ITE 384 test 2

ICMP Error Types

ICMP Error Types

Type 0, type 3, type 8

Type 8

Echo request

Type 0

Echo reply

Type 3

Datagram couldn't get to where it needed to go

ICMP Encapsulation

ip-icmp-ip

takes the original IP header and 8 bytes of data from the original packet. then tacks on an ICMP datagram with the error code for that packet, then attaches a new IP header to send it back

What are the two things that ICMP does?

Queries, error reporting

Why do you not want to allow echo request and echo reply externally?

Allows intruder to probe your network ;)

ARP

Process for requesting physical address based on IP address

What does ARP do?

Takes IP address from layer 3 (source), does a broadcast to request MAC address of destination

TCP Datagram Flags (control field)

URG-Urgent- Sends message ahead in queue (to the middle)
ACK-Acknowledge- I acknowledge the data that you are sending to me
PSH-Push- sends message ahead in queue (to the front)
RST-Reset- Resets the connection
SYN-Synchronize- Synchronizes the sequence numbers
FIN-Finish- terminates the connection

How the TCP Window size works.

dynamically allocated. buffers data based on the sequence and acknowledgement number for validation and reassembly "multiplier field"

Sequence number for TCP datagram

part of segmentation. shows the order of a segment in a series of segments

Acknowledgement number

defines the byte number that the receiver of the segment is expecting to receive from the other party

HLEN

Header length field. "tells you the header length. is a multiplier field"
It can be between 20 and 60 bytes. Header length will always be between 5-15 (it's multiplied by 4)

Reserved field

6 bit field reserved for future use

Control field (flags)

6 different control bits (flags)

Windows Size

Defines the window size of the sending TCP in bytes. "multiplier field"

Urgent pointer

Only valid when URG flag is set. Defines value that must be added to sequence number to obtain the number of the last urgent byte in the data section of the segment

Options field

contains the window size multiplier

ARP tables

a series of corresponding physical and logical addresses

ARP poisoning

ARP spoofing is a type of attack in which a malicious actor sends falsified ARP (Address Resolution Protocol) messages over a local area network. This results in the linking of an attacker's MAC address with the IP address of a legitimate computer or server on the network. "You spoof it"

Port 80

Web protocol

Port 22

SSH

How can the server understand multiple connections at once

spawns new ports if the machines have the same IP. if they have different IPs, that is their unique identifier. If a server's port becomes exhausted, it will assign the communication a new IP. "spawns new connections AT THE SERVER LEVEL"

SA

Sync Acknowledgement Flag. Service is running on the port

RA

Reset Acknowledgement Flag. Service is not running on the port

RARP

Reverse ARP. Finds IP based on MAC address

What is the purpose of the three-way handshake?

Ensures reliability, start of segmentation

How can ICMP Type 8 and Type 0 be used to test network connectivity?

Type 8 (echo request) is sent to a client machine. If type 0 (echo reply) is sent back from said client, there is a connection. However, this is not a reliable method of testing connectivity, as the client router may be blocking ICMP for security purposes