CDPA 網管訓練

1. CDPA 網管訓練 駭客任務2 Ethernet Switching ARP, IP, LAN, Subnet IP Header, Routing ICMP cooldavid@cdpa.nsysu.edu.tw 2006.03.23

2. 今日目標 • 複習&補充 • Ethernet Switching • ARP • 了解 • IP Header • Gateway (Routing) • Subnet • ICMP Echo • 工具 • Nemesis • Tcpdump

3. Ethernet switching • Ethernet HUB

4. Ethernet Switching • Switch A -> C A B 1 2 3 C

5. Ethernet Switching • Switch A B C -> A 1 2 3 C

6. Ethernet Switching • Switch A -> C A B 1 2 3 C

7. ARP 192.168.1.1 192.168.1.2 00:00:00:00:00:01 00:00:00:00:00:02 I want to communicate with 192.168.1.2 Who has 192.168.1.2 tell 192.168.1.1(00:00:00:00:00:01)

8. ARP 192.168.1.1 192.168.1.2 00:00:00:00:00:01 00:00:00:00:00:02 I (00:00:00:00:00:02) have 192.168.1.2 to (00:00:00:00:00:01) 192.168.1.1

9. Let’s try~~ • 2 people a group • Try to use computer A ping computer B. • Use computer C and the other two to listen. • Tool: tcpdump • sudo tcpdump –I eth0 icmp or arp

10. IP Header

11. IP Header

12. IP Header • Version  • IPv4 -> value 4 • Internet Header Length (IHL)  • 4-bit Internet Header Length (IHL) telling the number of 32-bit words in the header. • Value = Header Length (byte) / 4

13. IP Header • Type of Service • In RFC 791, the following 8 bits were allocated to a Type of Service (ToS) field: • bits 0-2: precedence • bit 3: 0 = Normal Delay, 1 = Low Delay • bit 4: 0 = Normal Throughput, 1 = High Throughput • bit 5: 0 = Normal Reliability, 1 = High Reliability • bits 6-7: Reserved for future use

14. IP Header • Total Length • This field defines the entire datagram size, including header and data, in bytes. The minimum-length datagram is 20 bytes (20 bytes header + 0 bytes data) and the maximum is 65,535 — the maximum value of a 16-bit word. • Identification  • Fragments of original datagram.

15. IP Header • Flags (3 bits) • Reserved, must be zero • Don't Fragment (DF) • More Fragments (MF) • Fragment Offset • The offset of data from original datagram. • Time To Live (TTL)  • The maxim hop (router) datagram travels.

16. IP Header • Protocol • TCP • UDP • ICMP • Header Checksum • Source, Destination Address • Options

17. Subnet, netmask, CIDR • CIDR • Classless Inter-Domain Routing • Netmask • The continues bit length from most significant bit to least significant bit. • Used to determine the network id (LAN size).

18. subnet example • IP 140.117.205.1 Mask 255.255.255.0 • IP: 10001100 1110101 11001101 00000001 • MASK: 11111111 11111111 11111111 00000000 • Network ID:1001100 1110101 11001101 00000000 • Host ID: 00000001 • Same Meaning: 140.117.205.1/24 • Same network ID: • LAN • No need router.

19. Router • When do we need router? • Destination IP is not in LAN. • ((Local IP) & (Netmask)) != ((Dst IP) & (Netmask)) • Why do we need router? • Destination host is not in LAN, can’t access it by Layer 2(Datalink Layer, MAC Address). • How do we use router? • Simply use router’s MAC Address as Frame’s Destination MAC Address.

20. Router • How does router work? • Use Destination IP Address to decide where the packet should go.

21. Let’s try it~~~ • Routing table • netstat –rn • Become a router • sudo sysctl net.ipv4.conf.all.forwarding=1 • Add new IP to interface • sudo ifconfig eth0 inet add xxx.xxx.xxx.xxx netmask xxx.xxx.xxx.xxx • Modify the interface IP • sudo ifconfig eth0 inet xxx.xxx.xxx.xxx netmask xxx.xxx.xxx.xxx • Add a default gateway • sudo route add default gw xxx.xxx.xxx.xxx

22. ICMP Echo {request, reply} • Type and Code must be set to 0. • The Identifier and Sequence Number can be used by the client to manage which Echo Requests are associated with the Echo Replies. • The Data received by the Echo Request must be entirely included in the Echo Reply.

23. Final exercise • Use nemesis to send ICMP Echo Request • To LAN • To WAN • Must use following args: • -d –H –M, –S –D, -i -c -s -e • Use tcpdump to listen ICMP Echo Reply. • sudo tcpdump –i eth0 icmp

24. Thanks for listening • Any Question??