Network Protocol Analysis

1,179 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,179
On SlideShare
0
From Embeds
0
Number of Embeds
8
Actions
Shares
0
Downloads
60
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Network Protocol Analysis

  1. 1. NETWORK PROTOCOL ANALYSIS<br />
  2. 2. AMAK<br /><ul><li>A-> ANKITA (1MS07IS133)
  3. 3. M-> MAYANK (1MS07IS047)
  4. 4. A-> ANSHUJ (1MS07IS011)
  5. 5. K-> KRISH (1MS07IS038)</li></li></ul><li>TABLE OF CONTENTS <br /><ul><li>Introduction to Network Protocol Analysis.
  6. 6. IP Packet structure.
  7. 7. TCP Segment
  8. 8. Difference between different Network Protocol Analyzers.
  9. 9. FIDDLER tool demo.</li></li></ul><li>INTRODUCTION<br /><ul><li>What is a protocol??</li></ul> A set of rules used by computers to communicate in a network.<br /><ul><li>What is network protocol Analysis??</li></ul> Process of decoding network protocol headers and trailers.<br />
  10. 10. <ul><li>What is a network analyzer?</li></ul> Intercepts and logs traffic passing over a digital network.<br /><ul><li>A protocol analyzer is used to decode the protocols at each layer.
  11. 11. What is packet sniffing?</li></ul> Illegal reading packets of data travelling through a network.<br /><ul><li>Packet Sniffing is difficult to detect.</li></li></ul><li>METHODS OF PACKET SNIFFING<br /><ul><li>IP SPOOFING</li></ul> Intercepts traffic in a network by taking on the IP address of another computer.<br /><ul><li>RAW TRANSMIT</li></ul> Abnormal traffic generation such as TCP SYN floods.<br />
  12. 12. NETWORK LAYER<br /><ul><li>Data known as Packets.
  13. 13. Header has logical address of source and destination.
  14. 14. Checking routing table for routing information.</li></li></ul><li>IPv4 <br /><ul><li>Connectionless, unreliable.
  15. 15. Can be Paired with TCP to enhance reliability.
  16. 16. IP packet = Header + Data
  17. 17. Max length= 216-1.</li></li></ul><li>IP PACKET STRUCTURE<br />Header<br />Data<br />
  18. 18. <ul><li>VERSION: 4 bit
  19. 19. HEADER LENGTH:
  20. 20. 4 bits determine total number of 4 byte words in.
  21. 21. Length between 20 to 60 Bytes.
  22. 22. SERVICES:</li></ul>3 bit 4bit 1bit<br />
  23. 23. <ul><li>Precedence bit:
  24. 24. Ranges from 000-111.
  25. 25. Some datagrams are more important than others.
  26. 26. TYPES OF SERVICES(TOS): </li></li></ul><li><ul><li>TOTAL LENGTH:
  27. 27. 16 bit.
  28. 28. Size of data = total length- header length.
  29. 29. IDENTIIFICATION:
  30. 30. 16bit.
  31. 31. Packet does’nt fit into frame.
  32. 32. Assigned by the sender that helps in assembling the fragments.</li></li></ul><li><ul><li>FLAGS:
  33. 33. 3 bit.
  34. 34. FRAGMENT OFFSET:
  35. 35. 13 bit, determines the position of the fragment in the datagram.
  36. 36. First fragment has an offset zero.</li></ul>Don’t More<br />Fragment Fragment<br />
  37. 37.
  38. 38. <ul><li>TIME TO LIVE:
  39. 39. 8 bit.
  40. 40. Prevents packets from staying in the network after their use has expired.
  41. 41. Used to destroy undelivered datagrams.
  42. 42. PROTOCOL:
  43. 43. 8 bit.
  44. 44. Defines the protocol used like TCP and UDP for the data portions.</li></li></ul><li><ul><li>HEADER CHECKSUM:
  45. 45. 16 bit.
  46. 46. Value of the field is compared with the header checksum.
  47. 47. SOURCE & DESTINATION ADDRESS:
  48. 48. 32 bit IP address.
  49. 49. Remains unchanged when packet travels from source to destination. </li></li></ul><li>TCP SEGMENT STRUCTURE<br /><ul><li>TCP is a core protocol in the TCP/IP suite.
  50. 50. Transport layer protocol.
  51. 51. Reliable transmission of data between processes.</li></li></ul><li><ul><li>TCP segment contains header and data sections.
  52. 52. Header contains various fields which are:-
  53. 53. 16-bit source and destination port address.
  54. 54. 32-bit sequence number identifies the logical sequence of segment.
  55. 55. 32-bit Acknowledgement number holds the sequence number of the next expected segment if ACK flag is set.
  56. 56. 4-bit Data Offset indicates the header size.
  57. 57. 6-bit reserved for future use.
  58. 58. 6-bit flags for control.</li></li></ul><li><ul><li>16-bit window specifies the size of the receive window.
  59. 59. 16-bit check sum to detect errors in header and data.
  60. 60. 16-bit urgent pointer indicates the offset of last urgent data if URG flag is set.
  61. 61. Variable size option field.
  62. 62. Padding is a variable size field used to pack 0’s so the data starts from a bit position which is a multiple of 32.</li></li></ul><li>3-WAY HANDSHAKE<br />
  63. 63. CONNECTION ESTABLISHMENT IN TCP<br /><ul><li>3-way handshake.
  64. 64. Passive opening of port by server to allow service.
  65. 65. Client sends SYN(synchronize) request to server.
  66. 66. Server acknowledges by sending ACK-SYN.
  67. 67. Client again responds with ACK
  68. 68. Connection is now established.</li></li></ul><li>

×