Download - Network Protocol Analysis
![Page 1: Network Protocol Analysis](https://reader033.vdocuments.mx/reader033/viewer/2022061300/54cda87d4a79591e0f8b48f5/html5/thumbnails/1.jpg)
NETWORK PROTOCOL ANALYSIS
![Page 2: Network Protocol Analysis](https://reader033.vdocuments.mx/reader033/viewer/2022061300/54cda87d4a79591e0f8b48f5/html5/thumbnails/2.jpg)
AMAK A-> ANKITA (1MS07IS133)
M-> MAYANK (1MS07IS047)
A-> ANSHUJ (1MS07IS011)
K-> KRISH (1MS07IS038)
![Page 3: Network Protocol Analysis](https://reader033.vdocuments.mx/reader033/viewer/2022061300/54cda87d4a79591e0f8b48f5/html5/thumbnails/3.jpg)
TABLE OF CONTENTS
• Introduction to Network Protocol Analysis.
• IP Packet structure.• TCP Segment• Difference between different
Network Protocol Analyzers.• FIDDLER tool demo.
![Page 4: Network Protocol Analysis](https://reader033.vdocuments.mx/reader033/viewer/2022061300/54cda87d4a79591e0f8b48f5/html5/thumbnails/4.jpg)
INTRODUCTION
What is a protocol??A set of rules used by computers to
communicate in a network.
What is network protocol Analysis??Process of decoding network protocol
headers and trailers.
![Page 5: Network Protocol Analysis](https://reader033.vdocuments.mx/reader033/viewer/2022061300/54cda87d4a79591e0f8b48f5/html5/thumbnails/5.jpg)
What is a network analyzer?Intercepts and logs traffic passing
over a digital network.
A protocol analyzer is used to decode the protocols at each layer.
What is packet sniffing?Illegal reading packets of data
travelling through a network.
Packet Sniffing is difficult to detect.
![Page 6: Network Protocol Analysis](https://reader033.vdocuments.mx/reader033/viewer/2022061300/54cda87d4a79591e0f8b48f5/html5/thumbnails/6.jpg)
METHODS OF PACKET SNIFFING
IP SPOOFINGIntercepts traffic in a network
by taking on the IP address of another computer.
RAW TRANSMITAbnormal traffic generation
such as TCP SYN floods.
![Page 7: Network Protocol Analysis](https://reader033.vdocuments.mx/reader033/viewer/2022061300/54cda87d4a79591e0f8b48f5/html5/thumbnails/7.jpg)
NETWORK LAYER
Data known as Packets. Header has logical address of
source and destination. Checking routing table for routing
information.
![Page 8: Network Protocol Analysis](https://reader033.vdocuments.mx/reader033/viewer/2022061300/54cda87d4a79591e0f8b48f5/html5/thumbnails/8.jpg)
IPv4
Connectionless, unreliable. Can be Paired with TCP to enhance
reliability. IP packet = Header + Data Max length= 216-1.
![Page 9: Network Protocol Analysis](https://reader033.vdocuments.mx/reader033/viewer/2022061300/54cda87d4a79591e0f8b48f5/html5/thumbnails/9.jpg)
IP PACKET STRUCTURE
Header
Data
![Page 10: Network Protocol Analysis](https://reader033.vdocuments.mx/reader033/viewer/2022061300/54cda87d4a79591e0f8b48f5/html5/thumbnails/10.jpg)
VERSION: 4 bit HEADER LENGTH: • 4 bits determine total number of 4
byte words in.• Length between 20 to 60 Bytes.
SERVICES:
PRECEDENCE BIT
TYPE OF SERVICE
NEVER USED
3 bit 4bit 1bit
![Page 11: Network Protocol Analysis](https://reader033.vdocuments.mx/reader033/viewer/2022061300/54cda87d4a79591e0f8b48f5/html5/thumbnails/11.jpg)
Precedence bit:• Ranges from 000-111.• Some datagrams are more important
than others. TYPES OF SERVICES(TOS):
TOS Bits DESCRIPTION
0000 Normal( default)
0001 Minimize cost
0010 Maximize reliability
0100 Maximize throughput
1000 Minimize delay
![Page 12: Network Protocol Analysis](https://reader033.vdocuments.mx/reader033/viewer/2022061300/54cda87d4a79591e0f8b48f5/html5/thumbnails/12.jpg)
TOTAL LENGTH:• 16 bit.• Size of data = total length- header
length. IDENTIIFICATION: • 16bit.• Packet does’nt fit into frame.• Assigned by the sender that helps in
assembling the fragments.
![Page 13: Network Protocol Analysis](https://reader033.vdocuments.mx/reader033/viewer/2022061300/54cda87d4a79591e0f8b48f5/html5/thumbnails/13.jpg)
FLAGS:• 3 bit.
FRAGMENT OFFSET:• 13 bit, determines the position of
the fragment in the datagram.• First fragment has an offset zero.
0 DF MF
Don’t MoreFragment Fragment
![Page 14: Network Protocol Analysis](https://reader033.vdocuments.mx/reader033/viewer/2022061300/54cda87d4a79591e0f8b48f5/html5/thumbnails/14.jpg)
![Page 15: Network Protocol Analysis](https://reader033.vdocuments.mx/reader033/viewer/2022061300/54cda87d4a79591e0f8b48f5/html5/thumbnails/15.jpg)
TIME TO LIVE:• 8 bit.• Prevents packets from staying in
the network after their use has expired.
• Used to destroy undelivered datagrams.
PROTOCOL:• 8 bit.• Defines the protocol used like TCP
and UDP for the data portions.
![Page 16: Network Protocol Analysis](https://reader033.vdocuments.mx/reader033/viewer/2022061300/54cda87d4a79591e0f8b48f5/html5/thumbnails/16.jpg)
HEADER CHECKSUM:• 16 bit. • Value of the field is compared with
the header checksum. SOURCE & DESTINATION
ADDRESS:• 32 bit IP address.• Remains unchanged when packet
travels from source to destination.
![Page 17: Network Protocol Analysis](https://reader033.vdocuments.mx/reader033/viewer/2022061300/54cda87d4a79591e0f8b48f5/html5/thumbnails/17.jpg)
TCP SEGMENT STRUCTURE
TCP is a core protocol in the TCP/IP suite.Transport layer protocol.Reliable transmission of data between processes.
![Page 18: Network Protocol Analysis](https://reader033.vdocuments.mx/reader033/viewer/2022061300/54cda87d4a79591e0f8b48f5/html5/thumbnails/18.jpg)
TCP segment contains header and data sections.
Header contains various fields which are:-
16-bit source and destination port address.
32-bit sequence number identifies the logical sequence of segment.
32-bit Acknowledgement number holds the sequence number of the next expected segment if ACK flag is set.
4-bit Data Offset indicates the header size.
6-bit reserved for future use.
6-bit flags for control.
![Page 19: Network Protocol Analysis](https://reader033.vdocuments.mx/reader033/viewer/2022061300/54cda87d4a79591e0f8b48f5/html5/thumbnails/19.jpg)
16-bit window specifies the size of the receive window.
16-bit check sum to detect errors in header and data.
16-bit urgent pointer indicates the offset of last urgent data if URG flag is set.
Variable size option field.
Padding is a variable size field used to pack 0’s so the data starts from a bit position which is a multiple of 32.
![Page 20: Network Protocol Analysis](https://reader033.vdocuments.mx/reader033/viewer/2022061300/54cda87d4a79591e0f8b48f5/html5/thumbnails/20.jpg)
3-WAY HANDSHAKE
![Page 21: Network Protocol Analysis](https://reader033.vdocuments.mx/reader033/viewer/2022061300/54cda87d4a79591e0f8b48f5/html5/thumbnails/21.jpg)
CONNECTION ESTABLISHMENT IN TCP
3-way handshake.
Passive opening of port by server to allow service.
Client sends SYN(synchronize) request to server.
Server acknowledges by sending ACK-SYN.
Client again responds with ACK
Connection is now established.
![Page 22: Network Protocol Analysis](https://reader033.vdocuments.mx/reader033/viewer/2022061300/54cda87d4a79591e0f8b48f5/html5/thumbnails/22.jpg)
WIRESHARK ETHER APE FIDDLER2 CAPSA
Operating System
Linux, Mac, Windows,Unix.
Linux, Mac. Windows. Windows
GUI YES YES YES YES
Command Line Interface
Yes Yes No No
Protocols Analysis
All protocols. Almost all protocols.
HTTP. Commonly used protocols.
Proxy server??
No. No. Yes. No.
SSL Support. Yes Yes. Yes Yes
Sniffing Capabilities
Yes Only wired media
Yes Pro edition does
Price(availability)
Freely available Free Freely available?
Not freely available(start at $549)
Filters Yes yes yes Yes
Meddling with requests & responses
No No Yes No