Packet Sniffing

We will look at… What is a protocol? What exactly is a packet? Some of the protocols that make TCP/IP work Internet Protocol (IP) User Datagram Protocol (UDP) Transmission Control Protocol (TCP) Introduce tools such as Wireshark Examine a PCAP file

What is a Protocol? An agreed upon mechanism of doing something E.g. shaking hands

First look at a PCAP file

What Exactly is a Packet?

What Happens when you Access the Web? You request data on your local computer Data sent to home router (WIFI or wired connection) Router sends data to your ISP (Internet Service Provider) Data then enters the ISPs WAN (Wide Area Network) In turn data passes to WAN for your area / city Data now on the wider Internet using high bandwidth connections and routers Data then has to find its way to the server Trace route is a command line tool allowing you to view all of the machines involved between client and server Software and hardware needs to be designed in such a way to enable all of the above to happen

Layered Network Architectures ISO OSI Reference Model (International Standards Organisation, Open Systems Interconnection model) Organises network software into layers that focus on specific tasks

Top Most Layers

The Sub Net

Why Layers? As developers we can concentrate on specific networking problems one at a time Physical layer concerned solely with how data is represented on the cable Data link layer concerned with what to do if data is lost or corrupted 7 Layer model is aspirational. Many implementations ignore the upper layers completely

TCP/IP and the OSI Model Application Presentation Session Transport Network Internet Data Link Network Interface Physical Hardware

Morse Code and “Layers” The message “Hello” will be represented in different ways at different parts of the system “.... . .-.. .-.. ---”

Computer Networks use Binary Rather than Morse Code For example the text “hello” represented in binary using UTF-8 would be “0110100001100101011011000110110001101111” As an electrical signal it might look something like this… https://www.youtube.com/watch?v=ckc6XSSh52w

Imposing Order To make sense of the zeros and ones we need to impose some order Where does a section of data start? Where does a section of data end? Who is the sender of the data? Who is the recipient? Which port/application is communicating? How do we send large files without clogging up the network? What do we do if data is lost or damaged?

Internet Protocol (IP) Take the zeros and ones and organise them into “frames” Original data split into smaller chunks The first set of binary data makes up the header The second set of binary data is a small section of the original data So a large video file would split down into lots of individual frames The frames only indicate which machine the data is intended for To do the job properly we need to identify which application (port) the data is destined for Need to organise the data into packets IP Header Data

User Datagram Protocol (UDP) Rather than only identifying the destination machine the packet also identifies the port number the data is intended for too The packets make up the data component of a frame Still very small so a large video file would be split up into many packets of data UDP contains simple error checking via a checksum Simply ignores damaged data Absence of error correction makes it fast But why would we want a protocol like this? Consider for example Skype IP Header Port No & Checksum Data

Transmission Control Protocol (TCP) If Skype loses our data we may not care Would we be happy with… 50% of an email? 25% of a banking transaction? For other applications we need some sort of error correction as well as detection Internet originally designed to survive a nuclear attack TCP addresses this problem By giving each packet a sequence number the receiver now knows two things: What order the packets are supposed to go in If any packets are missing when they are assembled IP Header Port No & Checksum Sequence no Data

Sliding Windows Protocol Transmitter sends a packet of data but the receiver is busy – what might happen?

Acknowledgment (ACK)

Data Loss The same would be true if the ACK was destroyed in transit – repeated packet would be ignored!

Improving Bandwidth Usage Other type of packets exist in the process too!

The Problem with Packets WIFI – intercept the packets “in the air” Free WIFI in pubs/bars/airports Wired – intercept the packets on the cable Using a machine linked to the network Cutting the cable and adding your own machine Using packet sniffing software e.g. Wireshark https://www.wireshark.org/ Used for fixing network problems May be used for “other things” too!

Generates a PCAP file This file allows you to see the packets on the network Gives lots of clues as to Network configuration Hardware connected to the network

Inspect the Data in HTML Form POST requests Login Wireshark PCAP File

Improving Security Use SSL between client and server HTTP – plain text HTTPS – secure on port 443 Use a VPN (especially on public networks) Masks the IP address of the client May give illusion of being in a different country Packets may be encrypted Also allows for bypassing of firewall restrictions e.g. BitTorrent sites

We have looked at… What is a protocol? What is a packet? Some of the protocols that make TCP/IP work Internet Protocol (IP) User Datagram Protocol (UDP) Transmission Control Protocol (TCP) Introduce tools such as Wireshark Examined a PCAP file Considered additional security issues of TCP/IP