Good morning readers,today I am going to explain a bit of basic theoretical information on Network Infrastructure to later be able to understand the operation of the different Hacking Techniques when applying them in our testing laboratory or anywhere out .
First of all I want to clarify that I am going to divide the post into several parts because I think it will have better attention by covering the concepts from the introduction of the network infrastructure to the different Hacking Techniques that will be found throughout the deliveries, I think that we will all learn better .
let's start ......
TCP / IP Network Protocol
The TCP / IP architecture was developed as the basis of the ARPANET
military communications from the US government), and with the expansion of the
INTERNET has become one of the most
widespread network architectures .
Just as the OSI reference model has seven levels or layers,
the TCP / IP architecture is defined by 4 levels :
4) The application level .
3) The service provider protocol Transport, TCP or UDP
2) The level of interred Network, IP, and
1) The subnet level link and physical
Let us remember that both the OSI model and the TCP / IP model are counted from top to bottom from highest to lowest.
Following this rule the OSI model would look like this:
2) Data link
Internet Protocol (IP)
The IP protocol is the main one of the OSI model, as well as an integral part of TCP / IP.
The main tasks of the IP are the addressing of thedatagrams of
information and managing the process of fragmenting the
The datagram is the transfer unit that the IP uses, sometimes
identified in more specific form as Internet datagram or IP datagram
Some characteristics that can be found in this protocol UDP (User Datagram Protocol) unlike TCP (Transmission Control Protocol)
The delivery of the datagram to IP is not guaranteed because it can be
delay, incorrectly route or mutilate by splitting and reassembling the fragments of the message.
TCP / IP uses a 32-bit address to identify a machine and the
network to which it is connected. Only the Network Information Center (NIC) assigns the
IP (or Internet) addresses, although if a network is not connected to the Internet, that
network can determine its own numbering system.
Currently there are four formats of which it is used depending on the size of the network. Although a fifth format (Class E) has already been thought for future use.
CLASS A = comprises a range from 0.1.0.0 to 184.108.40.206, we are talking about large networks with many machines (allows to have up to 1.6 million hosts)
CLASS B = the range of addresses varies from 220.127.116.11 to 18.104.22.168 , here we are talking about networks with intermediate size (16320 networks with 65024 host in each)
CLASS C = The addresses of this class are between 22.214.171.124 and 126.96.36.199 (allowing about 2 million networks with 254 hosts each)
CLASS D = This class is reserved for what we call multicast network or "broadcast", this means that information is sent for example from a gateway or gateway to all hosts within the network passing through all nodes and not node to node. Its range is from 188.8.131.52 to 184.108.40.206
We will understand it better with the following image.
if we use the broadcast of the network to send information, the receiving hosts can not decide whether to receive it or not.
CLASS E (future use) = the class E addresses (although their use
will be future) comprise the range from 240.0.0.0 to 247.255.255.255
Then .. as seen previously we know that the IP addressesare four sets of 8 bits , with a total of 32 bits , these bits - for convenience - are separated by a point so if we speak of formats in IP addresses we have for example:
Class A = local.local.local red
class C = red.red.red.local
From an IP address , a network can determine if the data will be sent
through a gate (GTW, ROUTER).
Obviously, if the network address is the same as the current address (routing to a
local network device , called direct host), the gate will be avoided; but all other
network addresses will be routed to agateway to exit the local network.
The gateway that receives the data to be transmitted to another network will then have to determine the routing based on the IP address of the data and an internal table containing the routing information.
To better explain our inner manolo we will use the following image.
Another advantage of IP addressing is the use of
broadcast addresses , which refer to all hosts
on the same network.
According to the standard, any local address (hostid)composed all for 1s
is reserved for broadcast . For example, an address containing
32 1s (ones) is considered a broadcast message to all networks and all devices.
Let's look at some practical examples to understand it better, consider the following information.
IP: 220.127.116.11 Binary: 11001100.00001000.00000000.10101010
Mask: 255.255.224.0 Binary: 11111111.11111111.11100000.00000000
As seen previously, to find the address of SubRED (SubNet)
we take the IP and considering that everything you have1s in the mask stays
as it is in the IP, and everything that has 0s (zeros) in the mask is set to 0 in the IP.
Then , the address of SubRed is:
IP: 204.8.0. 0 Binary: 11001100.00001000.00000000. 00000000
Let's see another more detailed example D
IP: 18.104.22.168 Binary: 00001001.01000011.00100110.00000000
Mask: 255.255.255.192 Binary: 11111111.11111111.11111111.11 000000
In the direction of the netmask, the last 6 bits have been set to 0 . These bits
are the ones that define the machines of the SubRed (2 ^ 6 = 64). Of these 64 machines
we remove the last of them (it will be for the Broadcast ).
Then we have:
22.214.171.124 SubNet Address
126.96.36.199 (1st machine of the SubRed)
188.8.131.52 (2nd machine of the SubRed)
184.108.40.206 (last machine of the SubRed )
IP addresses can be used to refer to networks as well as to
individual hosts. As a rule, an address that has all the bits of
the hostID field to 0 is reserved to refer to the network itself.
A significant advantage of the IP addressing scheme is that it includes a broadcast address (BROADCAST) that refers to all hosts on the network.
According to the standard, any hostID field consisting only of 1s is reserved for broadcast (BROADCAST) .
This allows a remote system to send a single packet that will be published on the entire network specified !!!
Knowing this we could do a "Smurf Attack"
wait for the second part.........