For people who want to start out with #opensource , #openstack, #cloud , #bigdata Linux is the foundational skill. Consider this a beginner guide to linux , understand why it is important , what is the landscape and how easy it is to learn it.
The learning cheat sheet can be utilized from http://linoxide.com/guide/linux-command-shelf.html
PDF version attached as well .
Advanced Level Training on Koha / TLS (ToT)Ata Rehman
Advanced Level Training on Koha / Total Library Solution - TLS - (ToT), December 4-8, 2017 – PASTIC, Islamabad
All training material provided during this training can be found at: https://drive.google.com/drive/folders/1hwWGHV1iHgcpjK_tw6-Xgf-ZVUPchIS_
The purpose of this presentation is to explain the basic resources to understand how a programmer can create malware, insides about the theme, and brainstorms following practical codes and many exotic ideas for security mitigations for defense.
"If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle." ― Sun Tzu, The Art of War
Esta apresentação é baseada em uma pesquisa que publiquei em 2015 que tratava de malware do tipo mach-o, e o aumento de visibilidade do macOS como novo alvo. Nesta nova pesquisa, a ideia é mostrar algumas dicas sobre internals, kernel e principais ameaças que o macOS vem enfrentando.
Hacking Highly Secured Enterprise Environments by Zoltan BalazsShakacon
In theory, post-exploitation after having remote access is easy. Also in theory, there is no difference between theory and practice. In practice, there is. Imagine a scenario, where the hacker/penetration-tester has deployed a malware on a user's workstation, but the target information is on a secure server accessed via two-factor authentication, with screen access only (e.g. RDP, Citrix, etc.) On top of that, the server runs application white-listing, and only the inbound port to the screen server (e.g. 3389) is allowed through the hardware firewall. But you also need persistent interactive C&C communication (e.g. Netcat, Meterpreter, RAT) to this server through the user's workstation.
I developed (and will publish) two tools that help the community in these situations. The first tool can drop malware to the server through the screen while the user is logged in. The second tool can help to circumvent the hardware firewall after one can execute code on the server with admin privileges (using a signed kernel driver). My tools have been tested against Windows server 2012 and Windows 8, and they work with RDP or other remote desktops (e.g. Citrix). The number of problems one can solve with them are endless, e.g., communicating with bind-shell on webserver behind restricted DMZ. Beware, live demo and fun included!
For people who want to start out with #opensource , #openstack, #cloud , #bigdata Linux is the foundational skill. Consider this a beginner guide to linux , understand why it is important , what is the landscape and how easy it is to learn it.
The learning cheat sheet can be utilized from http://linoxide.com/guide/linux-command-shelf.html
PDF version attached as well .
Advanced Level Training on Koha / TLS (ToT)Ata Rehman
Advanced Level Training on Koha / Total Library Solution - TLS - (ToT), December 4-8, 2017 – PASTIC, Islamabad
All training material provided during this training can be found at: https://drive.google.com/drive/folders/1hwWGHV1iHgcpjK_tw6-Xgf-ZVUPchIS_
The purpose of this presentation is to explain the basic resources to understand how a programmer can create malware, insides about the theme, and brainstorms following practical codes and many exotic ideas for security mitigations for defense.
"If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle." ― Sun Tzu, The Art of War
Esta apresentação é baseada em uma pesquisa que publiquei em 2015 que tratava de malware do tipo mach-o, e o aumento de visibilidade do macOS como novo alvo. Nesta nova pesquisa, a ideia é mostrar algumas dicas sobre internals, kernel e principais ameaças que o macOS vem enfrentando.
Hacking Highly Secured Enterprise Environments by Zoltan BalazsShakacon
In theory, post-exploitation after having remote access is easy. Also in theory, there is no difference between theory and practice. In practice, there is. Imagine a scenario, where the hacker/penetration-tester has deployed a malware on a user's workstation, but the target information is on a secure server accessed via two-factor authentication, with screen access only (e.g. RDP, Citrix, etc.) On top of that, the server runs application white-listing, and only the inbound port to the screen server (e.g. 3389) is allowed through the hardware firewall. But you also need persistent interactive C&C communication (e.g. Netcat, Meterpreter, RAT) to this server through the user's workstation.
I developed (and will publish) two tools that help the community in these situations. The first tool can drop malware to the server through the screen while the user is logged in. The second tool can help to circumvent the hardware firewall after one can execute code on the server with admin privileges (using a signed kernel driver). My tools have been tested against Windows server 2012 and Windows 8, and they work with RDP or other remote desktops (e.g. Citrix). The number of problems one can solve with them are endless, e.g., communicating with bind-shell on webserver behind restricted DMZ. Beware, live demo and fun included!
Let Me Pick Your Brain - Remote Forensics in Hardened EnvironmentsNicolas Collery
Full Disk Encryption (FDE) may be rather useful as a defense mechanism against potential theft of a computer system. Usually such protections comes with some levels of hardening like removing administrative rights. However, when the system is compromised and requires careful forensic analysis, FDE and hardening can be quite painful to forensic analysts. This presentation delivered at IIC-SG-2018 (Infosec In the City - Singapore) and at Div0 (Division0 local security meetup) highlights few techniques to let a remote analyst perform investigations.
https://www.infosec-city.com
https://www.meetup.com/div-zero/
The Dark Side of PowerShell by George DobreaEC-Council
PowerShell is now a ‘mandatory-to-use’ tool for IT professionals in order to automate administration of the Windows OS and applications, including Azure and Nano Server. Unfortunately, threat actors have recently taken advantage of this powerful scripting language just because PowerShell it’s already installed on your Windows machines, trusted by Admins and most AntiVirus tools! The session presents the steps that should get you starting on (Ethical) Hacking and Pen Testing with PowerShell and some new techniques like JEA (Just Enough Administration) that a defender can use in order to limit the effectiveness of PowerShell attacks.
linux device drivers: Role of Device Drivers, Splitting The Kernel, Classes of
Devices and Modules, Security Issues, Version Numbering, Building and Running Modules
Kernel Modules Vs. Applications, Compiling and Loading, Kernel Symbol Table,
Preliminaries, Interaction and Shutdown, Module Parameters, Doing It in User Space.
Remix of two other open source presentations along with my own content, 40 slides set to play at 20 seconds auto-timed (similar to Pecha-Kucha style timing). This was delivered via Caribbean Tech Dev forum's monthly Google Hangout in November 2015, and video can be viewed at https://www.youtube.com/watch?v=xANrsSin_-0
Docker, Linux Containers, and Security: Does It Add Up?Jérôme Petazzoni
Containers are becoming increasingly popular. They have many advantages over virtual machines: they boot faster, have less performance overhead, and use less resources. However, those advantages also stem from the fact that containers share the kernel of their host, instead of abstracting an new independent environment. This sharing has significant security implications, as kernel exploits can now lead to host-wide escalations.
In this presentation, we will:
- Review the actual security risks, in particular for multi-tenant environments running arbitrary applications and code
- Discuss how to mitigate those risks
- Focus on containers as implemented by Docker and the libcontainer project, but the discussion also stands for plain containers as implemented by LXC
I prepared it when i started learning linux at KBFS. It explains why linux is less prone to virus and what kind of viruses affect linux. (final edit pending)
Writing malware while the blue team is staring at youRob Fuller
Talk given at DerbyCon 2016 and RuxCon 2016
Malware authors and reverse engineers have been playing cat and mouse for a number of years now when it comes to writing and reversing of malware. From nation state level malware to the mass malware that infects grandmas and grandpas, mothers and fathers, the different types of malware employ a myriad of techniques to stop those who look at it from guessing the true intent. This talk will be about some of the unorthodox methods employed by some malware to stay hidden from, or out right ignore the reverse engineering community.
Let Me Pick Your Brain - Remote Forensics in Hardened EnvironmentsNicolas Collery
Full Disk Encryption (FDE) may be rather useful as a defense mechanism against potential theft of a computer system. Usually such protections comes with some levels of hardening like removing administrative rights. However, when the system is compromised and requires careful forensic analysis, FDE and hardening can be quite painful to forensic analysts. This presentation delivered at IIC-SG-2018 (Infosec In the City - Singapore) and at Div0 (Division0 local security meetup) highlights few techniques to let a remote analyst perform investigations.
https://www.infosec-city.com
https://www.meetup.com/div-zero/
The Dark Side of PowerShell by George DobreaEC-Council
PowerShell is now a ‘mandatory-to-use’ tool for IT professionals in order to automate administration of the Windows OS and applications, including Azure and Nano Server. Unfortunately, threat actors have recently taken advantage of this powerful scripting language just because PowerShell it’s already installed on your Windows machines, trusted by Admins and most AntiVirus tools! The session presents the steps that should get you starting on (Ethical) Hacking and Pen Testing with PowerShell and some new techniques like JEA (Just Enough Administration) that a defender can use in order to limit the effectiveness of PowerShell attacks.
linux device drivers: Role of Device Drivers, Splitting The Kernel, Classes of
Devices and Modules, Security Issues, Version Numbering, Building and Running Modules
Kernel Modules Vs. Applications, Compiling and Loading, Kernel Symbol Table,
Preliminaries, Interaction and Shutdown, Module Parameters, Doing It in User Space.
Remix of two other open source presentations along with my own content, 40 slides set to play at 20 seconds auto-timed (similar to Pecha-Kucha style timing). This was delivered via Caribbean Tech Dev forum's monthly Google Hangout in November 2015, and video can be viewed at https://www.youtube.com/watch?v=xANrsSin_-0
Docker, Linux Containers, and Security: Does It Add Up?Jérôme Petazzoni
Containers are becoming increasingly popular. They have many advantages over virtual machines: they boot faster, have less performance overhead, and use less resources. However, those advantages also stem from the fact that containers share the kernel of their host, instead of abstracting an new independent environment. This sharing has significant security implications, as kernel exploits can now lead to host-wide escalations.
In this presentation, we will:
- Review the actual security risks, in particular for multi-tenant environments running arbitrary applications and code
- Discuss how to mitigate those risks
- Focus on containers as implemented by Docker and the libcontainer project, but the discussion also stands for plain containers as implemented by LXC
I prepared it when i started learning linux at KBFS. It explains why linux is less prone to virus and what kind of viruses affect linux. (final edit pending)
Writing malware while the blue team is staring at youRob Fuller
Talk given at DerbyCon 2016 and RuxCon 2016
Malware authors and reverse engineers have been playing cat and mouse for a number of years now when it comes to writing and reversing of malware. From nation state level malware to the mass malware that infects grandmas and grandpas, mothers and fathers, the different types of malware employ a myriad of techniques to stop those who look at it from guessing the true intent. This talk will be about some of the unorthodox methods employed by some malware to stay hidden from, or out right ignore the reverse engineering community.
Acetabularia Information For Class 9 .docxvaibhavrinwa19
Acetabularia acetabulum is a single-celled green alga that in its vegetative state is morphologically differentiated into a basal rhizoid and an axially elongated stalk, which bears whorls of branching hairs. The single diploid nucleus resides in the rhizoid.
Synthetic Fiber Construction in lab .pptxPavel ( NSTU)
Synthetic fiber production is a fascinating and complex field that blends chemistry, engineering, and environmental science. By understanding these aspects, students can gain a comprehensive view of synthetic fiber production, its impact on society and the environment, and the potential for future innovations. Synthetic fibers play a crucial role in modern society, impacting various aspects of daily life, industry, and the environment. ynthetic fibers are integral to modern life, offering a range of benefits from cost-effectiveness and versatility to innovative applications and performance characteristics. While they pose environmental challenges, ongoing research and development aim to create more sustainable and eco-friendly alternatives. Understanding the importance of synthetic fibers helps in appreciating their role in the economy, industry, and daily life, while also emphasizing the need for sustainable practices and innovation.
Read| The latest issue of The Challenger is here! We are thrilled to announce that our school paper has qualified for the NATIONAL SCHOOLS PRESS CONFERENCE (NSPC) 2024. Thank you for your unwavering support and trust. Dive into the stories that made us stand out!
Introduction to AI for Nonprofits with Tapp NetworkTechSoup
Dive into the world of AI! Experts Jon Hill and Tareq Monaur will guide you through AI's role in enhancing nonprofit websites and basic marketing strategies, making it easy to understand and apply.
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...Levi Shapiro
Letter from the Congress of the United States regarding Anti-Semitism sent June 3rd to MIT President Sally Kornbluth, MIT Corp Chair, Mark Gorenberg
Dear Dr. Kornbluth and Mr. Gorenberg,
The US House of Representatives is deeply concerned by ongoing and pervasive acts of antisemitic
harassment and intimidation at the Massachusetts Institute of Technology (MIT). Failing to act decisively to ensure a safe learning environment for all students would be a grave dereliction of your responsibilities as President of MIT and Chair of the MIT Corporation.
This Congress will not stand idly by and allow an environment hostile to Jewish students to persist. The House believes that your institution is in violation of Title VI of the Civil Rights Act, and the inability or
unwillingness to rectify this violation through action requires accountability.
Postsecondary education is a unique opportunity for students to learn and have their ideas and beliefs challenged. However, universities receiving hundreds of millions of federal funds annually have denied
students that opportunity and have been hijacked to become venues for the promotion of terrorism, antisemitic harassment and intimidation, unlawful encampments, and in some cases, assaults and riots.
The House of Representatives will not countenance the use of federal funds to indoctrinate students into hateful, antisemitic, anti-American supporters of terrorism. Investigations into campus antisemitism by the Committee on Education and the Workforce and the Committee on Ways and Means have been expanded into a Congress-wide probe across all relevant jurisdictions to address this national crisis. The undersigned Committees will conduct oversight into the use of federal funds at MIT and its learning environment under authorities granted to each Committee.
• The Committee on Education and the Workforce has been investigating your institution since December 7, 2023. The Committee has broad jurisdiction over postsecondary education, including its compliance with Title VI of the Civil Rights Act, campus safety concerns over disruptions to the learning environment, and the awarding of federal student aid under the Higher Education Act.
• The Committee on Oversight and Accountability is investigating the sources of funding and other support flowing to groups espousing pro-Hamas propaganda and engaged in antisemitic harassment and intimidation of students. The Committee on Oversight and Accountability is the principal oversight committee of the US House of Representatives and has broad authority to investigate “any matter” at “any time” under House Rule X.
• The Committee on Ways and Means has been investigating several universities since November 15, 2023, when the Committee held a hearing entitled From Ivory Towers to Dark Corners: Investigating the Nexus Between Antisemitism, Tax-Exempt Universities, and Terror Financing. The Committee followed the hearing with letters to those institutions on January 10, 202
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdfTechSoup
In this webinar you will learn how your organization can access TechSoup's wide variety of product discount and donation programs. From hardware to software, we'll give you a tour of the tools available to help your nonprofit with productivity, collaboration, financial management, donor tracking, security, and more.
Biological screening of herbal drugs: Introduction and Need for
Phyto-Pharmacological Screening, New Strategies for evaluating
Natural Products, In vitro evaluation techniques for Antioxidants, Antimicrobial and Anticancer drugs. In vivo evaluation techniques
for Anti-inflammatory, Antiulcer, Anticancer, Wound healing, Antidiabetic, Hepatoprotective, Cardio protective, Diuretics and
Antifertility, Toxicity studies as per OECD guidelines
Instructions for Submissions thorugh G- Classroom.pptxJheel Barad
This presentation provides a briefing on how to upload submissions and documents in Google Classroom. It was prepared as part of an orientation for new Sainik School in-service teacher trainees. As a training officer, my goal is to ensure that you are comfortable and proficient with this essential tool for managing assignments and fostering student engagement.
9. Win 8.1 vm
Win Server 2012 R2 VM AD DS/DNS
Kali 2.0 VM
Vmnet8 Switch
Metasploitable VM
Cisco R&S
GNS3/EVE Cloud
Internet
Host Machine
XMAPP
DVWA v1.8
Fire Fox
sqlitestudio
Android VM
bare metal VM used for:
Turnkey Linux word press
Kali 1
bee-boxv1.6
Pen Testing & Ethical Hacking Training Lab
10. Kali 2.0 VM
Vmnet8 Switch
Metasploitable VM
Cisco R&S
GNS3/EVE/VIRL Cloud
Internet
External Targets
www.cbtme.com
www.certifiedhacker.com
www.eccouncil.org
hackthissite.org
Yasser Ramzy Auda
11. Windows server 2012 VM
IP address 192.168.3.12/24 DG 192.168.3.2/24 DNS: 127.0.0.1 & 8.8.8.8
Username Full name Password
administrator p@ssw0rd
Jack Jack Reacher wolf
Pierce Pierce Brosnan apple
Jennifer Jennifer Joanna Aniston cat
Username Full name Password
simon Simon Templar cisco
Jack Jack Daniel's great
Computer name Domain name
DC1 IJWT.local
Windows 8 VM
IP address192.168.3.8/24 DG 192.168.3.2/24 DNS: 192.168.3.12 & 8.8.8.8
Computer name Domain name
DC1 IJWT.local
12. Kali 2 VM
Dynamically getting IP address from vmnet8 DHCP from subnet 192.168.3.0/24 starting with .128
Metasploitable VM
Dynamically getting IP address from vmnet8 DHCP from subnet 192.168.3.0/24 starting with .128
Android VM
Dynamically getting IP address from vmnet8 DHCP from subnet 192.168.3.0/24 starting with .128
Username Full name Password
root toor
yasser Yasser Auda moon
Username Full name Password
msfadmin msfadmin
Computer name
kali
Computer name
metasploitable
13. Windows server 2012 VM Pre-Configuration
Firewall disabled
Automatic update disabled
Internet Explorer Enhanced Security disabled
Telnet client , Telnet server , TFTP client , SNMP service installed
Domain Default GPO tuned to accept passwords as the following:
• Minimum password length: set to 3 characters
• Password must meet complexity requirements: Disabled
Windows 8 VM Pre-Configuration
Firewall disabled
Automatic update disabled
VMware Tools installed
Windows Defender disabled
VMware Tools installed
14. Win 8.1 vm
Win Server 2012 R2 VM AD DS/DNS
Kali 2.0 VM
Vmnet8 Switch
Metasploitable VM
Cisco R&S
GNS3/EVE Cloud
Internet
Host Machine
• XMAPP
• DVWA v1.8
• Fire Fox
• sqlitestudio
Android VM
bare metal VM used for:
Turnkey Linux word press
Kali 1
bee-boxv1.6
CEH/CHFI/CND Training Lab
CHFI VM
AlienVault® OSSIM CND VM
18. A hypervisor or virtual machine monitor (VMM) is a piece of computer software, firmware
or hardware that creates and runs virtual machines.
emulate resources so VM OS believe he had physical Hardware
Type 1 bare-metal hypervisor
communicate VM OS to host HW
host has no OS
Ex: VMware ESXI , Hyper-v standalone
Type 2 hypervisor
host has OS and stand as layer between hypervisor and real hardware
Ex: VMware workstation ,Hyper-v in win8,10,2012,2016
20. Linux platforms
• Servers
• Desktops
• Embedded (non-computer) devices
Popular distros
• Ubuntu
• Red Hat Enterprise
• Fedora
• SUSE
• Debian
• Slackware
• …many others
Distro = Linux Distribution
www.distrowatch.com to download any distro
I386,x86,i686,x86-32-64
For our Intel machine choose i386
21. Debian
Based on: Independent
Origin: Global
Architecture: armel, hppa, ia64, i386, mips, mipsel, powerpc, s390, sparc64, x86_64
Desktop: AfterStep, Blackbox, Fluxbox, GNOME, IceWM, KDE, LXDE, Openbox, WMaker, Xfce
Category: Desktop, Live Medium, Server
22. You can use Gparted GUI application to manage hard disks
File systems
• Windows: NTFS, FAT32
• Removable media: FAT/VFAT, FAT32
• Linux:
Ext2 (older rarely used)
Ext3 (journaling FS, common used , log changes before writing them to FS)
Ext4 (new FS , where volume up to 1 Exabyte and files up to 1 Terabyte )
JFS IBM not common used
Reiser (or ReiserFS) openSUSE
XFS RedHat
Partitions you will need at least two partitions:
• Root (Store OS,App,Data)
• Swap (work like pagefile.sys on windows )
29. Some folders come with the system like :
/ root directory , all other directories branch from it .
/bin system commands & binaries like cp,ls,mount
/sbin similar to /bin but contain programs run by admin like fdisk
/boot files related to boot loader like GRUB/LILO (ntldr , bootmgr in winxp & 7)
/dev partition ,devices files like printers (all hw devices act as files on linux , these files are
there )
/etc computer configuration
/home users files and profiles except root (administrator) profile
/root root files and profiles (administrator) profile
/lib programming libraries /lib/modules have kernel modules drives
/mnt temp mounting points used some time to mount removable media on it
/tmp temp folder
/var system logs , print spool , mail files
/usr come with subdirectories with users names
/media like /mnt but come with /media/floopy /media/cdrom
/proc its virtual filesystem created dynamically to provide access to certin types of hw info
example : cat /proc/cpuinfo , all other info about hardware resources.
30. Generally, the system for labeling drives starts with:
•hda
•hdb
•hdc
•etc.
The letters "hd" stand for hard drive, and the following letter is the order with
which they are mounted. With newer hard drives (SATA), Linux designates them
with:
•sda
•sdb
•sdc
•etc.
The "s" is a legacy from SCSI drives.
Partitions within those drives are then designated with numbers after the letters
such as sda1, sda2, sda3, etc.
46. Metasploitable is an intentionally vulnerable Linux virtual machine. This VM can be used to
conduct security training, test security tools, and practice common penetration testing
techniques.
https://sourceforge.net/projects/metasploitable/
Boot-to-Root Virtual Machines
Creating a virtual machine hacking challenge , is just means creating Windows or Linux VM
with many Vulnerabilities then challenge you to exploit it to hack that system.
Such as Metasploitable, pWnOS, Badstore & De-ICE
We call this VM "Boot2Root virtual machine"
Boot-to-Root Virtual Machines
https://www.vulnhub.com/
https://www.turnkeylinux.org/wordpress
https://sourceforge.net/projects/bwapp/files/bee-box/
48. What is protocol ?
A network protocol is a
standard set
of rules that determines how
systems
will communicate across
networks.
49. What is segment?
What is packet ?
What is frame ?
what is Protocol Data Unit PDUs?
What is encapsulation ?
What is de encapsulation ?
What is TCP-IP?
What is TCP/UDP header?
What is IP header?
What is Ethernet header?
What is checksum?
What is CRC?
7
6
5
4
3
2
1
Open Systems Interconnection Reference Model
50. The session layer establishes, manages, and terminates sessions between two
communicating hosts. The session layer also synchronizes dialog between the presentation
layers of the two hosts and manages their data exchange. For example, web servers have
many users, so there are many communication processes open at a given time. Therefore,
it is important to keep track of which user communicates on which path.
51. Your web browser is an application that operates at the application layer. After you enter an address in the address
bar, the browser passes data (an HTTP “GET” request) to the application layer. When the application layer passes the
data to the transport layer, the transport layer may split the data into segments (if the amount of data is deemed large
enough). The transport layer adds a TCP header to the segment, encapsulating it in TCP. If there are multiple segments,
TCP sequences them so the data stream can be reassembled when it reaches its destination. The segment is then
passed to the Internet layer, where it receives an IP header to encapsulate it as an IP packet. The IP header contains
source and destination IP addresses, which will enable the data to be properly routed to the destination. The Internet
layer may also break a large packet into smaller fragments, then the fragments are reassembled at the Internet layer at
the destination system. When the IP packet reaches the link layer, it is encapsulated in an Ethernet frame, which
contains the hardware, or MAC, addresses of the source and destination computers. The frame is then transmitted in
the form of bits onto the physical network.
At the destination, the process is reversed. As information in each header is read, the header is stripped and the
remaining data is sent up to the next layer.
53. Version: A 4-bit field that identifies the IP version being used. Version is 4 referred to as
IPv4.
IP Header length: A 4-bit field containing the length of the IP header. The minimum length
of an IP header is 20 bytes.
Type of service: The 8-bit ToS field traditionally uses 3 bits for IP Precedence. The newer
redefinition of the ToS field uses a 6-bit DSCP field and a 2-bit ECN field to identify the level
of service a packet receives in the network.
Total length: Specifies the length of the IP packet that includes the IP header and the user
data. The length field is 2 bytes, so the maximum size of an IP packet is 65,535 bytes.
Identifier, flags, and fragment offset: As an IP packet moves through the Internet, it might
need to cross a route that cannot handle the size of the packet. The packet will be divided,
or fragmented, into smaller packets and reassembled later. These fields are used to
fragment and reassemble packets.
Time to live: It is possible for an IP packet to roam aimlessly around the Internet. If there is a
routing problem or a routing loop, then you don't want packets to be forwarded forever. A
routing loop is when a packet is continually routed through the same routers over and over.
The TTL field is initially set to a number and decremented by every router that is passed
through. When TTL reaches 0, the packet is discarded.
Protocol: In the layered protocol model, the layer that determines which application the
data is from or which application the data is for is indicated using the Protocol field. This
field does not identify the application, but identifies a protocol that sits above the IP layer
that is used for application identification. For example, protocol number 1 = ICMP, 6 = TCP,
17 = UDP.