Introduction to Networking

Introduction

Networking Overview

• Network - enables two computers to communicate with each other

• /24 - allows computers to talk to each other as long as the first three octets

• /25 - divides this range in half

• Work From Home setup:

• Networking - delivery of mail or packages sent by one computer and received by the other

• Uniform Resource Locator (URL)/Fully Qualified Domain Name (FQDN) - website address which we enter into our browser

  • URL - (https://www.hackthebox.eu/example?floor=2&office=dev&employee=17)

  • FQDN - (www.hackthebox.eu)

Networking Structure

Network Types

• Wide Area Network (WAN) - address that is generally accessed by the internet. Also, a large number of LANs joined together. It uses BGP.

• Local Area Network (LAN)/Wireless Local Area Network (WLAN) - typically assigned IP addresses for local use.

• Virtual Private Network (VPN)

  • Site-To-Site VPN - share entire network ranges. Use to join network over the internet as same as local.

  • Remote Access VPN - creating a virtual interface that behaves as if it is on a client's network

  • SSL VPN - Typically these will stream applications or entire desktop sessions to your web browser

Networking Topologies

• Network Topology - is a typical arrangement and physical and logical connection of devices in a network

• Transmission Medium Layout - used to connect devices in the physical topology of the network e.g. for glass fiber media, this is cabling plan

• Physical Topology - placement of nodes, how they connect using physical cables

• Logical Topology - how signals act on the network media or how the data will be transmitted from one device to another

• 3 Areas of network topology

  • Connections

  Wired Connections

  Wireless Connections

  Coaxial cabling

  Wi-Fi

  Glass fiber cabling

  Cellular

  Twisted-pair cabling

  Satellite

  • Nodes - Network Interface Controller (NICs) - are the transmission medium's connection points to transmitters and receivers of electrical, optical, or radio signals in the medium.

    • Repeaters

    • Hubs

    • Bridges

    • Switches

    • Router/Modem

    • Gateways

    • Firewalls

  • Classifications

    • Point-To-Point Topology - simplest topology of device. Direct and straightforward physical link exists between two host

    

    • Bus Topology - all hosts are connected in transmission medium. There is no central network component that control and process it, using coaxial cable

    

    • Star Topology - maintains a connection to all hosts. Each host is connected to a central network component via a separate link. And the central component will handle the forwarding function to pass the data to the destination

    

    • Ring Topology - is such that each host or node is connected to the ring with two cables. 1 for incoming and 1 for outgoing. Typically, the transmission medium is accessed sequentially from station to station using a retrieval system from the central station or a token. A token is a bit pattern that continually passes through a ring network in one direction, which works according to the claim token process

    

    • Mesh Topology - have no fixed topology.

      • Fully Meshed - This means that the hosts are meshed with each other. used by WAN and MAN for reliability.

      • Partially Meshed - the endpoints are connected by only one connection.

    

    • Tree Topology - is an extended star topology that more extensive local networks have in this structure.

    

    • Hybrid Topology - combination of two or more topologies that are interconnected

    

    • Daisy Chain Topology - multiple hosts are connected by placing a cable from one node to another. Used by CAN

    

Proxies

• Proxy - when a device or service sits in the middle of a connection and acts as a mediator. It is on the Layer 7 of OSI model

• Mediator - critical piece of information it means that the device sits in the middle and must be able to inspect the content of the traffic

• Proxy Types

  • Dedicated Proxy/Forward Proxy - is when a client makes a request to a computer, and that computer carries out the request. Filtering the outgoing requests. e.g. BurpSuite

  

  • Reverse Proxy - reverse of Forward Proxy. Filtering incoming response. The most common goal with a Reverse Proxy, is to listen on an address and forward it to a closed-off network. e.g. ModSecurity, WAF

  

  • (Non-) Transparent Proxy -

    • Transparent Proxy - the client doesn't know about its existence. Intercepts the client's communication requests to the Internet and acts as a substitute instance.

    • Non-transparent Proxy - we must be informed about its existence.

Networking Workflow

Networking Models

• Communications has two networking model (ISO model and TCP/IP model)

• OSI (Open Systems interconnect) Model - reference that can be describe and define as the communication between systems

• TCP/IP (Transmission Control Protocol/Internet Protocol) Model - responsible for switching and transport of data packets on the internet

• PDU (Protocol Data Unit) - In a layered system, devices in a layer exchange data in a different format

OSI Model

• The goal in defining the ISO/OSI standard was to create a reference model that enables the communication of different technical systems via various devices and technologies and provides compatibility

TCP/IP Model

• IP is located in network layer or layer 3

• IP is located in transport layer or layer 4

Addressing

Network Layer

• Network Layer/Layer 3 - controls exchange of data packets

• Layer 3 responsible for these functions:

  • Logical Addressing

  • Routing

• Protocols - represent a collection of rules for communication in the respective layer

  • IPv4/IPv6

  • IPsec

  • ICMP

  • IGMP

  • RIP

  • OSPF

IPv4 Addresses

• Addressing network is done via IPv4/IPv6 address

• IPv4/IPv6 - is the unique postal address and district of the receiver building

• MAC - exact floor and apartment of receiver

• IPv4 - consists of 32-bit binary number combined into 4 bytes consisting 8-bit groups (octets) ranging from 0-255

• Subnetting - separation of classes into small network

• Subnet Mask - describes but positions which IP address act as network part or host part

• Default Gateway - name of router in IPv4 addresses, common to the default gateway name the first or last assignable to IPv4 address

• Broadcast Address - connect all devices to in a network with each other

• Broadcast - message in a network transmitted to all participants, last IPv4 address is used for that

• Binary system - system that uses only 1 and 0

• Example IP address: 192.168.10.39

• 1st Octet Value: 192

• 2nd Octet Value: 168

• 3rd Octet Value: 10

• 4th Octet Value: 39

• IPv4 Binary Notation - 192.168.10.39

• IPv4 - Decimal to Binary of Class C

• Subnet Mask

• Classless Inter-Domain Routing (CIDR) - is a method of representation and replaces the fixed assignment between IPv4 address and network classes (A, B, C, D, E)

• CIDR suffix - division is based on subnet mask

• IPv4: 192.168.10.39

• Subnet Mask: 255.255.255.0

• CIDR: 192.168.10.39/24

Subnetting

• Subnetting - division of an address range in IPv4 addresses into smaller address range

• Subnet - logical statement of a network that uses IP addresses with same network addresses

• Example:

  • IPv4 Address: 192.168.12.160

  • Subnet Mask: 255.255.255.192

  • CIDR: 192.168.12.160/26

• Network Part (All yellow)

• Host Part (All yellow)

• Network Address - vital for delivery of packet

• Subnet Mask - determine where separation occurs

• Separation of Network and Host Parts:

• Under 4th Octet 10| is the part of network address, make host part all 0's -> 10 | 00 0000, so the network address wil be 192.168.12.128

• Under 4th Octet |10 0000 is the part of host address, make host part all 1's -> 10 | 11 1111, so the broadcast address wil be 192.168.12.191

• Subnet in to smaller networks use this -> 2^n = value

• Example:

  • Subnet: 192.168.12.128/26

  • Required subnets: 4

• To get the 2 bits, 2^2 = 4, n = 2

• Increase the CIDR to 2 bits /26 + 2 = /28 (changes all in yellow)

• 64 divide 4 subnets = 64 / 4 = 16 host range

SHORTCUT ON SUBNETTING

• Get the CIDR value of given IPv4 Address and get the remainder when dividing by 8 (modulo)

• Subtract 8 to 3

• Raise 2 to the difference of CIDR value and 3

• The value you get minus 1

• Add this to the given IPv4 address and that is the range

• If the problem has subnets, divide the range to given subnets

Example:

• IPv4 address: 10.200.20.0/27

• Subnet: 4

Steps:

• /27 is the CIDR value, get the remainder = 27 % 8 = 3

• Subtract 8 to 3 (ALWAYS 8-n, IT IS FIXED) = 8 - 3 = 5

• Raise 2 to 5 (ALWAYS 2^n, IT IS FIXED) = 2 ^ 5 = 32

• Subtract the value to 1 (ALWAYS n-1, IT IS FIXED) = 32 - 1 = 31

• Add the host value to base IPv4 address = 10.200.20.0 = 0 + 31 = 31 = 10.200.20.0 to 10.200.20.31

If the given has subnet (OPTIONAL):

• To get the subnets, divide 32 (IN THE STEP 3), to given subnet 4 = 32 / 4 = 8

• Subtract the value to 1 (ALWAYS n-1, IT IS FIXED) = 8 - 1 = 7

• Add the host address 10.200.20.0 to 7 = 0 + 7 = 7 = 10.200.20.0 to 10.200.20.7 (FIRST SUBNET)

• Add the host address 10.200.20.8 to 7 = 8 + 7 = 15 = 10.200.20.8 to 10.200.20.15 (SECOND SUBNET)

• Add the host address 10.200.20.16 to 7 = 16 + 7 = 23 = 10.200.20.16 to 10.200.20.23 (THIRD SUBNET)

• Add the host address 10.200.20.24 to 7 = 24 + 7 = 31 = 10.200.20.24 to 10.200.20.31 (FOURTH SUBNET)

To visualize:

• Range IPv4 Address: 10.200.20.0 to 10.200.20.31

• Subnets: 4

Questions:

1. Submit the decimal representation of the subnet mask from the following CIDR: 10.200.20.0/27

2. Submit the broadcast address of the following CIDR: 10.200.20.0/27

3. Split the network 10.200.20.0/27 into 4 subnets and submit the network address of the 3rd subnet as the answer.

4. Split the network 10.200.20.0/27 into 4 subnets and submit the broadcast address of the 2nd subnet as the answer.

MAC Addresses

• Media Access Control (MAC) address - physical address for our network interfaces

• Several different standards of MAC:

  • Ethernet (IEEE 802.3)

  • Bluetooth (IEEE 802.15)

  • WLAN (IEEE 802.11)

• Example of MAC address:

  • DE:AD:BE:EF:13:37

  • DE-AD-BE-EF-13-37

  • DEAD.BEEF.1337

• MAC address consist of total of 6 bytes

• Organization Unique Identifier (OUI) (Yellow) - first half of the address (3 bytes/24 bits)

• Individual Address Part or Network Interface Controller (NIC) (Red) - last half, assigned by manufacturers

• Address Resolution Protocol (ARP) - is used in IPv4 to determine the MAC addresses associated with the IP addresses

• Reserved MAC addresses called Local Range:

  • 02:00:00:00:00:00

  • 06:00:00:00:00:00

  • 0A:00:00:00:00:00

  • 0E:00:00:00:00:00

• MAC Unicast - last 2 bits in the first octet signifies if the address is Unicast (0) or Multicast (1) (Yellow), packet sent will reach only 1 specific host, last bit in 1st octet is 0

• MAC Multicast - packet is sent only once to all hosts, last bit in 1st octet is 1 (Yellow)

• MAC Broadcast - data packets is sent to all members of a network, All 1 (Yellow)

• Global OUI - second to last bit of first octet is 0

• Locally Administered - second to last bit of first octet is 1

• Address Resolution Protocol (ARP) - is a network protocol used to resolve network layer (layer 3) IP address to link layer (layer 2) MAC address to facilitate LAN

• ARP Resolution - device with matching IP address responds with its own MAC address, and then the 2 devices can communicate directly using their MAC address

• ARP Request - request is broadcast to all devices in a LAN and it contains the IP address of the destination

• ARP Reply - when device receives ARP request, it sends an ARP Reply to the requesting device with its MAC address

• ARP Spoofing - used to intercept or manipulate traffic on the network, secure using firewall or IDS, attack in which we send falsified ARP messages to LAN (Pretend like a legitimate address), can be done using Ettercap or Cain & Abel

IPv6 Addresses

• IPv6 - successor of IPv4, 128 bit long

• prefix - identifies the host and network parts

• Internet Assigned Numbers Authority (IANA) - responsible for IPv4 and IPv6 addresses

• Dual Stack - IPv4 and IPv6 can be made available simultaneously

• Advantages of IPv6:

  • Larger Address Space

  • Address self-configuration (SLAAC)

  • Multiple IPv6 addresses per interface

  • Faster Routing

  • End-to-end encryption (IPsec)

  • Data packages up to 4 GByte

• 4 different types of IPv6

  • Unicast - addresses for single interface

  • Anycast - addresses for multiple interface, one of them receives the packet

  • Multicast - addresses for multiple interface, all receives same packet

  • Broadcast - do not exist and realized with multicast addresses

• Hexadecimal System (hex) - make the binary more readable, 16 (0-F)

• IPv4 parts

  • Network Prefix (network part) - identifies the network, range and subnet

  • Interface Identifier/Suffix (host part) - formed from 48-bit MAC address, default prefix length is /64

Protocols & Terminology

Networking Key Terminology