How the Internet works

3,387 views
3,518 views

Published on

This is talk is a little shady, a little underground, and attendees have been seen wearing diggnation shirts and even brought beer – brown bag style of course.
However, it’s all about “How the Internet works” and while I talk a lot about MAC and IP addresses, TCP, packets, ports, TTL, NAT, and all that, it has always been a lot fun for everyone.
I talk about how applications like iTunes announce shared playlists and why sharing them only works on LANs but not over the Internet – and of course you will see how you can “work around” this .. limitation.

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
3,387
On SlideShare
0
From Embeds
0
Number of Embeds
2,619
Actions
Shares
0
Downloads
14
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

How the Internet works

  1. 1. How the Internet works - Hacking iTunes - Wolf Paulus . com Wolf Paulus
  2. 2. 1963
  3. 3. © 2006 Wolf Paulus
  4. 4. Packet-Switched vs. Circuit-Switched• Circuit-switched networks require dedicated point-to-point connections during calls.• Packet-switched networks move data in separate, small blocks -- packets -- based on the destination address in each packet. When received, packets are reassembled in the proper sequence to make up the message. © 2006 Wolf Paulus
  5. 5. MAC Address• MAC or Ethernet-ID, like a SSN 00 : 0a : 95 : a5 : a3 : 8c 6 pairs 00..FF (256) = 2566 = 248 = 281,474,976,710,000• 1st 3 pairs identify the manufacturer: E.g. : 00 : 0a : 95 : .. : .. : .. - Apple © 2006 Wolf Paulus
  6. 6. Vendor/Ethernet MAC Address Lookup and Search http://www.coffer.com/mac_find/ © 2006 Wolf Paulus
  7. 7. Hacker TipChanging your MAC Address• Mac OS X • sudo ifconfig en0 ether 00:01:02:03:04:05• Linux 1. /etc/init.d/networking stop 2. ifconfig eth0 hw ether 00:01:02:03:04:08 3. /etc/init.d/networking start © 2006 Wolf Paulus
  8. 8. IP v. 4 - 32-bit Address• IP - like a Phone Number or ZIP code • Manually assigned or through DHCP • 17 . 254 . 3 . 183 • 2564 = 232 = 4,294,967,296 © 2006 Wolf Paulus
  9. 9. IP v 4• Internet Protocol Version 4• 8-bit . 8-bit . 8-bit . 8-bit e.g. 17 . 254 . 3 . 183• Originally • 1st 8 bits defined the location • 24 bits to address computers on that network © 2006 Wolf Paulus
  10. 10. Class A, B, and C © 2006 Wolf Paulus
  11. 11. Special IP Ranges © 2006 Wolf Paulus
  12. 12. © 2006 Wolf Paulus
  13. 13. Inter-Domain Routing © 2006 Wolf Paulus
  14. 14. How Packets work . . .• A packet consists of three elements • Header (.. Envelope) • Data (.. Letter) • Trailer © 2006 Wolf Paulus
  15. 15. IP Packet Structure• Time to Live (TTL)• Protocol (1 = ICMP, 6 = TCP, 17 = UDP )• Source and Destination Address © 2006 Wolf Paulus
  16. 16. Packet Sniffer Output0x0000: 4500 003e ca34 0000 4011 d581 c0a8 c8330x0010: 4315 0f08 c9d0 0035 002a c595 347c 01000x0020: 0001 0000 0000 0000 0265 6e09 7769 6b690x0030: 7065 6469 6103 [ TTL 64 ] [ UDP = 17] = 40 11 Header Checksum ... Source addr. 192.168.200.51 = c0 a8 c8 33 © 2006 Wolf Paulus
  17. 17. IP Packet UDP Packet © 2006 Wolf Paulus
  18. 18. IP Packet TCP Packet © 2006 Wolf Paulus
  19. 19. Packet Sniffer Output 0x0000: 4500 003c ca40 4000 4006 9419 c0a8 c833 0x0010: cf8e 83f7 ce5a 0050 944b 24a8 0000 0000 0x0020: a002 ffff dc90 0000 0204 05b4 0103 0300 0x0030: 0101 080a 697b TTL= 64, TCP= 6 40 06 Source Address= 192.168.200.51 c0 a8 c8 33Destination: wikimedia.org= 207.142.131.247 cf 8e 83 f7 Destination Port HTTP= 80 00 50 © 2006 Wolf Paulus
  20. 20. Router and NAT Router
  21. 21. ifconfig en1en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1356 inet6 fe80::214:51ff:fe7a:8439%en1 prefixlen 64 scopeid 0x5 inet 192.168.234.138 netmask 0xffffff00 broadcast 192.168.234.255 ether 00:14:51:7a:84:39 media: autoselect status: active supported media: autoselectWPBook:~ wolf$ netstat -rnRouting tables netstat -rnInternet:Destination Gateway Flags Refs Use Netif Expiredefault 192.168.234.240 UGSc 105 31 en1127 127.0.0.1 UCS 0 0 lo0127.0.0.1 127.0.0.1 UH 13 45570 lo0169.254 link#5 UCS 0 0 en1192.168.234 link#5 UCS 1 0 en1192.168.234.138 127.0.0.1 UHS 0 1 lo0192.168.234.240 0:3:a0:89:76:7c UHLW 106 42 en1 1099
  22. 22. arp -asd-ex1.verity.com (192.168.0.125) at 0:11:43:d9:23:9a on en0[ethernet]cs2.verity.com (192.168.0.143) at 0:7:e9:18:7f:75 on en0 [ethernet]denali.verity.com (192.168.0.151) at 0:14:22:16:65:3f on en0 [ethernet]vrty-sd1.verity.com (192.168.0.160) at 0:7:e9:18:7e:ec on en0 [ethernet]vrty-sd2.verity.com (192.168.0.162) at 0:7:e9:18:7e:eb on en0 [ethernet]qavm01 (192.168.1.36) at 0:14:22:72:33:2f on en0 [ethernet]englabd2.nato.cardiff.com (192.168.1.71) at 0:d0:b7:b8:1e:b2 on en0 [ethernet]? (192.168.1.127) at 0:c0:4f:60:39:cf on en0 [ethernet]? (192.168.1.140) at 0:b0:d0:44:ac:df on en0 [ethernet]? (192.168.1.152) at 0:d0:b7:b8:9c:3b on en0 [ethernet]csdlab-b03 (192.168.2.75) at 0:c0:4f:4:1c:5b on en0 [ethernet]ldap2000.ad2000.qalab (192.168.2.85) at 0:3:47:f3:b5:de on en0 [ethernet]perf06.perform.qalab (192.168.2.88) at 0:12:3f:20:b7:43 on en0 [ethernet]wpaulus-xp-p650.verity.com (192.168.2.143) at 0:8:74:4f:eb:52 on en0 [ethernet]sd-irtr-1.verity.com (192.168.2.247) at 0:3:e3:eb:96:ff on en0 [ethernet]dotnetxp.qa.perform (192.168.3.70) at 0:3:47:f3:a3:34 on en0 [ethernet]
  23. 23. NAT-Router Port Forwarding © 2006 Wolf Paulus
  24. 24. © 2006 Wolf Paulus
  25. 25. Hacking iTunes Sharing © 2006 Wolf Paulus
  26. 26. iTunes - Sharing Playlist • iTunes announces the availability of shared playlists via Multicast DNS (aka Zeroconf, Rendezvous, or Bonjour)224.0.0.251 • TTL = 255 = 0xFF • Protocol = UDP = 0x11 • Destination = 224.0.0.251 0x0000: 4518 01f4 4e50 0000 ff11 0187 c0a8 c865 0x0010: e000 00fb 14e9 14e9 01e0 db14 0000 8400 0x0020: 0000 0008 0000 0002 0c57 5042 6f6f 6b20 0x0030: 4d75 7369 6305 © 2006 Wolf Paulus
  27. 27. Code: Multicast ReceiverMulticastSocket ms = new MulticastSocket(1234);ms.joinGroup(InetAddress.getByName("225.9.3.97");byte[] data = new byte[256];while (true) { DatagramPacket dgp = new DatagramPacket(data,data.length); try { ms.receive(dgp); } catch (IOException e) { // whatever .. } ...} © 2006 Wolf Paulus
  28. 28. Code: Multicast SenderMulticastSocket ms = new MulticastSocket()InetAddress mia = InetAddress.getByName("225.9.3.97");int mport = 1234;byte[] data = "My Messgage".getBytes();ms.setTimeToLive( 47 );try { ms.send(new DatagramPacket(data,data.length,mia,mport));} catch (IOException e) {} © 2006 Wolf Paulus
  29. 29. iTunes - Receiving shared songs iTunes serves songs to a remote client using TCP port 3689 • TTL = 2 = 0x02 • Protocol = TCP = 0x6 • Source / Server = 192.168.200.101 • Destination / Client = 192.168.200.51 • Server Port = 3689 0x0000: 4500 05dc 5627 4000 0206 0b0b c0a8 c865 0x0010: c0a8 c833 0e69 d2e2 9f1c 6d86 c7b4 7361 0x0020: 8010 ffff bb4e 0000 0101 080a 0c37 55b4 0x0030: 697c 13f1 2a9c © 2006 Wolf Paulus
  30. 30. Overcome broadcast filtering • NetWork Beacon serves as a proxy for services on other computers or devices. http://www.chaoticsoftware.com • RendezvousProxy Java Implementation http://ileech.sourceforge.net © 2006 Wolf Paulus
  31. 31. Overcome broadcast filtering © 2006 Wolf Paulus
  32. 32. Overcome broadcast filtering • modttl ;-) modttl is intended for network administrators that are looking to modify the TTL of packets beings sent from their servers This allows you to restrict the TTL of packets that you only want going a certain number of hops from your server or extend the TTL of packets that for some reason are set to low. © 2006 Wolf Paulus
  33. 33. Overcome broadcast filtering Running modttl on the serving machine: Using divert port 17780 TTL of packets will be set to 255 Creating a socket Binding a socket Priority has been set to -15 Waiting for data... 00071 divert 17780 tcp from 192.168.100.51 3689 to any out xmit en0• modttl.tgz modifies the TTL of packets. Works on OS X and FreeBSD. http://www.intrarts.com/software.html © 2006 Wolf Paulus
  34. 34. Hacking iTunes Sharing © 2006 Wolf Paulus
  35. 35. Thanks for coming© 2003-2006 Carlsbad Cubes© 2006 wolfpaulus.com

×