Computer Networking Basics

Introduction

  • The presenter aims to explain computer networking basics, including protocol layers like Ethernet and TCP/IP, which can initially be confusing.

  • The OSI layer model is introduced as an abstract concept, and the explanation will bridge the gap to practical aspects like sockets, bits, and bytes.

Illustrative Example: Sending a Text Message

  • Computer A and Computer B want to exchange a text message.

  • The simplest way for humans is to hand over a physical piece of paper, which corresponds to the physical layer in computer networking.

  • Computers use electricity to send 0s and 1s over a wire or radio waves, following a specific protocol for the sender and receiver to understand the message.

Addressing and the IP Layer

  • The internet involves many computers, requiring a way to address and find them.

  • The IP layer uses IP addresses as identifiers for sender and receiver.

  • A switch (akin to a postal service) is used to help find the correct computer using the IP address.

  • The sender (e.g., 192.168.178.2) needs to know the recipient's IP address (e.g., 192.168.178.3).

  • An IP header containing source and destination IPs is attached to the data before sending.

Data Transmission Through the Switch

  • The packet (IP header + data) is transmitted as 0s and 1s to a switch.

  • The switch's physical layer receives the packet and passes it to the IP layer.

  • The switch checks the destination IP address and forwards the packet to the appropriate port.

  • Note: In reality, Ethernet frames and MAC addresses are used at this stage, but this detail is simplified for the explanation.

  • The target computer's physical layer reassembles the packet and hands it to the IP layer.

  • The IP layer verifies that the destination IP matches its own and extracts the data.

TCP Layer and Ports

  • Since multiple programs run on each computer, a mechanism is needed to direct the data to the correct program.

  • The TCP layer includes port numbers to specify which program should receive the data.

  • The TCP protocol also manages error correction and ensures data delivery, but the focus is on the port number for this explanation.

  • A port number references a specific program (e.g., a web server running on port 80).

Sending Data to a Specific Program (Web Server)

  • A TCP header is created, containing the source port (sender's program number) and the destination port (e.g., 80 for the web server).

  • The text data is attached to this TCP header.

  • The TCP packet is then handed to the IP layer, which adds an IP header with source and destination IPs.

  • The complete packet is sent through the physical layer to the switch and then to the target computer.

  • The target computer's IP layer identifies that the packet is for itself and passes the TCP packet to the TCP layer.

  • The TCP layer identifies the destination port (80) and forwards the data to the web server process.

Layering Benefits

  • The layered approach is beneficial as it compartmentalizes different functions, allowing for isolated development and thinking.

  • Each layer solves a specific problem: physical transmission, addressing, program identification.

  • Stacking protocols allows developers to focus on specific layers without needing to understand the entire stack.

  • The complexity is abstracted away, allowing developers to treat lower layers as "black boxes".

Black Box Thinking

  • Developers can focus on sending data to a specific IP address and port, treating the underlying layers as a black box that magically delivers the data.

  • This black box thinking applies to every layer, where each layer only focuses on its specific task without needing to understand the layers above or below.

  • The OSI layer model depicts this, with each layer performing a well-defined task and communicating directly with its peer on the other side.

Reality: Sockets and System Calls

  • Operating systems and software libraries implement the black box abstraction.

  • Creating a TCP socket (e.g., in Python or C on Linux) allows developers to send data without handling lower-level details.

  • System calls (kernel functions) are used to instruct the operating system to manage the network stack.

  • Within the Linux kernel, functions handle building TCP headers and passing packets to the IP layer and network device.

  • These layers are essentially functions implemented by the kernel or software libraries.

Netcat and Wireshark

  • Netcat is a utility that simplifies sending data over a network by calling the necessary kernel functions.

  • Wireshark provides insight into the actual network packets, showing TCP headers, IP headers, and the raw bytes being transmitted.

  • Wireshark helps visualize the layers and headers in a practical context.

Layering in Other Contexts: Phone Call Example

  • The concept of layering is present in everyday life, such as making a phone call.

  • Voice is converted to electrical signals, transmitted over wires, and converted back to voice at the recipient's end.

  • The complex chain is abstracted away, allowing users to think of it as a direct connection.

Advice: Accept Black Boxes, but Never Be Satisfied

  • Accept black boxes to improve efficiency and focus on specific problems.

  • However, as a hacker, it's important to understand what's inside the black boxes and how the layers interact.

  • Protocol layers are not truly isolated; they are interconnected functions passing data back and forth.

HTTP Request Smuggling Example

  • HTTP request smuggling vulnerabilities arise from the interplay between HTTP and TCP.

  • Understanding the relationship between TCP and HTTP is crucial to understand this vulnerability.

  • Request smuggling involves how servers use TCP for multiple HTTP requests and responses.