Analyzing the TCP/IP Resolution Process...Scenarios – Redirection 1. ARP for Router 2. ARP...

Analyzing the TCP/IP Resolution ProcessPort, Name, Route and Hardware Address Resolution

Laura Chappell

SHARKFEST '08 | Foothill College | March 31

Laura ChappellFounder | Wireshark University

SHARKFEST '08Foothill CollegeMarch 31 - April 2, 2008

Analyzing the TCP/IP Resolution ProcessPort, Name, Route and Hardware Address

SHARKFEST '08 | Foothill College | March 31 - April 2, 2008

Founder | Wireshark University

Contents

Scenario

Building the Packet

Port/Name Resolution

Local MAC Resolution

Route and MAC Resolution (Remote Target)

SHARKFEST '08 | Foothill College | March 31


Complete TCP/IP Resolution Process


SHARKFEST '08 | Foothill College | March 31 - April 2, 2008


Complete TCP/IP Resolution Process

The Scenario

ftp

CORPFS1

MAC: AIP: 10.1.0.1Mask: 255.0.0.0

CORPFS1MAC: BIP: 10.2.99.99

Building the Packet

Destination MAC:Source MAC: EtherType:

Protocol: Source IP:

ftpCORPFS1 E

th

Source IP: Destination IP:

Source Port: Destination Port:

MAC: AIP: 10.1.0.1Mask: 255.0.0.0

IPT

CP

Building the Packet

?A0x0800

6 (TCP)10.1.0.1

resolveditems

CORPFS1

10.1.0.1???????

???????

MAC: BIP: 10.2.99.99

Port and Name Resolution

Translate ftp to port number 21

Get host IP address(Resolver Process)

TX

Port and Name Resolution

to port number 21


•Cache?•Hosts file?•Network?•Network?




TX

Local or remote destination?

Get MAC address (ARP)

TX•Cache?•Network?


to port number 21


•Cache?•Hosts file?•Network?


•Network?




TX


TX


to port number 21



Lookup route information



•Network?

• Host?• Network?• Gateway?

•Cache?•Network?

TCP/IP Resolution Processes



TX


TX



TCP/IP Resolution Processes

to port number 21






•Network?



Building the Packet

Destination MAC:Source MAC: EtherType:

Protocol: Source IP:

ftpCORPFS1 E

th

Source IP: Destination IP:

Source Port: Destination Port:

MAC: AIP: 10.1.0.1Mask: 255.0.0.0

IPT

CP

Building the Packet

BA0x0800

6 (TCP)10.1.0.1

resolveditems

CORPFS1

10.1.0.110.2.99.99

102421

MAC: BIP: 10.2.99.99

Where Can Things Go Wrong?



TX


TX



Where Can Things Go Wrong?

to port number 21






•Network?



Scenarios – Simple (Remote DNS/FS)

1. ARP for Router

2. ARP response

3. DNS query

4. DNS response

5. SYN to FS1

SYN ACK from FS16. SYN ACK from FS1

7. ACK to FS1

Host 1

Router A

(DG)

Simple (Remote DNS/FS)

DNSd

FS1

Router

Scenarios – Redirection

1. ARP for Router2. ARP response3. DNS query4. DNS response5. SYN to Web Server6. SYN to Web Server (redirect from Router A)7. ICMP redirection to Router B8. ARP from Router B for Host 1

ARP response from Host 19. ARP response from Host 110. SYN ACK from Web Server11. ACK to Web Server

Router B

Internet

Host 1

Redirection

SYN to Web Server (redirect from Router A)DNSd

Router A

(DG)

Host 1

FS1

What’s Next?

Laura’s Lab Kit v9

In show bags as well as…

ISO image: www.novell.com/connectionmagazine/laurachappell.htmlwww.novell.com/connectionmagazine/laurachappell.html

Analyzing the TCP/IP Resolution Process...Scenarios – Redirection 1. ARP for Router 2. ARP...

Documents

Transcript of Analyzing the TCP/IP Resolution Process...Scenarios – Redirection 1. ARP for Router 2. ARP...