The Official Website of Ndubuisi Okeh - Technology

Definitions:

VPN – Virtural Private Network

LAN – Local Area Network

Network nodes

TCP is defined as Transmission Control Protocol. TCP supports the concept of a connection called three way handshake.

NIC – Network Interface Card

IP is defined as Internet Protocol – It's part of TCP/IP: A suite of communications protocol used to connect hosts on the internet.

GBIC – Gigabyte Interface Card

SSL – Secure Socket Layer

IMAP – Internet Message Access Protocol

POP3 – Post Office Protocol 3

DNS - Domain Name System – A phone book of the internet. Translated domain names to setting up host name and IP addresses.

TLS – Transport Layer Security

BGP – Border Gateway Protocol. It's states: Idle, Connect, Active, Operational, Open confirm, Established.

ICMP – Internet Control Message Protocol – Used for error messages.

UDP – User Datagram Protocol – Used for DNS+ NFS and streaming media.

TCP – Tranmission Control – SMTP, FTP, and HTTP: It's built on top of TCP

Network addressing: Network hardware address (Media Access Control), Numeric IP address, and text based hostnames.

DHCP stands for Dynamic Host Configuration Protocol. DHCP works by assigning different IP addresses to a device or a network.

SMTP

SSH – Secure Shell

ping hostname

Iptables – a administration toool for IPv4 packet filtering and NAT. Used to set up, maintain, and inspect tables of IPv4 packet filter rules.

----------

Networking addresses consists of the following: Network hardware address, numeric IP addresses, Media access control, and text based hostnames.

How IP addresses work

IP addresses work as the following:

It goes from your computer, to your home router, to intermediate routers to international cables to the target server.

When a packet drives at a router the router has to decide which step will the packet will go.

Routers use a protocol called BGP to decide where any given packet should go next.

A packet can take a lot of different routes to get to the same destination. You can use traceroute to see what path your packet took.

How does DNS work

DNS is the phone book of the internet, it translates names to ip addesses. The IP address are also called A records.

Sometimes they tell you that a name of a site or a website is an alias or a CNAME record.

Most DNS queries get cached by other DNS servers.

And when an important DNS server dies like a authoritative DNS server, it won't let you got to te site

What is UDP

UDP: user datagram protocol

DNS sends requests using UDP. UDP is a simple protocol. At the same time when you send UDP packets they might arrive out of order or never. Any packet can actually get lost, but UDP won't do anything to help you. Packet sizes are limited, you need to decide how to organize your data into packets manually. VPNs use UDP and streaming video often uses UDP in real time protocols

Ports

A port are part of the TCP and UDP protocols. Thugs tcp 999 and udp 999 are different.

When you send a TCP message, you want to talk to a specific kind of program. We want to have different kinds of programs on the same server. Soe very TCP packet has a port number between 0 and 65535 on it..

Some common ports are

DNS: port 53 HTTP: TCP port 80 HTTPS: TCP port 443 SMTP (mail): TCP port 25

TCP

What is TCP: It is a network protocol that lets people send data reliably. Everytime you look at a webpage you're using TCP. It is a protocol that lets you acknowledge when you revived the data.

Every packet has a sequenc e number which is basically the number of bytes sent so far.

How it works:

Step One A connection

Two: After the connection is acknowledged it will keep track of what got sent successfully. The sending of messages is part of the ACK process.

Three: If more bytes are needed, the process will continue. If some data dos not get acknowledged, the server can retry and hope it works next time.

Four: The connection will be closed after the data is received.

TCP supports the concept of a connection called three way handshake. The three way handshake of TCP: SYN, SYN-ACK, ACK. The client sends TCP packets over IP and sets TCP flag to SYN. Second packet is sent from server to the client. The packet has two TCP flags. SYN and ACK. Third packet goes from client to server only has the ACK bit set.

------------------------------------------------------------

TCP Flags for packets: URG, ACK, PSH, RST, SYN, FIN

TCP/IP is built in Stacks. Network Hardware, data packets, protocols for data exchange. TCP/IP is a most common stack.

Modern networks operate on chunks of data called packets.

TCP/IP is defined as Transmission Control Protocol/Internet Protocol. A suite of communications protocol used to connect hosts on the internet. TCP/IP is built in Stacks. Network Hardware, data packets, protocols for data exchange. TCP/IP is a most common stack.

The OSI model or Open Systems Interconnections model is how the layers of TCP/IP stack is organized. The OSI model is the following

1: Physical - Items that you can touch and fell such as NICs (Network Interface Card) and GBICs (Gigabyte Interface Card)

2: Datalink - Responsible for verifying that you have connectivity

3: Network - Tells you where signals or packets are headed

4: Transport -

5: Session - Makes sure there is a connection what was being sent and what is being received

6: Presentation - Prepares the packet or signal for the use of the application

7: Application

8: Soft Skills

The networking layer of OSI is affected when a ISP is found to be blocking UDP traffic from a souce host.

1-4 are Data Transport Layers, while 5-7 are Application Layers.

The TCP/IP decides these into the following: 1-2 Data Link/wirelink, 3 Internet/Ethernet, 4 Transport, 5-7 as Application/TCP/UDP layer. As TCP/IP is built in stacks.

TCP/IP also has the following:

ICMP: Internet Control Message Protocol - used for error messages seen on the internet such as "404 Not Found" or "403 Forbidden".The messages are categorized as the following:

The HTTP codes are as follows: 1xx informational, 2xx Success, 3xx Redirection, 4xx Client Error, 5xx Server Error

UDP: User Datagram Protocol - used for DNS + NFS and streaming media.

TCP: Tranmission Control Protocol - SMTP, FTP, and HTTP are built on top of TCP

Testing Basic Connectivity:

ping sends a simple ICMP packet to the system you name until you stop with a Control+C key combo. The number of tests can be limited with a -c(#) option.

Example: ping -c 5 speaker

Then a taceroute, which sends a series of 3 test packets to each computer between your system and a specified target system. Example

$traceroute -n 10.1.0.45

Tools of a Network Engineer:

dladm - to administer data links

traceroute - for displaying the route and measuring transit delays of packets across a ip network

snoop - monitor the state of data transfers. Can be used only by the root user

netstat - print network connections, routing, tables, interface stats

ping or usr/sbin/ping- test the ability of source PC to reach a destination computer

dig - domain information grouper: network admin command linetool for querying DNS servers.

Nslookup - used to obtain domain name or IP address mapping or for any other specfic DNS record.

iw config -command for wireless networking interfaces

ipaddr - shows information for all addresses

The network stack consits of the following: Network Hardware, data packets, protocols or data exchange. Modern network soperate on chuncks of fata caled packets.

Others include

Netstat –f inet Ping –s Snoop –v Ifconfig

Related but important

sockets routing drivers

pinging ports via nmap.

Pinging is the security auditors best friend.

Nmap -p 80 hostnamedot.com

-p represents the specific port option, 80 represents the port to inspect and hostnamedot.com is the hostname

IPTables

iptables is a very powerful firewall built into linux. Iptables, ables you with the ability to manage all connection active in and out of each server. Rules are based on chains.

INPUT – Packet destined to local sockets

OUTPUT – Packets being routed through the box

FORWARD – for locally generated packets

You maintain the ability to do the following with packets using iptables:

ACCEPT – A firewall rule that specific criteria for a packet ad target. This one allows the packet to go through.

DROP – drop the packet on the floor

REJECT - reject the packet from the system, return it to sender

iptables lets you create rules to match network packets and accept/drop/modify them.

It's often used for firewalls or to do NAT.

the basic thing about iptables is that tables have chains, chains, have rules

tables

chains

rules

iptables-save: this prints out all iptables rules. You can restore them with iptables -restore. It's also the easiest way to view all rules

-j TARGET: Each iptables rule has a target (what to do with matching packets):

Options are as follows:

ACCEPT/DROP/RETURN

the name of an iptables chain

an extension (man iptables-extensions). Popular ones include DNAT, LOG, MASQUERADE

tables have different chains

filter mangle national

It helps to learn when packets get processed by a given table/ chain leg.

(Eg Filter← OUTPUT = all locally generated backets)

You can match lots of packet attributes

-s: src ip

-d: dst ip

-p: tcp/udp

-i: network interface

-m: lots of things

Note: In Ubuntu, ufw is used as configuration tool for iptables

Ports can be turn on or offed by using sudo ufw enable [port number]

sudo ufw enable or sudo ufw allow 22 or sudo ufw deny 22

you can allow http traffic by sudo ufw allow http ----------------------------------------- tcpdump

tcpdump is a most powerful and widely used command-line packets sniffer or package analyzer tool which is used to capture or filter TCP/IP packets that received or transferred over a network on a specific interface . It basically prints out a description of the contents of pakcets on a network interface that match the boolean expression. It's calso used ot captre network traffic

tcpdump -i eth0 'tcp port 80' – display HTTP communication

tcpdump -i eth0 'not port ssh' – all communication except SSH

-----------------------------------

For a security auditor, a nmap is the secuirty auditors best friend.

Example: nmap -p 80 [hostname]

--------------------------------

Changing a IP Address

For Solaris and Redhat

Solaris

Via the terminal 1.ifconfig 2.ifconfig 3.ifconfig dchp 4.ifconfig subnet 5.ifconfig domain name

Red Hat

Via the GUI: You go to the network connections setting. Select system you're configuring Go to IPv4 settings

You you have to set up the ips address for gateway, domain name, and any subnet. Check connect automatically and available for all users.

Via the terminal 1. ifconfig address 2. ifconfig netmask addr 3. ifcongig gateway addr 4. ifconfig subnet addr

Hosts and networks:

Classes and Octet Range:

A 0 - 126

B 128 - 192.167

C 192.169 - 223

Never put a single 0 in any part of a ip address unless accompanied with a 1- i.e. 10 or 100/1.x.or 1xx

Network types:

Class A xxx.xxx.xx.xx

Class B xxx.xx.x.x

Class C xxx.xxx.x.xxx

The third part of the IP address determines the network location of the IP.

Note: Never disable STP unless you have a legitimate reason to. It's purpose is to prevent broadcast floods and layer 2 loops. Disabling it will cause your network to go down. One possible reason to disable it is because there are no possible loops in your network.