down, I can’t follow what you are saying”, this process is called “Congestion control”. And when TCP is used as the transport protocol, it can control the amount of data to be sent according to the limits of the destination.
* TCP is a slow protocol for 2 reasons:
The long process of handshaking, and waiting for the ACK flag whenever data is received, and sometimes the resend of data when loss
TCP uses a big amount of resources in establishing a lot of connections for the handshaking and the reliable delivery.
Homework: Read RFC number 973
UDP:
* UDP or “User Datagram Protocol” is a connectionless oriented protocol, which is the opposite of what the TCP does. UDP doesn’t use the handshake method, thus it doesn’t set up a virtual connection.
* UDP is an unreliable protocol, which means that it sends that data without any care or guarantee if the data reached the destination safely or not.
* As UDP doesn’t care for reliable delivery, then sequencing here would make no sense, because of that UDP doesn’t use sequencing.
* Once again, UDP doesn’t care if the destination got the data or not, it can understand it or not. Thus, there is no congestion control.
* UDP is a very quick protocol, because few resources are used in transferring data and no reliable delivery.
Homework: Read RFC number 768
ICMP:
We talked about ICMP before, so no need to repeat what we said. For more information read the article of Tracerouting
Homework: Read RFC number 792
IP:
IP or “Internet Protocol” is a connectionless protocol that is responsible for the addressing and routing of data. We always use the postal system as an analogy for the IP message, when you write a letter to someone and put this letter in an envelope and send it to the post office. The letter here is the data to be sent through the network, and the IP is the address you wrote on the envelope, while the post office is the network where data is transferred through.
Homework: Read RFC number 791
Guys, this part is very critical and it is a prerequisite for being a great hacker. Master it.
2 great books I would recommend you to read if you have a gap in Networking concepts and terms:
Computer Networks: Internet Protocols in Action
Interconnections: Bridges, Routers, Switches, and Internetworking Protocols (2nd Edition)
Till next article,
Please take care
Scanning Basics
Subscribe to:
Post Comments (Atom)
5 comments:
I just want to say, even though I havent had the time to sit down and read through some of these, your write ups look amazing. Thank you for all of this great work and reading material
Thank you Really -- upto now things like ROCK .
but what about just give us guide to make Virtual lab ... i mean setting up lab at home with basic - Apache or IIS .. and all this in VMware Environment . main server & 4 Pc's . and start Practice . there some newcomer to the filed who start practice on live Target .and END up in Police Station's ... thank you for every mint u give it 2 us & take it from your Family Hani
Dear alzool,
I promise I will do my best concerning the virtual labs. God willings, expect it soon.
Dear Hayman
I must congratulate you on a very good site. In particular, your layman explanation of the OSI Model is just pure brilliance.This is the very first article to break down the OSI in basic terms. Every book I have read or article related to the OSI have always left me more confused.
This explanation would make for great training material in Basic Networking.Can I have your permission to use this for further training?
Once again, awesome,awesome tutorial. I am currently studying Computer Forensics and I find your Pen Testing Tutorials just brilliant.
Keep up the good work.
Travis
Dear Travis,
Your words made my day :)
I'm so glad I was able to help you, and I will do my best to give everything I know.
Guys, the tutorials here are for everyone for free, all I request is not to use this knowledge in bothering others :)
I'm sure, you know what I mean :)
Post a Comment