HackingMill
Published in

HackingMill

Network Fundamentals — Protocols

Because they are one of the most important parts of networking, this blogs post is to explain what some of them are and how they work. This post probably will never be completely finished because of the sheer amount of protocols that exist, and that are created. Now without further due, let’s begin.

The definition of network protocols, as you can find on CompTIA is an established set of rules that determine how data is transmitted between different devices in the same network. Essentially, it allows connected devices to communicate with each other, regardless of any differences in their internal processes, structure, or design.¹

In a more easily digestible way, a protocol is a set of rules that define how a communication occurs in a network. They allow connected devices to communicate with each other, regardless of the differences in their processes, structure, or design.

Let’s start this with one of the most important protocols that act on a physical level, the Ethernet protocol.

Every system that is connected using cables to access a geographically localized network likely uses Ethernet. It initially grew due to its affordable cost, but as technology advanced, its ability to evolve and deliver high performance sustained its popularity.

I mentioned in another post about the IP addresses so much of what is written here will be the same. The IP protocol runs on the internet layer of the OSI model (layer 3). It serves for routing and addressing packets of data so that they can travel across networks and arrive at the right destination. The IP information is attached to packets and helps routers send the packet to the right place. It works through IP addresses.

An IP (Internet Protocol) address is a unique address that identifies a device on the Internet, it contains location information and makes the device accessible for communication. The internet uses them to differentiate between different computers, routes, and websites.

There are two versions of the protocol, IPv4 and IPv6.

The main difference of the protocols is the notations and the amount of unique IP addresses each can have.

As you can see in the image above, an IPv4 address is composed of 32 bits, 4 segments of 8 bits separated by a dot (.), usually depicted in decimal format (0–255). Each segment is called an octet. On the other hand, an IPv6 is composed of 128 bits, 16 segments of 16bits separated by a colon(:), usually depicted in hexadecimal format (0 — F).

There are a couple of special IP addresses that should be known:

  • Privates: these stop users external to the network from making a connection directly to a device in the network. They can be (x can be any valid number):
    - 10.x.x.x
    - 172.16.x.x — 172.31.x.x
    - 192.168.x.x
    - fd96:2c12:e9b4:8134:xxxx:xxxx:xxxx:xxxx (IPv6)
  • Loopback: these are used to send messages back to me:
    - 127.x.x.x
    - 0:0:0:0:0:0:0:1 (IPv6)
  • APIPA (Automatic Private IP Address): these are used when the computer can’t connect to the DHCP server (a server that automatically assigns IP addresses to devices):
    - 169.254.x.x

To finish about IPv6, you should know that you can divide the address in the middle, half for the network and the other half for the device. You can see what each segment is in the following image:

If you don’t want to always write all the numbers of the IPv6, there is an abbreviation you can use where you simply “remove” the zeros, as shown next:

Next are two protocols that should always be talked about together, the TCP and UDP protocols.

TCP (Transmission Control Protocol) is one of the main protocols of the Internet suite. It provides reliable, ordered, and error-checked delivery of data between applications running of hosts communicating via an IP network.

UDP (User Datagram Protocol) is also one of the main protocols of the Internet suite. Here applications can send messages to other hosts on an IP network.

These two sound very alike, so what are the differences?

Well, geeksforgeeks has an amazing table that shows exactly the differences between the two.

(source: https://www.geeksforgeeks.org/differences-between-tcp-and-udp/)

In terms of applications, TCP is suited for cases where there is a need for high reliability, but transmission time is less critical, like Whatsapp, Instagram and such. UDP is almost the contrary, you need high speed but don’t mind if some packets are lost, like in games, or streaming.

According to Wikipedia DNS (Domain Name System) is the hierarchical and decentralized naming system used to identify computers, services, and other resources reachable through the Internet or other Internet Protocol (IP) networks.²

In simpler terms, is like the phonebook of the Internet. DNS translates domain names, like google.com or facebook.com to IP addresses. Each device connected to the Internet has an IP address and DNS servers eliminate the need to remember IP addresses. Imagine trying to remember the IPv6 address to a couple of websites…

The name resolution is done by resolvers. They are basically servers that contact the DNS server to find the TLD (Top Level Domain) and follow the hierarchy until they find the host.

The algorithm basically does the following:
1. The resolver contacts the root domain server to find the information about the TLD.
2. Then it asks the TLD what is the authoritative name server that can give information about the requested domain.
3. It repeats step 2 for each subdomain.
4. In the end it asks for the domain resolution for the host.

This next image shows the workflow from requesting a webpage to getting it.

If you’re thinking, how does the resolver know the IP address of the root server? Well, it is actually hardcoded in the configuration of each resolver. The system admins manage the list and keep it updated.

A DNS has four primary types of records, these are:

  • A — resolves IPv4 addresses
  • AAAA — resolves IPv6 addresses
  • CNAME — resolves to other domain address. You can have, for example, www.mydomain.com and ftp.mydomain.com resolve to mydomain.com
  • MX — resolves the address for the email servers for the domain requested. Essentially it directs the email to the email server.
  • TXT — just text data that is saved. It contains information for sources outside the domain.

To finish this explanation about DNS, it’s always good to know that the inverse operation is also possible. You can convert an IP address to a DNS name.

ARP (Address Resolution Protocol) is a procedure for mapping a dynamic IP address to a permanent physical machine in a LAN. It essentially translates an IP address to a MAC address. There isn’t much to say about ARP to my current knowledge. To explain the algorithm, imagine the following example.

If A wants to send traffic to B but only knows its IP address:
1. A constructs an ARP request that has the IP address of B and the broadcast MAC address. This makes that the switch will send the request to all the hosts.
2. All the hosts on the network receive the request
3. B answers with an ARP reply giving A its MAC address.
4. A will then save the mapping IP-MAC to its ARP cache

To check the arp cache you can use the following commands on different operating systems:

  • On Linux use — ip neighbour
  • On Windows use — arp -a
  • On *nix use — arp

DHCP (Dynamic Host Configuration Protocol) is used to automatically attribute IP addresses and other parameters of communication for devices using a client-server architecture. This eliminates the need to individually configure the devices manually. It’s necessary to exist one only DHCP server and it has to be inside of the broadcast.

RPC (Remote Procedure Call) is a protocol for constructing distributed, client-server based applications. It extends the normal local procedure calling so that called procedure does not need to exist in the same address space. The two processes can be on different systems as long as they have an internet connection between them.

The above image does an excellent job explaining how RPC works, from the client request until it receives the desired reply.

As I said before, this post is always a work in action, I’ve already added at least one other protocol. I’ve made a distinction here about protocols and services. I know that there are much more protocols such as HTTP or FTP but I’ve made a decision of what protocols should be included here. Thank you for reading and see you next time.

--

--

--

This blog is where I will put my notes about several topics revolving around cybersecurity and hacking, some write-ups of boxes on TryHackMe, HackTheBox and CTFs.

Recommended from Medium

Make or Break, more than a hackathon!

Patent Writing: How to Write a Quality Patent Application?

How to Create Your First (Vr) Game Using Unity

Make.Com Review

What’s the Scrum method ?

How to deploy python in the AZURE app service

What Happens When You Hit ls -l *.c in Simple Shell

Skinning Cats and Coding Like Elsa

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
LumberJohn

LumberJohn

CyberSecurity and Hacking noob notes

More from Medium

Network Fundamentals — Part 2

Basic Overview: Active Directory Hacking

Practical malware analysis — Lab 2

Log4J VULNERABILITY CRUX