🎯

Introduction of Ethical Hacking

Fundamentals of Computer Networks/IP protocol stack
Communications between computers on a network is done through protocol suits.
The most widely used and most widely available protocol suite is TCP/IP protocol
suite.
A protocol suit consists of a layered architecture where each layer depicts some
functionality which can be carried out by a protocol.
Each layer usually has more than one protocol options to carry out the responsibility
that the layer adheres to. TCP/IP is normally considered to be a 4 layer system. The
4 layers are as follows:

1. Application layer

This is the top layer of TCP/IP protocol suite. This layer includes
applications or processes that use transport layer protocols to deliver the
data to destination computers.

At each layer there are certain protocol options to carry out the task
designated to that particular layer. So, application layer also has various
protocols that applications use to communicate with the second layer, the
transport layer. Some of the popular application layer protocols are :

HTTP (Hypertext transfer protocol)

FTP (File transfer protocol)

SMTP (Simple mail transfer protocol)

SNMP (Simple network management protocol) etc

2. Transport layer

This layer provides backbone to data flow between two hosts. This layer
receives data from the application layer above it.

Introduction of Ethical Hacking 1

 There are many protocols that work at this layer but the two most commonly
used protocols at transport layer are TCP and UDP.
TCP:

1. It divides the data(coming from the application layer) into proper sized
chunks and then passes these chunks onto the network.

2. It acknowledges received packets, waits for the acknowledgments of the

packets it sent and sets timeout to resend the packets if
acknowledgements are not received in time.

3. The term ‘reliable connection’ is used where it is not desired to loose

any information that is being transferred over the network through this
connection. So, the protocol used for this type of connection must
provide the mechanism to achieve this desired characteristic.

4. For example, while downloading a file, it is not desired to loose any

information(bytes) as it may lead to corruption of downloaded content.

UDP:

1. UDP provides a comparatively simpler but unreliable service by sending

packets from one host to another.

2. UDP does not take any extra measures to ensure that the data sent is
received by the target host or not.

3. The term ‘unreliable connection’ are used where loss of some

information does not hamper the task being fulfilled through this
connection.

4. For example while streaming a video, loss of few bytes of information

due to some reason is acceptable as this does not harm the user
experience much.

3. Network layer

This layer is also known as Internet layer. The main purpose of this layer is
to organize or handle the movement of data on network.

By movement of data, we generally mean routing of data over the network.

The main protocol used at this layer is IP. While ICMP(used by popular ‘ping’

Introduction of Ethical Hacking 2

 command) and IGMP are also used at this layer.

4. Data link layer

This layer is also known as network interface layer.

This layer normally consists of device drivers in the OS and the network
interface card attached to the system.

Both the device drivers and the network interface card take care of the
communication details with the media being used to transfer the data over
the network.

In most of the cases, this media is in the form of cables. Some of the famous
protocols that are used at this layer include ARP(Address resolution
protocol), PPP(Point to point protocol) etc.

Introduction of Ethical Hacking 3

 IP and Routing

The Internet protocol stack provides a connection oriented reliable branch

(TCP) and an connectionless unreliable branch (UDP) both build on top of the
Internet Protocol.

The Internet Protocol layer in the TCP/IP protocol stack is the first layer that
introduces the virtual network abstraction that is the basic principle of the
Internet model.

All physical implementation details (ideally even though this is not quite true)
are hidden below the IP layer.

Introduction of Ethical Hacking 4

 The IP layer provides an unreliable, connectionless delivery system. The
reason why it is unreliable stem from the fact the protocol does not provide any
functionality for error recovering for datagrams that are either duplicated, lost or
arrive to the remote host in another order than they are send. If no such errors
occur in the physical layer, the IP protocol guarantees that the transmission is
terminated successfully.

The basic unit of data exchange in the IP layer is the Internet Datagram. The
format of an IP datagram and a short description of the most important fields
are included below:

LEN

The number of 32 bit-segments in the IP header. Without any OPTIONS,

this value is 5

TYPE OF SERVICE

Each IP datagram can be given a precedence value ranging from 0-7

showing the importance of the datagram. This is to allow out-of-band data
to be routed faster than normal data.

TYPE OF SERVICE

This field allows a classification of the datagram in order to specify is the

service desired requires short delay time, high reliability or high throughput.

IDENT, FLAGS, and FRAGMENT OFFSET

Introduction of Ethical Hacking 5

 These fields are used to describe fragmentation of a datagram. The actual
length of an IP datagram is in principle independent of the length of the
physical frames being transferred on the network, referred to as the
network's Maximum Transfer Unit (MTU).

TIME

This is the remaining Time To Live (TTL) for a datagram when it travels on

the Internet. The Routing Information Protocol (RIP) specifies that at most
15 hops are allowed.

SOURCE IP-ADDRESS and DESTINATION IP-ADDRESS

Both the source and destination address is indicated in the datagram

header so that the recipient can send an answer back to the transmitting
host. However, note that only the host address is specified - not the port
number. This is because the IP protocol is an IMP-to-IMP protocol - it
is not an end-to-end protocol.

A layer more is needed to actually specify which two processes on the

transmitting host and the final destination that should receive the
datagrams.

Steps of Ethical Hacking

Steps of Ethical Hacking

1. Reconnaissance

Introduction of Ethical Hacking 6

 Reconnaissance is a set of processes and techniques ( Footprinting,
Scanning & Enumeration) used to covertly discover and collect information
about a target system.

There are two types of reconnaissance named active and passive.

In active reconnaissance you will directly interact with the computer

system to gain information. This information can be relevant and
accurate. But there is a risk of getting detected if you are planning
active reconnaissance without permission. If you are detected, then
system admin can take severe action against you and trail your
subsequent activities.

In passive reconnaissance you will not be directly connected to a

computer system. This process is used to gather essential information
without ever interacting with the target systems.

2. Scanning

It involves taking the information discovered during reconnaissance and

using it to examine the network. Tools that a hacker may employ during the
scanning phase can include port scanners, network mappers, and
vulnerability scanners.

Hackers are seeking any information that can help them perpetrate attack
such as computer names, IP addresses, and user accounts.

3. Gaining Access

After scanning, the hacker designs the blueprint of the network of the target
with the help of data collected during Phase 1 and Phase 2.

This is the phase where the real hacking takes place. Vulnerabilities
discovered during the reconnaissance and scanning phase are now
exploited to gain access.

The method of connection the hacker uses for an exploit can be a local
area network (LAN, either wired or wireless), local access to a PC, the
Internet, or offline. Examples include stack based buffer overflows, denial of
service (DoS), and session hijacking. These topics will be discussed in later
chapters.

Introduction of Ethical Hacking 7

 Gaining access is known in the hacker world as owning the system.

4. Maintaining Access

Once a hacker has gained access, they want to keep that access for future
exploitation and attacks. Sometimes, hackers harden the system from other
hackers or security personnel by securing their exclusive access with
backdoors, rootkits, and Trojans.

Once the hacker owns the system, they can use it as a base to launch
additional attacks. In this case, the owned system is sometimes referred to
as a zombie system.

5. Covering Attacks

Once hackers have been able to gain and maintain access, they cover their
tracks to avoid detection by security personnel, to continue to use the
owned system, to remove evidence of hacking, or to avoid legal action.

Hackers try to remove all traces of the attack, such as log files or intrusion
detection system (IDS) alarms.

Examples of activities during this phase of the attack include

steganography, the use of tunneling protocols, and altering log files.

Introduction of Ethical Hacking 8