cdpa 網管訓練
DESCRIPTION
CDPA 網管訓練. 駭客任務 2 Ethernet Switching ARP, IP, LAN, Subnet IP Header, Routing ICMP. [email protected] 2006.03.23. 今日目標. 複習 & 補充 Ethernet Switching ARP 了解 IP Header Gateway (Routing) Subnet ICMP Echo 工具 Nemesis Tcpdump. Ethernet switching. Ethernet HUB. - PowerPoint PPT PresentationTRANSCRIPT
CDPA CDPA 網管訓練網管訓練
駭客任務駭客任務 22Ethernet SwitchingEthernet Switching
ARP, IP, LAN, SubnetARP, IP, LAN, SubnetIP Header, RoutingIP Header, Routing
ICMPICMP
[email protected] 2006.03.23
今日目標今日目標複習複習 &&補充補充 Ethernet SwitchingEthernet Switching ARPARP
了解了解 IP HeaderIP Header Gateway (Routing)Gateway (Routing) SubnetSubnet ICMP EchoICMP Echo
工具工具 NemesisNemesis TcpdumpTcpdump
Ethernet switchingEthernet switching
Ethernet HUBEthernet HUB
Ethernet SwitchingEthernet Switching
SwitchSwitch
1 2 3
A
B
C
11
22
33 A -> C
Ethernet SwitchingEthernet Switching
SwitchSwitch
1 2 3
A
B
C
11 AA
22
33 CC
C -> A
Ethernet SwitchingEthernet Switching
SwitchSwitch
1 2 3
A
B
C
11 AA
22
33 CC A -> C
ARPARP
00:00:00:00:00:01 00:00:00:00:00:02
192.168.1.1 192.168.1.2
I want to communicate
with 192.168.1.2
Who has 192.168.1.2 tell192.168.1.1(00:00:00:00:00:01)
ARPARP
00:00:00:00:00:01 00:00:00:00:00:02
192.168.1.1 192.168.1.2
I (00:00:00:00:00:02)have 192.168.1.2 to
(00:00:00:00:00:01) 192.168.1.1
Let’s try~~Let’s try~~
2 people a group2 people a group Try to use computer A ping computer B.Try to use computer A ping computer B. Use computer C and the other two to listen.Use computer C and the other two to listen.
Tool: tcpdumpTool: tcpdump sudo tcpdump –I eth0 icmp or arpsudo tcpdump –I eth0 icmp or arp
IP HeaderIP Header
IP HeaderIP Header
IP HeaderIP Header
Version Version IPv4 -> value 4IPv4 -> value 4
Internet Header Length (IHL) Internet Header Length (IHL) 4-bit Internet Header Length (IHL) telling the 4-bit Internet Header Length (IHL) telling the
number of 32-bit words in the header.number of 32-bit words in the header. Value = Header Length (byte) / 4Value = Header Length (byte) / 4
IP HeaderIP Header
Type of ServiceType of Service In In RFC 791RFC 791, the following 8 bits were allocate, the following 8 bits were allocate
d to a Type of Service (ToS) field:d to a Type of Service (ToS) field:bits 0-2: precedence bits 0-2: precedence
bit 3: 0 = Normal Delay, 1 = Low Delay bit 3: 0 = Normal Delay, 1 = Low Delay
bit 4: 0 = Normal Throughput, 1 = High Throughput bit 4: 0 = Normal Throughput, 1 = High Throughput
bit 5: 0 = Normal Reliability, 1 = High Reliability bit 5: 0 = Normal Reliability, 1 = High Reliability
bits 6-7: Reserved for future use bits 6-7: Reserved for future use
IP HeaderIP Header
Total LengthTotal Length This field defines the entire datagram size, This field defines the entire datagram size,
including header and data, in bytes. The including header and data, in bytes. The minimum-length datagram is 20 bytes (20 minimum-length datagram is 20 bytes (20 bytes header + 0 bytes data) and the bytes header + 0 bytes data) and the maximum is 65,535 — the maximum value of maximum is 65,535 — the maximum value of a 16-bit word.a 16-bit word.
Identification Identification Fragments of original datagram.Fragments of original datagram.
IP HeaderIP Header
Flags (3 bits)Flags (3 bits) Reserved, must be zero Reserved, must be zero Don't Fragment (DF) Don't Fragment (DF) More Fragments (MF) More Fragments (MF)
Fragment OffsetFragment Offset The offset of data from original datagram.The offset of data from original datagram.
Time To Live (TTL) Time To Live (TTL) The maxim hop (router) datagram travels.The maxim hop (router) datagram travels.
IP HeaderIP Header
ProtocolProtocol TCPTCP UDPUDP ICMPICMP
Header ChecksumHeader Checksum
Source, Destination AddressSource, Destination Address
OptionsOptions
Subnet, netmask, CIDRSubnet, netmask, CIDR
CIDRCIDR Classless Inter-Domain RoutingClassless Inter-Domain Routing
NetmaskNetmask The continues bit length from most significant The continues bit length from most significant
bit to least significant bit.bit to least significant bit. Used to determine the network id (LAN size).Used to determine the network id (LAN size).
subnet examplesubnet example
IP 140.117.205.1 Mask 255.255.255.0IP 140.117.205.1 Mask 255.255.255.0 IP: IP: 10001100 1110101 11001101 0000000110001100 1110101 11001101 00000001
MASK: MASK: 11111111 11111111 11111111 0000000011111111 11111111 11111111 00000000 Network ID:1001100 1110101 11001101 00000000Network ID:1001100 1110101 11001101 00000000 Host ID: 00000001Host ID: 00000001
Same Meaning: 140.117.205.1/24Same Meaning: 140.117.205.1/24
Same network ID:Same network ID: LANLAN No need router.No need router.
RouterRouter
When do we need router?When do we need router? Destination IP is not in LAN.Destination IP is not in LAN.
((Local IP) & (Netmask)) != ((Dst IP) & (Netmask))((Local IP) & (Netmask)) != ((Dst IP) & (Netmask))
Why do we need router?Why do we need router? Destination host is not in LAN, can’t access it by LayeDestination host is not in LAN, can’t access it by Laye
r 2(Datalink Layer, MAC Address).r 2(Datalink Layer, MAC Address).
How do we use router?How do we use router? Simply use router’s MAC Address as Frame’s DestinaSimply use router’s MAC Address as Frame’s Destina
tion MAC Address.tion MAC Address.
RouterRouterHow does router work?How does router work? Use Destination IP Address to decide where the Use Destination IP Address to decide where the
packet should go.packet should go.
Let’s try it~~~Let’s try it~~~Routing tableRouting table netstat –rnnetstat –rn
Become a routerBecome a router sudo sysctl net.ipv4.conf.all.forwarding=1sudo sysctl net.ipv4.conf.all.forwarding=1
Add new IP to interfaceAdd new IP to interface sudo ifconfig eth0 inet add xxx.xxx.xxx.xxx netmask xsudo ifconfig eth0 inet add xxx.xxx.xxx.xxx netmask x
xx.xxx.xxx.xxxxx.xxx.xxx.xxx
Modify the interface IPModify the interface IP sudo ifconfig eth0 inet xxx.xxx.xxx.xxx netmask xxx.xxsudo ifconfig eth0 inet xxx.xxx.xxx.xxx netmask xxx.xx
x.xxx.xxxx.xxx.xxx
Add a default gatewayAdd a default gateway sudo route add default gw xxx.xxx.xxx.xxxsudo route add default gw xxx.xxx.xxx.xxx
ICMP Echo {request, reply}ICMP Echo {request, reply}
Type and Code must be set to 0. Type and Code must be set to 0. The Identifier and Sequence Number can be used The Identifier and Sequence Number can be used by the client to manage which Echo Requests are aby the client to manage which Echo Requests are associated with the Echo Replies. ssociated with the Echo Replies. The Data received by the Echo Request must be eThe Data received by the Echo Request must be entirely included in the Echo Reply. ntirely included in the Echo Reply.
Final exerciseFinal exercise
Use nemesis to send ICMP Echo RequestUse nemesis to send ICMP Echo Request To LANTo LAN To WANTo WAN Must use following args:Must use following args:
-d –H –M, –S –D, -i -c -s -e-d –H –M, –S –D, -i -c -s -e
Use tcpdump to listen ICMP Echo Reply.Use tcpdump to listen ICMP Echo Reply. sudo tcpdump –i eth0 icmpsudo tcpdump –i eth0 icmp
Thanks for listeningThanks for listening
Any Question??Any Question??