tryhackme: Packets & Frames: TCP/IP

-

Transfer Control Protocol (TCP) is a connection-oriented protocol requiring a TCP three-way-handshake to establish a connection. TCP provides reliable data transfer, flow control and congestion control. Higher-level protocols such as HTTP, POP3, IMAP and SMTP use TCP

----------------------------------------------------------------------------------------------------------------------------

The TCP/IP protocol consists of four layers and is arguably just a summarized version of the OSI model. These layers are:


- Application

- Transport

- Internet

- Network Interface


Information is added to each layer of the TCP model as the piece of data  traverses it (encapsulation / decapsulation)


TCP must establish a connection between both a client and a device acting as a server before data is sent.


This process is named the Three-way handshake.

----------------------------------------------------------------------------------------------------------------------------


TCP packets contain various sections of information known as headers that are added from encapsulation.


some of the crucial headers:


1. Source Port.


This value is the port opened by the sender to send the TCP packet from. 


This value is chosen randomly (ports: 0-65535 that are not already in use at the time)


2. Destination Port. 


This value is the port number that an application or service is running on the remote host ( aka the one that is receiving the data )


for example: a webserver running on port 80. Unlike the source port, this value is not chosen randomly.


3. Source IP.


This is the IP address of the device that is sending the packet. 


4. Destination IP.


This is the IP address of the device that the packet is destined for. 


5. Sequence Number. 


When a connection occurs, the first piece of data transmitted is given a random number.


6. Acknowledgement Number. 


After a piece of data has been given a sequence number, the number for the next piece of data will have the sequence number +1.


7. Checksum.


This value is what gives TCP integrity. A mathematical calculation is made where the output is remembered. When the receiving device performs the mathematical calculation, the data must be corrupt if the output is different from what was sent.


8. Data. 


This header is where the data at. 

i.e. bytes of a file that is being transmitted, is stored.


9. Flag.


This header determines how the packet should be handled by either device during the handshake process.


Flags will determine specific behavior's.


----------------------------------------------------------------------------------------------------------------------------

Three-way handshake:


This process used to establish a connection between two devices. The three-way handshake communicates using a few special messages: 


1. SYN.


A SYN message is the initial packet sent by a client during the handshake. 


This packet used to initiate a connection and synchronize the two devices together. 


2. SYN/ACK.


This packet is sent by the receiving device ( could be a server ) to acknowledge the synchronization attempt from the client.


3. ACK.


The acknowledgement packet can be used by either the client or server to acknowledge that a series of messages/packets have been successfully received. 


4. DATA.


Once a connection has been established, data ( such as bytes of a file ) is sent via the "DATA" message.


5. FIN


This packet is used to cleanly (Properly ) close the connection after it has been complete.


6.  RST


This packet abruptly ends all communication.


This is the last resort and indicates there was some problem during the process. 


For example: if the service or application is not working correctly, or the system has faults such as low resources.

----------------------------------------------------------------------------------------------------------------------------

ISN: Initial Number Sequence

Any sent data is given a random number sequence and is reconstructed using this number sequence incremented by 1.

----------------------------------------------------------------------------------------------------------------------------

- Three-way handshake connection:


device 1 SYN ================>      device 2 

device 1 <============= SYN/ACK     device 2

device 1 ACK =================>     device 2


- TCP closing a connection:


* TCP will close a connection once a device has determined that the other device has successfully received all of the data. *


* Since TCP reserves system resources on a device, it is best practice to close TCP connections as soon as possible. *


* To initiate the closure of a TCP connection the device will send a "FIN" packet to the other device. The other device will have to acknowledge the packet. 

device 1 FIN =================>     device 2 

device 1 <================= ACK     device 2

device 1 <================= FIN     device 2

device 1 ACK =================>     device 2


Thanks for reading! 👨‍💻

Roger

Comments

Post a Comment

Popular posts from this blog

Common Network Commands: Ping

-
Ping Command Overview The `ping` command is a fundamental utility used in network diagnostics. It checks the reachability of a host on an Internet Protocol (IP) network and measures the round-trip time for messages sent from the originating host to a destination computer. The command uses the Internet Control Message Protocol (ICMP) to send echo request packets and listens for echo replies. Origin and Development The `ping` command was developed in 1983 by Mike Muuss as a diagnostic tool for the ARPANET. Since then, it has become a standard utility available on most operating systems, including Linux, Windows, and macOS, making it an essential tool for network administrators and users. Basic Functionality The `ping` command serves several functions: - Tests connectivity to a specified host. - Measures the time taken for packets to travel to the destination and back. - Provides statistics about packet loss and round-trip time. Key Command Syntax 1. Basic Syntax:    ```    ping [options]
Read more

Common Network Commands: Route

-
Route Command Overview The route command is a part of the older net-tools package used in Linux systems for viewing and manipulating the IP routing table. It provides information about how packets are routed through the network and allows for the addition, deletion, and modification of routes. Origin and Development Historically, the route command has been a primary tool for managing network routing in Linux. However, it has largely been replaced by the ip command from the iproute2 package, which offers more advanced features and capabilities. Despite this, route is still commonly used in many Linux distributions for its simplicity and familiarity. Basic Functionality The route command serves several functions: - Displays the current routing table entries. - Shows destination networks, gateways, and associated interfaces. - Allows for the addition, deletion, and modification of routes. Key Command Syntax 1. Display Routing Table:    ```    route -n    ```    The -n option prevents DNS
Read more

John The Ripper

-
John the Ripper  Is one of the most well known, well-loved and versatile hash cracking tools out there. It combines a fast cracking speed, with an extraordinary range of compatible hash types. This room will assume no previous knowledge, so we must first cover some basic terms and concepts before we move into practical hash cracking. A hash is a way of taking a piece of data of any length and  representing it in another form that is a fixed length. This masks the original value of the data. This is done by running the original data through a hashing algorithm. There are many popular hashing algorithms, such as MD4,MD5, SHA1 and NTLM. Lets try and show this with an example: If we take "polo", a string of 4 characters- and run it through an MD5 hashing algorithm, we end up with an output of: b53759f3ce692de7aff1b5779d3964da a standard 32 character MD5 hash. Likewise, if we take "polomints", a string of 9 characters- and run it through the same MD5 hashing algorithm, w
Read more