📄 osmod1.02.htm
字号:
<-- ACK(SYN) <BR>3)
ACK -->
<P>YES, there's a connection established!
<P>4) FIN -->
<BR>5)
<-- ACK(FIN) <BR>6)
RST -->
<P>Now the connection is closed and the data-transfer(s) are terminated.
<P>Computer
A
Computer B
<BR>==========
==========
<P>1) SYN -->
<BR>2)
<-- RST <BR>3)
ACK -->
<P>Shit... "Computer B" didn't want to be connected to "Computer A!" (maybe
Computer B is running a firewall)
<P>There are a few ways to exploit the TCP protocol: SYN-floods, teardrop,
Smurf-attacks, sequence-number attacks & etc. For more information check
http://neworder.box.sk/ and http://packetstorm.securify.com/
<P>All right, IP is the abbreviation of Internet Protocol. Look at the example
above, if "Computer A" sends a packet to "Computer B" the IP's of both computers
are mentioned in the IP-header of the packet, the destination IP (of computer B)
and the source IP (of computer A). The routers between the two hosts look in the
IP-header and masquerade the packets to the next segment. If an error occurs
while a packet is travelling over the (inter)network, for example the
destination host is unreachable, ICMP (Internet Control Message Protocol) is
used to send an error message so the error could be corrected (and the packet(s)
could be retransmitted). The programs 'ping' and traceroute use ICMP messages to
detect the status of hosts in other segments.
<P>Currently IP_v4 is standard, but in the future IP_v6, also called IP_ng (next
generation), will be used. IP_v4 is based on 32-bits addressing, while IP_v6
supports(!) 128-bits addressing. That's a huge difference, so there're many more
IP-addresses available when using IP_v6. The IP_v6 header is a simplification of
the IP_v4 header, but it's possible to 'update' IP_v6 (so new features could be
added).
<P>* Other important protocols <BR>===========================
<P>I've discussed a well known Internet Protocol and Transmission Control
Protocol. Let's have a look at a few other protocols (NOTE: they're not all in
the TCP/IP-suite):
<P>* UDP, User Datagram Protocol, is in contrast to TCP connectionless. This
means a packet travels over the network and reaches the other computer without a
connection being established. On its way to the destination the packet could
lose because there isn't a direct connection between the two hosts, so UDP is
unreliable. UDP is much faster than TCP because there isn't a direct connection.
<P>* FTP (File Transfer Protocol), you probably already know about this one...
It is used to upload and download files. Security is handled by requiring the
user to specify a user name and password at the daemon (sometimes anonymous
login is allowed), but you can use <BR>a packetsniffer to obtain the usernames
and passwords. A FTP daemon listens standard at 21/TCP and data travels at
20/TCP.
<P>* HTTP, HyperText Transfer Protocol. HTTP is used to view web pages, in the
past a protocol named gopher was used. Gopher can't be used to show nice
graphics, only text. So HTTP was developed and it's used by almost everybody. A
HTTP daemon listens standard at 80/TCP.
<P>* SMTP, Simple Mail Transfer Protocol is used to send electronic mail
(E-mail). Read the sendmail-tutorial at http://blacksun.box.sk/ and you will
learn a lot more about this protocol, a SMTP daemon (e.g. Sendmail) listens
standard at 25/TCP.
<P>* POP, Post Office Protocol. Nowadays POP3 is the most favourite
standard. POP is used to receive and read e-mail from a web page. A POP3
daemon listens standard at 110/TCP.
<P>* DHCP: Dynamic Host Configuration Protocol. If you've got a Cable-connection
you use DHCP to get your IP from your ISP.
<P>* OSPF (Open Shortest Path First) & RIP (Routing Information Protocol)
are used for determining the best method of routing.
<P>* BOOTP is a protocol used by a network node to determine the IP address of its Ethernet interfaces, in order to affect network booting. The server standard listens at 67/UDP.
<P>* ARP & RARP: Address Resolution Protocol. I'll explain this with an
example: If you want to send data to a host and you have its MAC-address (Media
Access Control, Ethernet-address) you can query a router for the IP, this is
handled by ARP. If you have the IP of a host and you want to know its
MAC-address, you can use RARP (Reverse Address Resolution Protocol).
<P>* Telnet (Network terminal protocol) is used for remote logins at computers
(usually UNIX-based boxes). Telnet sends the usernames and passwords in plain
text over the network, so anybody can obtain them very easily by using a
packetsniffer. There's a protocol called SSH (Secured SHell) which is also used
for remote logins but it is more secure: The data transferred between the two
hosts is encrypted, so the sniffed packets won't reveal any valuable
information. Telnet and SSH are usually used in a UNIX-environment. A telnet
daemon listens standard at 23/TCP and an SSH daemon listens standard at 22/TCP.
<P>* A typical protocol on UNIX-based systems is finger, nowadays you won't find
much boxes with a finger daemon running, standard listening at 79/TCP &
79/UDP. It gives valuable information away (like account-names, and maybe phone
numbers which could be used in Social-Engineering attacks). There are a lot of
vulnerabilities in the finger daemon so it's very insecure.
<P>Holy shit, this tutorial was about the OSI-model, let's go on quickly with
the Session layer...
<P>* The Session layer (5) <BR>=======================
<P>The Session layer, because of its name, it is often thought (mistakenly) to
be concerned with the network logon procedure and related matters of security.
This layer provides service to the upper two layers, it co-ordinates
communication between Presentation layer entities. A few protocols at this
layer:
<P>NETBIOS: A session interface and protocol, developed by IBM, which also
provides services to the presentation and application layers. <BR>NETBEUI,
(NETBIOS Extended User Interface), an extension of NETBIOS used in Microsoft
networking products, such as Windows NT and LAN Manager. <BR>ADSP (AppleTalk
Data Stream Protocol). <BR>PAP (Printer Access Protocol), provides Postscript
printer access to AppleTalk networks.
<P>* The Presentation layer (6) <BR>============================
<P>The Presentation layer of the OSI model performs only a single function: the
translation of different types of system syntax. For example, a connection
between a PC and a mainframe may require a conversion from the EBCDIC
character-encoding format to ASCII and many other factors may have to be
considered as well. Data compression (and possible encryption) is handled by
this layer.
<P>* And finally: The Application layer (7)
<BR>========================================
<P>This layer is the 'smartest', gateways resides at this layer. Gateways
perform the same tasks as a router, but there's a difference between them (look
at the following section for more information about this). The Application layer
is the primary interface between the application running on a computer and any
network resources it requires access to. The Application layer is the only layer
a user will operate at, protocols like FTP, telnet, SMTP, HTTP, POP3 resides at
this Application layer.
<P>* Routers and Gateways <BR>======================
<P>The difference between routers and gateways is easy to understand when you
know something about the OSI-model, and you know about it because you have read
the sections above very carefully, didn't you?... :) <BR>Well, as I
told you a gateway is at the Application layer, while a router is active at the
Network and Transport layers. This means that a router is faster than a gateway
because a gateway has also the protocols at the Session, Presentation and
Application layers to route. Hmm, let me make it something clearer with an
(stupid) example:
<P>There are two boys doing their homework, the first boy has only English to
learn. While the second boy has English and chemistry to learn. The first boy
finished his homework faster because he hadn't to do chemistry, but the second
boy will be smarter because he did English AND chemistry, so he knows things
that the first boy doesn't knows.
<P>Do you understand me? The first boy could be compared with a router (which is
faster) while the second boy could be compared with a gateway (which is
'smarter'). Read the example above again if you don't understand it...
<P>* Final words <BR>=============
<P>Well, I hope you enjoyed my (first) tutorial about networking. This tutorial
didn't explain you the OSI-model (and TCP/IP) completely but it has given you a
basic understanding. I'll update this tutorial in the future. As I said in the
Intro: maybe I'll write some more tutorials later, so check regular the website
where you have downloaded this article. If you have a GOOD question, comment, or
you want to marry me, feel free to send me a mail: shaolin123@hotmail.com
<BR>I'll try to answer all serious mails...
<P>Greetz to: r00t, NederWiet, ThaMan, DarkWhite, IzNoGood, TheZodiac, pi0d,
Nakebod, Reflex and all the others...
<P>Special thanks to: r00t, without him I probably wouldn't have written this
tutorial, the lectures he gave about networking were great and I learned very
much. He and NederWiet are the best hackers I know..!! ;)
<P>Some (nice) sites with information about hacking, security and networking:
<P><a href="http://packetstorm.securify.com/">http://packetstorm.securify.com/</a> <BR><a href="http://neworder.box.sk/">http://neworder.box.sk/ </a>
<BR><a href="http://www.elfqrin.com/">http://www.elfqrin.com/</a> <BR><a href="http://www.cisco.com/">http://www.cisco.com/</a>
<BR><a href="http://blacksun.box.sk/">http://blacksun.box.sk/</a> <BR><a href="http://212.187.6.213/">http://212.187.6.213/</a>
<BR><a href="http://hsunderground.box.sk/">http://hsunderground.box.sk/ </a>
<P>And remember: KNOWLEDGE IS POWER!!
<P>============================================================
<P>OSI Model v 1.02, (C) POOL 2001 <BR> </P></BODY></HTML>
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -