Understanding Protocols

Grasping the Basics of Networking Protocols

Gregory M. Kapfhammer

October 14, 2024

Network Communication Overview

flowchart TB
  subgraph Client
    A(Client) --> B[Send Message]
    F[Receive Response] --> A
  end

  subgraph Server
    C(Server) --> D[Process Request]
    D --> E[Send Response]
    E --> F
  end

  B --> C

  style Client fill:#fff,color:#1c1c1c,stroke:#1c1c1c,stroke-width:2px
  style Server fill:#fff,color:#1c1c1c,stroke:#1c1c1c,stroke-width:2px
  style A fill:#fff,color:#1c1c1c,stroke:#1c1c1c,stroke-width:2px
  style B fill:#fff,color:#1c1c1c,stroke:#1c1c1c,stroke-width:2px
  style C fill:#fff,color:#1c1c1c,stroke:#1c1c1c,stroke-width:2px
  style D fill:#fff,color:#1c1c1c,stroke:#1c1c1c,stroke-width:2px
  style E fill:#fff,color:#1c1c1c,stroke:#1c1c1c,stroke-width:2px
  style F fill:#fff,color:#1c1c1c,stroke:#1c1c1c,stroke-width:2px
  linkStyle 0,1,2,3,4,5 stroke:#1c1c1c,color:#1c1c1c

  • Steps for Client-Server Communication
    • Client locates the server
    • Client sends message to server
    • Server processes the request
    • Server sends response to client
    • Client gets response from server
  • Notes on Client-Server Communication
    • Messages broken into packets
    • Protocols govern communication
    • Support end-to-end encryption

What is a computer networking protocol?

  • Rules that govern how devices communicate
  • Includes rules for the following tasks:
    • Syntax and structure of messages
    • Message semantics
    • Message synchronization
    • Error detection and correction

Wait, how does understanding network protocols connect to computer security?

Know a network protocol and its weakness to discern possible exploits, model the attack surface, and control attack opportunities

Using dig for DNS Resolution

; <<>> DiG 9.18.28 <<>> www.securitysynapse.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49950
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 0b85acf369d8eae70100000067179b5124bf1ddbdb95f41e (good)
;; QUESTION SECTION:
;www.securitysynapse.org.       IN      A

;; ANSWER SECTION:
www.securitysynapse.org. 14400  IN      CNAME   securitysynapse.netlify.app.
securitysynapse.netlify.app. 20 IN      A       44.217.161.11
securitysynapse.netlify.app. 20 IN      A       54.161.234.33

;; Query time: 103 msec
;; SERVER: 192.168.5.20#53(192.168.5.20) (UDP)
;; WHEN: Tue Oct 22 08:32:17 EDT 2024
;; MSG SIZE  rcvd: 153

Networking Overview

  • Network Access Layer
  • Internet Layer Protocols
  • Transport Layer Protocols
  • Application Layer Protocols

Key Questions: Why are networking protocols divided into layers? Which layers are closer to hardware? Closer to people using networks?

Let’s investigate each networking protocol layer starting with Network and ultimately moving to Application!

Address Resolution Protocol (ARP)

  • Resolves IP addresses to MAC addresses
  • Operates at the data link layer
  • Uses ARP cache to store mappings
  • ARP request and ARP reply messages

Key Questions

  • What is an example of an IP address?
  • What is an example of a MAC address?
  • How are these addresses similar to and different from each other?

Wireless Networking

  • Uses radio waves to provide network connectivity
  • Operates on IEEE 802.11 standards
  • Common frequencies: 2.4 GHz and 5 GHz
  • Security protocols: WEP, WPA, WPA2, WPA3

Key Questions

  • What are the trade-offs between different frequencies?
  • Which security protocol is the most secure? Why?
  • What are the benefits and downsides of wireless networking?

Ethernet

  • Wired networking technology
  • Uses MAC addresses for communication
  • Common standards: 10BASE-T, 100BASE-TX, 1000BASE-T
  • Full-duplex and half-duplex modes

Key Questions

  • What are the benefits and downsides of wired networking?
  • How does this approach compare to wireless networking?
  • How do the different duplex modes affect network performance?

Wireless Output from ifconfig

wlp1s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.0.130.101  netmask 255.255.192.0  broadcast 10.0.191.255
        inet6 fe80::2b19:5ed6:ef18:51ed  prefixlen 64  scopeid 0x20<link>
        ether a8:3b:76:ba:ac:e9  txqueuelen 1000  (Ethernet)
        RX packets 5598  bytes 343800 (335.7 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 39  bytes 3733 (3.6 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

Key Questions

  • What is the name of this wireless interface?
  • What is the IP address of this wireless interface?
  • What is the MAC address of this wireless interface?
  • How much data has this interface sent and received?

Ethernet Output from ifconfig

enp103s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.10.1.173  netmask 255.255.255.0  broadcast 10.10.1.255
        inet6 fe80::2469:6a20:94e2:494a  prefixlen 64  scopeid 0x20<link>
        ether 64:4b:f0:12:6f:d6  txqueuelen 1000  (Ethernet)
        RX packets 65541  bytes 42671869 (40.6 MiB)
        RX errors 0  dropped 33  overruns 0  frame 0
        TX packets 35552  bytes 14487279 (13.8 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        device memory 0x60300000-6037ffff

Key Questions

  • What is the name of this wired interface?
  • What is the IP address of this wired interface?
  • What is the MAC address of this wired interface?
  • How much data has this interface sent and received?

Internet Protocol (IP)

  • IP Addressing: Unique identifiers for devices on a network
  • Routing: Path data packets take to reach destination
  • IPv4 and IPv6: Two different versions of IP
  • Packet Structure: Consists of a routing header and payload

Key Questions

  • What is the primary difference between IPv4 and IPv6?
  • How does IP routing determine the best path for data packets?
  • What information is contained in the header of an IP packet?

Internet Control Message Protocol

  • Error Reporting: Error messages and operational details
  • Types of Messages: Echo Request/Reply (ping), Destination Unreachable, Time Exceeded all aid in network diagnostics
  • Integral to IP: Gives IP insights about network issues

Key Questions

  • What is the primary purpose of ICMP?
  • How does ICMP help in network diagnostics?
  • Why do some sites block ICMP traffic?

Using ICMP with ping

❯ ping www.google.com
PING www.google.com (142.250.80.100) 56(84) bytes of data.
64 bytes from lga34s36-in-f4.1e100.net (142.250.80.100): icmp_seq=1 ttl=58 time=14.6 ms
64 bytes from lga34s36-in-f4.1e100.net (142.250.80.100): icmp_seq=2 ttl=58 time=14.8 ms
64 bytes from lga34s36-in-f4.1e100.net (142.250.80.100): icmp_seq=3 ttl=58 time=19.5 ms
64 bytes from lga34s36-in-f4.1e100.net (142.250.80.100): icmp_seq=4 ttl=58 time=17.6 ms
64 bytes from lga34s36-in-f4.1e100.net (142.250.80.100): icmp_seq=5 ttl=58 time=16.7 ms
64 bytes from lga34s36-in-f4.1e100.net (142.250.80.100): icmp_seq=6 ttl=58 time=14.6 ms
64 bytes from lga34s36-in-f4.1e100.net (142.250.80.100): icmp_seq=7 ttl=58 time=16.0 ms

--- www.google.com ping statistics ---
7 packets transmitted, 7 received, 0% packet loss, time 6011ms
rtt min/avg/max/mdev = 14.641/16.258/19.470/1.680 ms
  • What is the meaning of ttl and time?
  • What does ping report about packet transmission?
  • Will all servers response to ping requests?

Network Address Translation (NAT)

  • IP Address Conservation: Share a single public IP address
  • Types: Static NAT, Dynamic NAT, Port Address Translation
  • Benefits: Hides internal IP addresses from external networks
  • Use Cases: Home routers, enterprise networks, and VPNs

Key Questions

  • How does NAT contribute to IP address conservation?
  • What are the different types of NAT and their use cases?
  • How does NAT enhance network security?

IP Security (IPSec)

  • Encryption: Secures data with encryption
  • Authentication: Verifies data integrity and origin
  • Benefits: Confidentiality, integrity, and authenticity
  • Use Cases: VPNs, secure communications over IP networks

Key Questions

  • How does IPSec provide encryption?
  • What are common use cases for IPSec?
  • How does IPSec ensure data integrity and origin authentication?

Transmission Control Protocol (TCP)

  • Reliable Communication
    • Three-way handshake
    • Data integrity checks
    • Flow control
  • Packet Management
    • Breaks data into packets
    • Ensures packet delivery
  • Connection-Oriented
    • Higher latency
    • Ensures reliability
  • Security Implications
    • Intercept or manipulate
    • DoS or MitM attacks
    • Evolving TCP stacks

What are the benefits and drawbacks of TCP for networking?

User Datagram Protocol (UDP)

  • Unreliable Communication
    • No handshake
    • No data integrity checks
    • No flow control
  • Packet Management
    • Sends data as packets
    • No guarantee of delivery
  • Connectionless Protocol
    • Lower latency
    • No order or reliability
  • Security Implications
    • Easier to spoof
    • Packet loss potential
    • Ordering attacks

Can you compare and contrast UDP and TCP? Benefits? Trade-offs?

Application Layer Protocols

  • Application-specific protocols build on the previous layers
  • Supports communication for applications and services
  • Common examples include HTTP, FTP, SMTP, and DNS
  • DHCP
    • Dynamic Host Configuration Protocol
    • Assigns IP addresses
    • Automates network configuration
  • SSL/TLS
    • Secure Sockets Layer / Transport Layer Security
    • Encrypts data in transit
    • Ensures secure communication

Common Ports for Services

Protocol Port Description
SSH 22 Secure Shell
HTTP 80 Hypertext Transfer Protocol
HTTPS 443 Hypertext Transfer Protocol Secure
FTP 21 File Transfer Protocol
SMTP 25 Simple Mail Transfer Protocol
DNS 53 Domain Name System
POP3 110 Post Office Protocol 3
IMAP 143 Internet Message Access Protocol
Telnet 23 Unencrypted text communications
NTP 123 Network Time Protocol

Using nmap for Port Scanning

Starting Nmap 7.94 ( https://nmap.org ) at 2024-10-23 21:17 EDT
Nmap scan report for 192.168.0.132

Host is up (0.017s latency).
Not shown: 92 filtered tcp ports (no-response), 7 filtered tcp ports (admin-prohibited)

PORT   STATE SERVICE
22/tcp open  ssh
MAC Address: DC:A6:32:C7:04:28 (Raspberry Pi Trading)

Nmap done: 1 IP address (1 host up) scanned in 2.20 seconds
  • Scans the host at the IP address 192.168.0.132
  • Detects open ports and services on the host
  • Detects the MAC address of the specified server
  • Shows that ssh is currently open on port 22

Wrapping Up on Network Protocols

Key Concepts

Studied Protocols

  • TCP/IP
  • UDP
  • IPSec and SSL/TLS

Key Concepts

  • Protocol layers
  • Client-server communication
  • Secure data transmission

Best Practices

Implementation

  • Understand protocol roles
  • Ensure secure configurations
  • Regularly update protocols

Exploration

  • Compare with other protocols
  • Study protocol interactions
  • Consider next generation

Security Synapse