TCP/IP Part 1

This is a new series of blog posts on TCP/IP which is transmission control protocol internet protocol and is based on the Learning TCP/IP course by Infinite Skills which I am doing. I will be doing a post on a daily basis. TCP/IP is a suite of internet protocols which are basically rules for how computers and their networks communicate over the internet. There are other protocols as well as TCP/IP such as IPX & Appletalk but TCP/IP is the most widely used. The origins of the internet started with the ARPANET the basic backbone of which was constructed in 1967 and was a network for the Department Of Defense in America and was built in a decentralized way to survive a nuclear attack. There were other networks built soon after and around that time in particular networks for universities and scientists to communicate with one another. Initially there was TCP which was a protocol for networks and the IP part came later. This course looks quite a bit at wireshark which is a wireless packet capture and analysis program. It’s free to download and contains a filter to look at certain packets of a particular type. The filter box goes red to show it’s incomplete and turns green when you enter a complete search. You can right click on a packet and choose an option to search for packets of the same type. In the filter box you enter the equals sign twice to specify a search criteria because there is always the chance the equals sign might be part of the search criteria. You can search for a type of transmission like tcp or ip and ip would cover just about every transmission type so would be useless. There is something called the OSI model which consists of 7 modules which are Physical, Data Link, Network, Transport, Session, Presentation & Application. These modules are called layers and the lowest layer is Physical and the one data from the internet initially comes through & the highest layer is Application which works directly at a software level including your web browser. Data goes from one layer to the next all the way up and down this model. Different types of protocol work with different layers ie HTTP works with Application & TCP works with Transport. There are discrepancies about which protocols work with Session which isn’t an exact layer. There is also a TCP model which works similar to the OSI model although the top and bottom module incorporate several layers from the TCP model.

 

 

Computer Forensics C

This is another blog post in my series on Computer Forensics based on the course I am doing with Infinite Skills. In this post I am going to look at network security and hacking. There are many types of hacking and in the types of hacking like denial of service attacks there are many different types of those. There are a lot of websites devoted to downloaders of denial of service attack tools. Many of these are out of date and haven’t been updated so won’t work on a newish network. There is a type of denial of service attack called ARP poisoning which doesn’t necessarily knock the computer out of action but adds data to the computers workload and is when you listen in via a program to the traffic going to and from that computer. Wireshark is probably the industry standard program for tracking traffic on a wireless network but there is a program called network miner which is a bit simpler to use. There is another type of attack called a brute force attack which is when a computer is bombarded with random passwords often done sequentially until it accepts the right one. There are programs where you just set the program up and it will do this automatically. There is a thing called white hat cracking and penetration testing which is when a computer hires someone to test the soundness of their network. No network will stand up forever to an attack but you have to give the hacker such a difficult time he will think it isn’t worth the bother. If a network is under attack you shouldn’t reboot it or interogate the server. Rebooting will make you lose any trace of the virus in a lot of cases. Running diagnostic software on the server is liable to tip off the hacker who can then take appropriate action. You should run the diagnostic software on one of the workstations and access the network from there. In a very serious attack sometimes the network administrator will literally pull out the broadband or network cable  and it doesn’t cause as much damage as you might think although they have probably as a result lost the ability to trace where the virus came from.

 

Wireshark

The book I read to research this post was Practical Packet Analysis by Chris Sanders which is a very good & an excellent introduction to wireshark. I bought it from kindle. Many of the tools that help you secure a network also play a part if you want to hack, that’s a fact of life. I’m just going to do a general introduction to wireshark & the associated programs that help with wireless security. Wireshark is an open source packet sniffer although if you do a search for it in google you will find certain dubious types trying to sell it. Get the free version, I think if you do a search for snake oil there’s also people selling that. Basically wireshark tells you where your data is going & don’t forget although data may only be read by one computer on a network, chances are it’s sent but not read by every other computer on the network. You need a proper hub on your network to read the packets & don’t forget many so called hubs are in fact low level switches which aren’t suitable for this purpose. Chances are if you get a proper hub it’ll be a secondhand one which you may get quite cheap. Nmap is used to tell you what’s on the network which you should already know if you are a network administrator. Wireshark will only scan one channel but kismet is quite useful it’ll scan 10 channels per second. Finally another thing you might be interested in is cloudshark which is a cloud or online version of wireshark.