Introduction to Networking -...

Cybersecurity HS Summer Camp

Introduction to Networking

HS Summer Camp | Computer Science Department | University of Puerto Rico - RP

A host is a computer connected to a network.

It is an end system.

Running network apps.

Hosts


A networking device that forwards data packets between computer networks

Hosts live at the end points of communication, and routers live along the communication routes in the middle.

A router uses a packet's IP Address to choose a neighbour host that gets the packet closer to the recipient (destination IP Address), and passes the packet on to that neighbour.

Routers


Network packet is a formatted unit of data carried by a packet-switched network.

A packet consists of two kinds of data: control information and user data (also known as payload). The control information provides data the network needs to deliver the user data.

Packets

Suppose Host A has a message to send to Host B. A breaks his message into small chunks and sends each chunk, prefaced with B's address, across the network.


Internet Protocol (IP) addresses are unique numeric identifiers that are needed by every device that connects to the Internet.

IP Addresses are usually written down as four numbers with dots in between, like 136.145.181.38.

IP Address


IP address is a 32 bit number that is divided into 4 bytes (8 bits per byte).

We usually write IP addresses as four 8-bits numbers, separated by dots.

136.145.181.38

10001000.10010001.10110101.00100110

IP Address


The reason we prefer dotted quad notation is:• they're generally easier to remember, and • the first two or three bytes are often the same for all

IP Addresses within a given organization.

136.145.*.* are the IP addresses of the UPR.136.145.181.* are the IP addresses of the CS department.

IP Address


$ ifconfig eth0 Link encap:Ethernet HWaddr 46:54:3D:A6:A3:6C inet addr:136.145.181.30 Bcast:136.145.181.255 Mask:255.255.255.0 inet6 addr: fe80::4454:3dff:fea6:a36c/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:119942172 errors:0 dropped:0 overruns:0 frame:0 TX packets:91622222 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:11081192215 (10.3 GiB) TX bytes:147970521437 (137.8 GiB) Interrupt:247

Your IP Address

In the terminal run ifconfig.

ipconfig if you are in a windows machine.


Network address translation (NAT) is a methodology of remapping one IP address space into another by modifying network address information in Internet Protocol (IP) datagram packet headers while they are in transit across a traffic routing device. [wiki]

NAT: Network Address Translation


NAT: Network Address Translation


A human understandable way to refer to a computer in a network.

For instance it is easier to remember ccom.uprrp.edu than 136.145.181.38.

Humans understand names, computers understand numbers.

Domain Name System


The IP address of a computer might change and the domain name can stay the same.

The telephone analogy, your phone number might change but your name don’t. In an address book you search by name the person you want to call and then the cell phone place the call by number.

Domain Name System


They're just like paths in a file system; the only difference is that we write them the other way around.ccom.uprrp.edu instead of /edu/uprrp/ccomccom is a subset of uprrp, which in turn is a subset of edu, which is called a top level domain (TLD).

DNS are hierarchical


TLD• .edu• .com• .org• .net

TLD and ccTLD

ccTLD (country code TLD)• .pr• .us• .ar• .cn

TLD list: http://en.wikipedia.org/wiki/List_of_Internet_top-level_domains

http://en.wikipedia.org/wiki/List_of_Internet_top-level_domains


Humans understand names, computers understand numbers.

To communicate to any host in the Internet you need the IP address.

But we remember names, thus we need a mechanism to map from the domain name to the IP address.

DNS (why?)


Consists of a global system of servers, called name server, that translate symbolic names to IP Addresses either by knowing the answer, or passing the query along to a server that does.

To translate a symbolic name to an IP Address, you need to query a name server, which requires knowing the name server's IP Address.

When your computer joins a network, it is usually given the IP Address of one or more name servers.

DNS: How?


Query to know the IPaddress of dns.cs.umass.edu

DNS: How?


$ cat /etc/resolv.conf

# This file is automatically generated.

#

domain rrp.campus

nameserver 136.145.180.232

nameserver 136.145.180.233

nameserver 136.145.180.234

nameserver 136.145.180.235

nameserver 10.255.254.20

nameserver 10.255.254.21

How to know your DNS servers?

En windows:ipconfig /all


host | nslookup is a tool that carry out DNS requests.

$ host ccom.uprrp.edu

ccom.uprrp.edu is an alias for shannon.uprrp.edu.

shannon.uprrp.edu has address 136.145.181.38

DNS: How to do DNS request


$ host www.facebook.com

www.facebook.com is an alias for star.c10r.facebook.com.

star.c10r.facebook.com has address 31.13.71.1

star.c10r.facebook.com has IPv6 address 2a03:2880:f012:1:face:b00c::1

star.c10r.facebook.com mail is handled by 10 msgin.vvv.facebook.com.



$ host www.google.com

www.google.com has address 173.194.37.82





www.google.com has IPv6 address 2607:f8b0:4002:802::1011



Every time you want to access a service using the domain name, a query is made to the local DNS server to obtain the server IP address.

Name resolution


To request to an specific DNS server send the server address as a second parameter.

$ host www.google.com 8.8.8.8

Using domain server:

Name: 8.8.8.8

Address: 8.8.8.8#53

Aliases:


www.google.com has IPv6 address 2607:f8b0:4008:807::2004



$ traceroute www.gatech.edu

traceroute to www.gatech.edu (130.207.244.165), 30 hops max, 60 byte packets

1 gw.hpcf.upr.edu (136.145.54.1) 0.372 ms 0.458 ms 0.551 ms

2 gsr27600.hpcf.upr.edu (136.145.215.53) 0.154 ms 0.157 ms 0.159 ms

3 upr-oc3.ampath.net (198.32.252.209) 26.665 ms 26.786 ms 26.890 ms

4 to-flr-atl-i2.ampath.net (198.32.252.238) 39.639 ms 39.639 ms 39.633 ms

5 sox-to-i2-100g.sox.net (143.215.193.3) 39.371 ms 39.386 ms 39.381 ms

6 bcdcgw2-sox.sox.net (143.215.194.106) 39.602 ms 39.518 ms 39.510 ms

7 campus2-rtr.gatech.edu (130.207.254.187) 40.122 ms 47.481 ms 39.906 ms

8 rich-rtr.gatech.edu (130.207.254.38) 39.901 ms 39.798 ms 39.673 ms

9 * * *

10 * * *

traceroute - to follow a packet path


The IP address is used to communicate from one host to another (one computer to another).

The port is used to communicate from one process running in one host to another process running in another host.

Ports


The human analogy would be sending a package via post mail service. IP addresses are like the address to a home, and the port is the person that lives in the home to which the package is directed.

Ports


Ports are a 16 bit positive number. 216 = 65536 numbers, 0 - 65635

Clients need to know, not only the IP address, but also the port number of a server process.

Port


Common application services have particular assigned port numbers.

Some common application services are:• HTTP, listen port 80• HTTPS, 443• SSH, 22• SMTP, 25 • DNS, 53

Services and assigned ports can be found at /etc/services or http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers

Server Port

http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers




Client port number is assigned randomly in the client operating system.

The client is the one that initiates communications with the server, the server receives the client port address and thus know what port to communicate.

Client Port


When a server use a port different to the conventional port, the user has to specify the client application the server port.

For instance if a web server is running in port 8080 instead of the conventional port 80. The user can specify the port using the : symbol after the server name followed by the port.

http://servername.com:8080

Server unconventional port


$ sudo netstat -alnp | headActive Internet connections (servers and established)Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program

name tcp 0 0 0.0.0.0:875 0.0.0.0:* LISTEN 12263/rpc.rquotad tcp 0 0 0.0.0.0:35244 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:719 0.0.0.0:* LISTEN 962/ypserv tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 912/rpcbind tcp 0 0 0.0.0.0:53810 0.0.0.0:* LISTEN 12268/rpc.mountd tcp 0 0 0.0.0.0:43764 0.0.0.0:* LISTEN 12268/rpc.mountd tcp 0 0 0.0.0.0:725 0.0.0.0:* LISTEN 4784/ypbind tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 16300/sshd

netstat - to list the ports in use

In windows:netstat -bro


Knowing what ports are listening in my computer allows me to understand my computer risk for intrusion.

Listening port


Two basic transport layers (TCP and UDP)

Transport Layer: TCP and UDP


TCP establishes a reliable connection where all the packets sent through that connection arrive to the destination in order.

TCP provides reliable transmission, error detection, flow control, and congestion control.

The connection is established via what is called the TCP handshake that involves acknowledges messages.

TCP: Transport Control Protocol


UDP is a connectionless protocol, packets can get lost, and packets can arrive out of order.

UDP does not provide any congestion or flow control. It is a lightweight protocol compared to TCP because of the fewer features.

It is used in protocols that allow few packet loss such as VoIP and video streaming.

UDP: User Datagram Protocol


Internet apps transport protocols


Is a computer networking service for reading from and writing to network connections using TCP or UDP.

nc - (netcat)


In the "client" mode of netcat, you give it an IP Address and a port number, and whatever you type into after pressing enter gets sent to the given address and port using TCP over IPv4.

nc - (netcat)


In the "server" mode of netcat. you give the -l option (listen) and nc then acts like a server, "listening" for a connection request, accepting the first one it receives, then echoing whatever gets sent to it to the screen, and taking whatever gets typed on the screen and sending it to the client whose connection request it accepted.

nc - (netcat)

Client Example:$ nc 136.145.181.40 4088

Connects to server 136.145.181.40 in port 4088

nc - example

Server Example:$ nc -l 4088

Listen for connections in port 4088

Server must have the IP 136.145.181.40 to work.


Is a computer network administration software utility used to:• test the reachability of a host on an Internet Protocol (IP) network and • to measure the round-trip time for messages sent from the originating

host to a destination computer.

Ping operates by sending Internet Control Message Protocol (ICMP) echo request packets to the target host and waiting for an ICMP response.

http://en.wikipedia.org/wiki/Ping_%28networking_utility%29

Ping




$ ping 136.145.181.38

PING 136.145.181.38 (136.145.181.38): 56 data bytes

64 bytes from 136.145.181.38: icmp_seq=0 ttl=64 time=5.632 ms





^C

--- 136.145.181.38 ping statistics ---

5 packets transmitted, 5 packets received, 0.0% packet loss

round-trip min/avg/max/stddev = 3.824/8.475/18.616/5.575 ms

Ping - Example 1


$ ping -c 5 ccom.uprrp.edu

PING shannon.uprrp.edu (136.145.181.38): 56 data bytes






--- shannon.uprrp.edu ping statistics ---

5 packets transmitted, 5 packets received, 0.0% packet loss

round-trip min/avg/max/stddev = 1.889/6.039/9.085/2.454 ms

Ping - Example 2, -c


$ ping 136.145.181.2

PING 136.145.181.2 (136.145.181.2) 56(84) bytes of data.

From 136.145.181.51 icmp_seq=2 Destination Host Unreachable





^C

--- 136.145.181.2 ping statistics ---

10 packets transmitted, 0 received, +6 errors, 100% packet loss, time 9269ms

pipe 3

Ping - Example 3, Host Unreachable


Ping is useful for debugging network problems.

It's also used as a tool for network reconnaissance.

A malicious use for ping is to have a group of computers send lots and lots of ping requests to a given server, hoping to keep it so busy answering the pings that it can't do any useful work. (DoS)

Ping - More


For the previous two reasons, not all hosts reply to a ping request, mainly because the tool is sometimes abused by malicious people and programs.

The biggest example is your very own campus that does not allow ping in or out the campus.

Ping - More


ICMP is an Internet Layer protocol, which means it doesn't have an associated port number, like Application Layer protocols that are built on top of the Transport Layer.

Ping - More


HTTP (HyperText Transfer Protocol) is the Application Layer protocol that the web is based on.

HTTP servers (web servers) use TCP and listen on port 80. HTTP clients are called web browsers.

HTTPS (HTTP Secure) is a secure version of HTTP and listen on port 443. It employs Transport Layer Security (TLS), a set of cryptographic protocols .

HTTP/HTTPs


HTTP/HTTPs - Example 1

Seriously, in case you don’t know how.


$ elinks www.google.com




host | nslookup is a tool that carry out DNS requests.

$ host ccom.uprrp.edu

ccom.uprrp.edu is an alias for shannon.uprrp.edu.

shannon.uprrp.edu has address 136.145.181.38

DNS - Example


SSH (Secure SHell) is a protocol that allows secure, remote command shell access. In this setting, secure means preserving confidentiality and authentication.

Normally ssh-server processes listen on port 22.

SSH


$ ssh -l jortiz ada.uprrp.edu

[email protected]'s password:

Last login: Mon Feb 23 10:56:55 2015 from 136.145.181.55

SSH - Example


Download putty: http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html

ssh - Example Windows(putty)

ada.uprrp.edu

http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html




Secure File Transfer Protocol (SFTP) offers secure file transfer.

You've already used scp, which is an SFTP client, to transfer web content.

SFTP also uses TCP port 22 , because SFTP is actually an extension of SSH.

SFTP


$ scp test.cpp [email protected]:~/

Warning: the RSA host key for 'ada.uprrp.edu' differs from the key for the IP address '136.145.181.66'

[email protected]'s password:

test.cpp 100% 311 0.3KB/s 00:00

SFTP - Example (scp)


SFTP - Example (GUI)


The Dynamic Host Configuration Protocol (DHCP) is a standardized network protocol used on Internet Protocol (IP) networks for dynamically distributing network configuration parameters, such as IP addresses for interfaces and services.

With DHCP, computers request IP addresses and networking parameters automatically from a DHCP server, reducing the need for a network administrator or a user to configure these settings manually.

DHCP (wiki)


Your computer is already configured to use DHCP, so when you plug in the Ethernet cable (or connect to a wireless network), your computer broadcasts a request for an IP address.

For networks without the DHCP service, users must obtain their IP settings from the network administrator and manually configure their computers.

The DHCP protocol runs over UDP, using ports 67 and 68.

DHCP


Server Message Block and Network File System are protocols used for network file sharing.

SMB servers are TCP servers that usually listen on port 445.

NSF servers are TCP servers that usually listen on port 2049.

SMB and NFS


SMTP (Simple Mail Transfer Protocol) is an application layer protocol for transporting email.

An SMTP client is responsible for transferring electronic mail (email) messages to one or more SMTP servers.

SMTP - Simple Message Transfer Proto


Applications SummaryService Protocol Port TCP/UDP App

Network Connectivity / Host Status ICMP * * ping

WWW HTTP 80 TCP any browse

secure www HTTPS 443 TCP any browser

name resolution DNS 53 UDP host, nslookup

secure shell SSH 22 TCP ssh, putty

secure file transfer SFTP 22 TCP scp, filesylla, winscp

dynamic host config protocol DHCP 67,68 UDP built in the OS

SMB SMB 445 TCP

NFS NFS 2049 TCP

email SMTP 25 TCP any mail client


A network is a group of two or more computer systems linked together.

There are many types of computer networks, including: local-area networks (LANs)

The computers are geographically close together (that is, in the same building). [webopedia]

Network


The broadcast address is used to send a single packet to all hosts on the network and is characterized by the network address followed by all 1's.

Example: 136.145.181.255 is CCOM broadcast address

A host requesting networking configuration service using DHCP uses the broadcast IP Address, for example.

Network and Broadcast address


We are about to enter to the link layer.

The primary Link-Layer protocol (really a collection of protocols) is Ethernet.

Ethernet defines how packets move from host to host when they're directly connected via a cable (Ethernet cable) or by Wifi (using the 802.11 wireless Ethernet protocols).

Link Layer


We know that hosts have IP addresses, but that they may change over time.

The IP address is used to route the packet across the Internet (Internet Protocol)

MAC address a.k.a Hardware addr


A MAC address is a physical address, specifically a 48-bit number. MAC Addresses are normally written using hex characters, two at a time (i.e., one byte at a time), separated by ":".

For instance:c8:2a:14:18:3c:5f is a MAC address

MAC address a.k.a Hardware addr


MAC addresses are associated with a host's network adapter, not the host itself. Hence, a host may have multiple MAC addresses (one for each adapter).

Furthermore, MAC addresses are permanently assigned to each network adapter when it is manufactured, so each device has it's own unique MAC address.

Also, like IP addresses, MAC addresses have a broadcast address used to send a message to all devices on a physical network. The broadcast address for Ethernet is ff:ff:ff:ff:ff:ff.

MAC Address - 2


The MAC Address is used to know how to deliver packets from one computer in a local network to another computer in the same network.

MAC Address - 3


Gateway (gw) router is the router that routes/allow intercommunication between a local network to another network.

Computers need the gw address to send the packets that will route out of the local network.

GATEWAY Router and gw address


When determining where to send a packet, the originating host first must calculate if the destination IP and the source IP are on the same network (as defined above).

• If the destination IP is on the same network, the packet will be sent to the destination host directly.

• If the destination IP address is on a different network, the packet will be sent out via the local network's "GATEWAY ROUTER", which will then forward the packet out a different network connection.

Sending packets


that your computer knows.

$ arp -astudent-pc.rrp.campus (136.145.181.44) at b8:ac:6f:1d:fa:be on en1 ifscope

[ethernet]ivan-internet.rrp.campus (136.145.181.77) at c:4d:e9:bb:6c:99 on en1 ifscope

[ethernet]? (136.145.181.254) at 0:4:80:ec:3e:e8 on en1 ifscope [ethernet]? (136.145.181.255) at ff:ff:ff:ff:ff:ff on en1 ifscope [ethernet]

See MAC addresses


It should be pretty obvious that the Physical Layer will be different with wireless networks: radios instead of wires.

The other layer that changes is the Link Layer, everything else is the same.

Wireless

When a host is connected wirelessly, it still has an IP address, still uses TCP and UDP, still browses the web with HTTP and resolves host names with DNS.


802.11 is a family of standards: now encompassing 802.11a, 802.11b, 802.11g, and 802.11n.

802.11 radios have MAC addresses just like Ethernet.

802.11


Each wireless network is given a name, called its ESSID, so that a host can identify by name which wireless network it wants to join when multiple base stations are within range.

ESSID


Encrypt (encode) the data you broadcast in such a way that only the people you want on the network can decrypt (decode).

To join/scramble/unscramble one needs a "key".

Access Control & Privacy


WEP (Wired Equivalent Privacy), the oldest of the three methods we will discuss.

This uses a weak (by today's standards) encryption method and a 40-bit key.

There are free tools and instructions for how to listen in on a WEP-protected network and crack the password. This should not be your first choice of encryption, not even at home.



WPA (Wifi Protected Access), which uses the same encryption method as WEP, but uses a stronger 128-bit key.

This is certainly stronger than WEP, but not an altogether new solution.



WPA2 (Wifi Protected Access 2) is the strongest of the three encryption methods.

This uses a strong 256-bit key for the encryption and is currently considered the best protection for wireless networks.


Introduction to Networking -...

Documents

Transcript of Introduction to Networking -...