Skilling Up

Networking

In the OSI model, each layer is modular and connected to the layer above and below it, so each layer needs to be secure.

To ensure standardization across every computer, each layer of the OSI model uses protocols(these define a fixed method on communicating).

When computers communicate, they do so by sending packets across the internet. Packets can be thought of as self contained units that contain information being sent by computers(among other things). The network layer uses the Internet Protocol(IP) to ensure that packets reach the correct destination. These packets use the source and destination IPs to ensure that they reach the correct destination.

Getting packets from one destination to another is important, but we have a lot of different things to think about:

• Reliability - how do we ensure that a packet reliably gets to its destination

• Congestion Control/Flow Control - In the event of too much traffic, how do we ensure that no data is lost or jumbled up

• Connection - how do we keep track of data coming and going from computers

• Multiplexing - applications on computers run on ports(ports are assigned numbers from 0-65535). This is necessary since many applications can run and communicate over the internet at the same time.

The transport layer mostly comprises of 2 protocols: TCP and UDP.

TCP is a connection oriented, reliable transmission protocol. It has the following features:

• Reliable - when transferring data across the internet, packets may be dropped due to lost connection. TCP uses acknowledgement to ensure that data is re-transmitted even if it is dropped

• Connection Oriented - depending on what data is being sent, the ordering is quite important. TCP uses sequence numbers to keep track of the order in which data is being sent.

• Flow/Congestion Control - TCP uses mechanisms to ensure that there’s no congestion when data is being transmitted. Sending too much or too little data can cause reliability issues:

  • Too much data can lead to packet loss which triggers constant re-transmission of data(this is quite inefficient)

  • Too little data would mean that less data is sent(which is also quite inefficient)

This is what a TCP packet looks like. It contains the following data:

• 1st row:

  • source/destination ports(16 bit)- port number to send/receive data

• 2nd row:

  • Sequence number(32 bit) - to keep track of the order of data

• 3rd row:

  • Acknowledgement Number(32 bit) - to keep track of what data has been received

• 4th row:

  • Data offset: Specifies the size of the header so the computer knows what position to start reading off to obtain data

  • Flags: these can be thought of as options for how the protocol works:

    • ACK - indicates that the packet contains an acknowledgement

    • RST - reset the connection

    • SYN - start a connection

    • FIN - end a connection

• 5th row:

  • Checksum - a value that is checked by the receiver to ensure that the header is not corrupted

• 6th row:

  • Data sent by the application

When a computer wants to send data using TCP, it needs to start a connection. It does this using what is called a 3 way handshake:

[1] The initiating connection(client) first sends a SYN packet with an initial packet number

[2] The receiving end(server) sends a packet with the SYN and ACK flags set where the acknowledgement number of this packet is the sequence number of the packet sent by the client. The server sets its own sequence number

[3] The client receives this packet and sends a new packet with the ACK flag set and the acknowledgement number set as the initial sequence number sent by the server

After the 3rd packet, the client and server begin transferring data.TCP also has a handshake to tear down a connection but this isn’t relevant for now.

The UDP protocol is a connection-less, stateless protocol. Unlike TCP, it doesn’t focus on reliability or creating a connection. This is useful in scenarios where the loss of data is tolerated e.g. streaming video and audio.

This is the format of a UDP packet:

• The first row contains a source address to indicate the source

• The second row contains a destination address to indicate the destination

• The third row:

  • The length contains the length of the UDP header and data

• The fourth row contains source and destination ports

• The 5th row contains:

  • Length of the data

  • Checksum used to check for errors

• The 6th row contains the data transmitted

To solve these challenges, a full scan with a timer of 4 on all ports was used : nmap -A -p- -T4 <ip>.

We can tell that since there aren't any windows specific ports open that this is a linux OS machine.