Networks Have LayersBrandon Checketts
Who Am I
● My father is a network engineer for a government contractor (I grew up with this stuff)
● Degree on Telecommunications Administration● Background in Linux System Administration● Now mostly work in Software Development● Lead people here at RoundSphere / BookScouter / Seller
Labs
http://193.140.54.45/network/Network-Protocols-Map-Poster.jpg (9Mb)
Layers, According to Who?
● OSI Model● TCP/IP Model● Apple Model
Layers are not always distinctly defined (many protocols span multiple layers)
In modern technology, many protocols tunnel other protocols….it can be a mess.
https://www.youtube.com/watch?v=GZpcwKEIRCI
The OSI Layers
● Application, Presentation, Session, Transport, Network, Data, Physical
● All People Seem To Need Data Processing● People Don’t Need Those Stupid Packets Anyway● Please Do Not Throw Sausage Pizza Away● Please Do Not Teach Students Pointless Acronyms
Local networks, remote networks?● You can talk to hosts on a local network without going through a router● Hosts on a different network, require going through a router.
Hubs, Switches, Routers, oh my!
● Hubs = Layer 1● Switches = Layer 2● Routers = Layer 3● Modern devices claim to handle All 7-Layers
○ (DNS Recursion, HTTP Caching, Load Balancing, VOIP, VPN, etc)
Layer 1 - PhysicalHow the physical device transmits bits over a distance
Deals with electrical signals, optical signals, etc
● 100BASE-TX● 802.11● DSL● RS-232● T-1, OC-3
Layer 2 - Data LinkDefines how “Frames” are defined, transmitted, error-checked over a physical media
Frames to not cross between Local Networks
Protocols deals with congestion, retrying delivery, identifying errors
● Spanning Tree Protocol● Frame Relay● PPP● ATM
Layer 3 - The Network LayerDefines how networks communicate with other networks. Allows a “packet” to get from a host one one network to a host on another network. Deals with unique network-level addresses and routing packets between networks.
● IPv4, IPv6● IPX, X.25● ICMP● Networking Protocols (RIP, OSPF, EIGRP, BGP)
Layer 4 - The Transport LayerResponsible for making sure that packets arrive to destination reliably, and in correct sequence
● TCP / UDP● NetBIOS, SPX● iSCSI● Appletalk
Layer 5 - The Session LayerEstablishes sessions that span over time
● (TCP/IP largely combines this with Layer 4 - Transport)● NetBIOS● PPTP● SSH?
Layer 6 - The Presentation LayerResponsible for delivering and formatting data for the Application layer
Encryption
Data Compression
● SSL / TLS● Gzip● XML, JSON? (probably not)
Layers 7 - The Application LayerMost of the protocols you know and love (and hate?)
● HTTP, SMTP, FTP, IMAP● DHCP, LDAP, ● RTMP, Samba, Appleshare● NFS, DNS,
Why stop at 7?
● Layer 8 - The “User”● Layer 9 - The Organization● Layer 10 - The Government
Wireshark
● PCap, WinPCap are the packet capture programs
● Wireshark is a frontend for PCap● Wireshark is a really nice interface for viewing
captured packet streams● Really good at digging into protocol details
Demo: Capture Simple Ping1. ARP request / response from my computer2. DNS Request / Response from 4.2.2.13. Ping Requests4. Ping Replies
a. (Can dig into any of these packets to see lower-level protocols)
Demo: Capture HTTP Request● Filter just DNS to see hots that the site is using● TCP Syn (#16), Syn-Ack (#22), and Ack (#23)● #34-43 are TCP Packets Re-assembled in #50
○ (1514 bytes each, re-assembled #50 shows size of 15,275 bytes)
● #911 out-of-order TCP Packet● #1183 SSL Certificate Exchange● TCP Window Sizing if fascinating :)
Demo: Capture WPA Key Exchange?Some wireless cards (mostly Windows) don’t support capturing raw packets:
https://wiki.wireshark.org/CaptureSetup/WLAN
Filter for ‘eapol’
Questions?●