tcpip.html

黑客培训教程

<pre>
<P>    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</P>
<P>    |       Ethernet destination address (first 32 bits)             |</P>
<P>    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</P>
<P>    | Ethernet dest (last 16 bits)  |Ethernet source (first 16 bits) |</P>
<P>    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</P>
<P>    |       Ethernet source address (last 32 bits)                   |</P>
<P>    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</P>
<P>    |        Type code                                               |</P>
<P>    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</P>
<P>    |  IP header, then TCP header, then your data                    |</P>
<P>    |                                                                |</P>
<P>    |                                                                |</P>
<P>    | &#9;&#9;&#9;&#9;&#9;&#9;&#9;                                   |</P>
<P>    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</P>
<P>    |                       Ethernet Checksum                        |</P>
<P>    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+</P>
</pre>
<P>Address Resolution Protocol or ARP</P>

<P>Data before being transmitted across the Internet or across a local network is broken down into smaller Packets which are suitable for transfer over the net. These packets have the Source and Destination IP's but for the transfer to take place the suitable Hardware Addresses or the MAC addresses must also be known. That is where ARP comes in.</P>

<P>To get the Hardware MAC addresses, ARP or Address Resolution Protocol sends a request message. The Router replies with the Hardware Address. It is similar to the DNS and it too has a cache. This cache can be a bit vulnerable as a Hacker could forge a connection from a remote machine claiming to be one of the cached locations. So we can conclude that ARP translates IP's into Ethernet Addresses. One thing to remember about ARP is that it only translates outgoing packets.</P>

<P>There is also something called the RARP which is an abbreviation for Reverse Address Resolution   Protocol, which like the name says does exactly reverse of what ARP does.</P>

<P>There is simply no algorithm to get the Ethernet Address from the IP Address. To carry out such translations, each computer has a file which has a table with rows for each computer and two columns for their corresponding IP address and Ethernet Address. The File is somewhat like the following-:</P>

<P>                                      Internet Protocol Address                         Ethernet Address</P>
<P>Computer Name              xxx.xy.yy.yx                                           08-00-39-00-2F-C3</P>

<P>Say there are a system in a Network (A) and an unidentified system (B) contacts it. Now A only knows the IP address of B. Now A will first try to identify whether B is the same network so that it can directly communicate via Ethernet. So it will first check the IP to MAC address translation table which it has. If it finds the IP in the table then well and good and A will establish a connection with B via Ethernet. </P>

<P>On the Other hand if A does not find any match for the specific IP, it will send out a request in the form of a 'Broadcast'. All computers within the Network will receive this broadcast and will search their own IP to MAC translation table and will reply with the necessary MAC address. A basic difference between an Ip address and MAC address is that an IP is the form xxx.xxx.xxx.xxx and a MAC address is in the form </P>
<P>xx:xx:xx:xx:xx:xx and one is 32 bit while the other is 40 bit.</P>

<P>Read RFC 826 for further in depth details about the ARP protocol.</P>

<P>Application Layer</P>

<P>Till now  you  have learnt  how data is broken down into smaller chunks, and transferred to the destination, where the chunks are rearranged. But there is yet another aspect to a successful data transfer process, which we have not discussed yet: The Application Protocols and the Application Layer itself. A host which receives datagrams has many applications or services (daemons) running which are ready to establish a TCP connection and accept a message. Datagrams travelling on the Internet must know which application they have to establish connection with, which application they have to send the message to. A typical web server will have the FTP daemon, the HTTP daemon, the POP daemon, and the SMTP daemon running.</P>
<P>Wouldn't the datagrams get confused as to which daemon to send the message to.</P>

<P>For the datagrams to know which computer to send the message to, we have IP addresses. The datagram knows what daemon or application to send the message to by the Port Number attached to the IP address of the Destination. A TCP address is actually fully described by 4 numbers; The IP address of the Source and Destination and the TCP Port Numbers of each end to which data is to be sent. These numbers are found in the TCP Header.</P>

<P>To make it simpler to understand I have included an excerpt from the Net Tools Chapter:</P>

<P>What is all the hype about socket programming? What exactly are sockets? </P>

<P>TCP\IP or Transmission Control Protocol\ Internet Protocol is the language or the protocol used by computers to communicate with each other over the Internet. Say a computer whose IP address is 99.99.99.99 wants to communicate with another machine whose IP address is 98.98.98.98 then would will happen? </P>

<P>The machine whose IP is 99.99.99.99 sends a packet addressed to another machine whose IP is</P>
<P>98.98.98.98. When 98.98.98.98 receives the packet then it verifies that it got the message by sending a</P>
<P>signal back to 99.99.99.99.But say the person who is using 99.99.99.99 wants to have simultaneously  more</P>
<P>than one connections to 98.98.98.98.....then what will happen? Say 99.99.99.99 wants to connect to </P>
<P>the FTP daemon and download a file by FTP and at the same time it wants to connect to 98.98.98.98's </P>
<P>website i.e. The HTTP daemon. Then 98.98.98.98. will have 2 connects with 99.99.99.99 simultaneously. Now how can 98.98.98.98.distinguish between the two connections...how does 98.98.98.98. know which </P>
<P>is for the FTP daemon and which for the HTTP daemon? If there was no way to distinguish between the </P>
<P>two connections then they would both get mixed up and there would be a lot of chaos with the message </P>
<P>meant for the HTTP daemon going to the FTP daemon. To avoid such confusion we have ports. At each </P>
<P>port a particular service or daemon is running by default. So now that the 99.99.99.99 computers knows </P>
<P>which port to connect to, to download a FTP file and which port to connect to, to download the web page, </P>
<P>it will communicate with the 98.98.98.98 machine using what is known as the socket pair which is a</P>
<P>combination of an IP address and a Port. So in the above case the message which is meant for the FTP daemon  will be addressed to 98.98.98.98 : 21 (Notice the colon and the default FTP port suceeding it.). </P>
<P>So that the receiving machine i.e. 98.98.98.98 will know for which service this message is meant for and to </P>
<P>which port it should be directed to.</P>

<P>In TCP\IP or over the Internet all communication is done using the Socket pair i.e. the combination of the IP address and the port.</P>

<P>*****************</P>
<P>HACKING TRUTH: Learn More about Ports, IP addresses and Sockets by reading the Net Tools Chapter.</P>
<P>*****************</P>
<P>The Application Layers basically consists of the Applications running on your computer and the Applications running on the host to which you are connected. Say you are viewing the Hotmail Site, then the application layer comprises of the Web Browser running on your computer and the HTTP daemon running at Hotmail's server and the Application Protocol being used to communicate is HyperText Transfer Protocol. </P>

<P>As soon as a TCP connection is established the Applications running on Each end decide the language or protocol to be used to communicate and send datagrams.</P>

<P>Coming Soon: IP Spoofing , DNS, DNS Spoofing, Dos Utilities in Technical terms, Port Scanning in     </P>
<P>                        TCP\IP terms.</P>

<P>Ankit Fadia</P>
<P></FONT><A HREF="mailto:Ankit@bol.net.in"><FONT SIZE=2>ankit@bol.net.in</FONT></A></P>
<FONT SIZE=2>
<P>To get everything you ever dreamt of written by Ankit Fadia </P>
<P>Join his mailing list by sending an email to:</P>
<P>programmingforhackers-subscribe@egroups.com</P>

<P>&nbsp;</P>
<P>&nbsp;</P></FONT></BODY>
</HTML>