ip, dns and mac concepts
TRANSCRIPT
IP, DNS AND MAC CONCEPTS
MOHAMMAD IRSHAAD ABDOOL
B131200052
WWW.IRSHAAD.ME
CONTENTS
Basic Networking
IP
DNS
ARP
Internet
Network attacks
MODEM
ROUTER
SWITCHWIRELESS
ACCESS POINT
TELEPHONE NETWORK TO ISP
DESKTOP PC 1
DESKTOP PC 2
LAPTOP PC 1
MODEM
Data transmitted from local network to ISP on telephone lines
Telephone lines uses analog data
Local network uses digital data
From network to telephone line: Digital to Analog [MODULATION]
From telephone line to network: Analog to Digital [DEMODULATION]
Modem – Modulator DEModulator
ROUTER
Responsible for routing data across network
Forwards data across the network to the intended device
Also used to connect different network lines between them
Keeps a list of devices with their MAC Addresses and assigned IP Addresses
NETWORK SWITCH
Connects wired devices to the network
Reads packets’ headers and forward data packet to the destination client
Usually has Ethernet interfaces
Routers have Ethernet ports to add devices but ports limited
Switches can be up to 32 ports in one device
WIRELESS ACCESS POINT
Allows devices to connect to a network wirelessly
Usually uses Wi-Fi
Can connect multiple-devices at the same time
Can be configured into clients or repeaters
WIRED AND WIRELESS CLIENTS
Wired
Ethernet port
Wireless
Wi-Fi
MAC ADDRESS
Physical address of the Network Interface Card
Unique identifier
Varies from manufacturer to manufacturer, card to card, device to device
Typical format: 01:23:45:67:89:ab / 01-23-45-67-89-ab
Six groups of two hexadecimal digits separated by : or -
TCP/IP - IP ADDRESS
Computers communicate using the TCP/IP protocol
Maintained by Internet Engineering Task Force
TCP/IP provides end-to-end connectivity and defines how data is packetized, addressed, transmitted and received on the network
IP is on the second layer of the TCP/IP layer
IP address – unique number set used to communicate on the network
IPv4 and IPv6
IPV4 V/S IPV6
IPv4
1981
32-bit address - 4,294,967,296
Format: 192.168.10.12
Manually assigned
DHCP assigned
IPv6
1998
128-bit address – 3.4 x 1038
2001:0db8:85a3:0000:0000:8a2e:0370:7334
Created from the subnet identifier and device’s physical identifier (MAC)
OSI MODEL V/S TCP/IP
DYNAMIC HOST CONFIGURATION PROTOCOLFound in application layer of the Internet Protocol Suite (TCP/IP)
Dynamically distributes network configuration parameters to hosts
Reduces manual configuration of individual hosts on network
Network hosts request IP address and configuration from DHCP
Four Phases – DORA
Server Discovery – IP lease offer – IP request – IP lease acknowledgement
ADDRESS RESOLUTION PROTOCOL
Used to resolve network layer addresses to link layer addresses
Conversion needed when transmitting packets
When an Internet Protocol (IP) datagram is sent from one host to another on a local area network, the destination IP address must be resolved to a MAC address for transmission via the data link layer. When another host's IP address is known, and its MAC address is needed, a broadcast packet is sent out on the local network. This packet is known as an ARP request. The destination machine with the IP in the ARP request then responds with an ARP reply, which contains the MAC address for that IP. - Wikipedia
INTERNET
INTERNET – DNS
INTERNET
DNS SERVER
USER
173.194.112.199
173.252.120.6
50.62.71.1
>> www.facebook.com
INTERNET – DNS
INTERNET
DNS SERVER
USER
173.194.112.199
173.252.120.6
50.62.71.1
>> www.facebook.com
NAME ADDRESS
google.com 173.194.112.199
facebook.com 173.252.120.6
irshaad.me 50.62.71.1
INTERNET – DNS
INTERNET
DNS SERVER
USER
173.194.112.199
173.252.120.6
50.62.71.1
>> www.facebook.com
NAME ADDRESS
google.com 173.194.112.199
facebook.com 173.252.120.6
irshaad.me 50.62.71.1>> 173.252.120.6
NETWORK ATTACKS
ARP SPOOFING
ARP SPOOFING – MAN IN THE MIDDLE ATTACK
COMPUTER A – 192.168.1.10
COMPUTER B – 192.168.1.12
ROUTER
HOST MACADDRESS
192.168.1.12
BB:BB:BB:BB:BB
HOST MAC ADDRESS
192.168.1.10
AA:AA:AA:AA:AA
ARP SPOOFING – MAN IN THE MIDDLE ATTACK
COMPUTER A – 192.168.1.10 – AA:AA:AA:AA:AA
COMPUTER B – 192.168.1.12 – BB:BB:BB:BB:BB
ROUTER
HOST MACADDRESS
192.168.1.12
BB:BB:BB:BB:BB
HOST MAC ADDRESS
192.168.1.10
AA:AA:AA:AA:AA
COMPUTER e – 192.168.1.15– ee.ee.ee.ee.ee
HOST MAC ADDRESS
192.168.1.10
AA:AA:AA:AA:AA
192.168.1.12
BB:BB:BB:BB:BB
ARP SPOOFING – MAN IN THE MIDDLE ATTACK
COMPUTER A – 192.168.1.10 – AA:AA:AA:AA:AA
COMPUTER B – 192.168.1.12 – BB:BB:BB:BB:BB
ROUTER
HOST MACADDRESS
192.168.1.12
EE:EE:EE:EE:EE
HOST MAC ADDRESS
192.168.1.10
EE:EE:EE:EE:EE
COMPUTER e – 192.168.1.15– EE:EE:EE:EE:EE
HOST MAC ADDRESS
192.168.1.10
AA:AA:AA:AA:AA
192.168.1.12
BB:BB:BB:BB:BB
ARP SPOOFING – MAN IN THE MIDDLE ATTACK
COMPUTER A – 192.168.1.10 – AA:AA:AA:AA:AA
COMPUTER B – 192.168.1.12 – BB:BB:BB:BB:BB
ROUTER
HOST MACADDRESS
192.168.1.12
EE:EE:EE:EE:EE
HOST MAC ADDRESS
192.168.1.10
EE:EE:EE:EE:EE
COMPUTER e – 192.168.1.15– EE:EE:EE:EE:EE
HOST MAC ADDRESS
192.168.1.10
AA:AA:AA:AA:AA
192.168.1.12
BB:BB:BB:BB:BB
DNS SPOOFING
DNS SPOOFING
INTERNET
DNS SERVER
USER
173.194.112.199
173.252.120.6
202.124.55.12
DNS SPOOFING
INTERNET
DNS SERVER
USER
173.194.112.199
173.252.120.6
202.124.55.12
>> www.facebook.com
NAME ADDRESS
google.com 173.194.112.199
facebook.com 173.252.120.6
irshaad.me 50.62.71.1
DNS SPOOFING
INTERNET
DNS SERVER
USER
173.194.112.199
173.252.120.6
202.124.55.12
>> www.facebook.com
NAME ADDRESS
google.com 173.194.112.199
facebook.com 202.124.55.12
irshaad.me 50.62.71.1
DNS SPOOFING
INTERNET
DNS SERVER
USER
173.194.112.199
173.252.120.6
202.124.55.12
>> www.facebook.com
>> 202.124.55.12
NAME ADDRESS
google.com 173.194.112.199
facebook.com 202.124.55.12
irshaad.me 50.62.71.1
QUESTIONS
1. How does a Web user get to a website. Explain the network part briefly.
The user type the address (e.g www.google.com) in the address bar. The PCconnects to the ISP’s DNS server to do a lookup of the www.google.com’s IP on thenetwork. The browser then connects to the web server at the IP address anddownloads the page from there.
2. What is an MITM? Give an example.
A Man-In-The-Middle attack is one whereby a pirate user intercepts traffic on anetwork using ARP Poisoning. It can then modify the packets as they passthrough. E.g: A PC is connected to a router and browsing the Internet. A rogue PCconnects and fools the network devices so as the PC sends packets to the rogueRC rather than the legit PC and vice-versa. The Rogue PC does same by spoofingits MAC address in the devices hosts lists (Temporary MAC address storage file).
3. What are the basic differences between IPv4 and IPv6.
Address Pool: IPv4 has around 4 x 109 addresses; IPv6 has around 3.4 x 1038
Address creation: IPv4 is DHCP issued (normally); IPv6 is created by the client itself
THANK YOU FOR YOUR ATTENTION
www.irshaad.me