02 - Network For Pentesters
02 - Network For Pentesters
● MAC addresses are 48 bits long (6 bytes) and are typically represented in
hexadecimal format. Example: 00:1A:2B:3C:4D:5E
Error Detection and Flow Control
● The Data Link Layer performs error detection using techniques like cyclic
redundancy check (CRC) to ensure the integrity of transmitted data.
● Flow control mechanisms help manage the flow of data between sender and
receiver, preventing data overflow and ensuring smooth communication.
Media Access Control (MAC)
● The MAC sublayer is responsible for controlling access to the physical
network medium. It ensures that multiple devices connected to the same
network segment can communicate without causing data collisions.
● Switches maintain MAC address tables to learn and store MAC addresses
associated with specific ports. This enables efficient and intelligent forwarding of
frames to their intended destinations.
Ethernet
Ethernet is a widely used networking
technology that operates at the Data Link
Layer (Layer 2) of the OSI model. It is known
for its simplicity, scalability, and compatibility
with various network devices.
Physical Medium
Ethernet can operate over various physical media,
● The ARP cache helps devices avoid sending ARP requests for frequently
accessed IP addresses, improving network efficiency.
ARP Operation Example
● Suppose Device A wants to communicate with Device B using its IP address.
● Device A checks its ARP cache for Device B's MAC address. If not found, it sends
an ARP request to all devices on the network.
● Device B, recognizing its IP address in the ARP request, replies with an ARP reply
containing its MAC address.
● Device A updates its ARP cache with Device B's MAC address and can now send
packets directly to Device B.
ARP Header
● Hardware Type The layer 2 type used. In most cases, this is
ethernet (type 1).
● Protocol Type The higher-layer protocol for which the ARP
request is being used.
● Hardware Address Length The length (in octets/bytes) of the
hardware address in use (6 for Ethernet).
● Protocol Address Length The length (in octets/bytes) of the
logical address of the specified protocol type.
● Operation The function of the ARP packet: 1 for a request & 2 for
a reply.
● Sender Hardware Address The hardware address of the sender.
● Sender Protocol Address The sender’s upper-layer protocol
address.
● Target Hardware Address The intended receiver’s hardware
address (zeroed in ARP requests).
● Target Protocol Address The intended receiver’s upper-layer
protocol address
Arp utility
● arp utility is used to look ARP cache and manipulate it
● Open cmd or terminal and type
○ arp -a → to list the cache
○ arp -s ip-address mac address → to add an entry
○ arp -d ip-address → to delete an entry
ARP Spoofing
● ARP spoofing (also known as ARP Cache poisoning) is a malicious attack where
an attacker sends falsified ARP messages to associate their MAC address with the
IP address of another device.
● This attack can be used for various malicious purposes, such as intercepting
network traffic, performing man-in-the-middle attacks, or launching
denial-of-service attacks.
● To mitigate ARP spoofing, techniques like ARP inspection, static ARP entries, and
secure ARP protocols (Secure ARP in IPv6) are used.
ARP Spoofing MITM
ARP Spoofing Demo using ettercap
IPv4
IPv4 (Internet Protocol version 4) is the fourth
revision of the Internet Protocol (IP) and is
widely used for communication over the
Internet and private networks. It defines how
data packets are addressed, routed, and
transmitted across networks.
Objective and Context
● The objective of IP is to allow communication between different networks, with
a system of addressing, information on fragmentation and routing.
● Inasimplenetworke.g.aLocalAreaNetwork(LAN)the communication is
managed using MAC Addresses but when we want to connect two LANs we
need a router, which operates at layer 3 and IP protocol.
● Operatesatlayer3anditisconnection-less.
● RFC791
Addressing Scheme
● IPv4 also lacks built-in security features, although protocols like IPsec can be
used for secure communication.
IPv4 (Internet Protocol version 4) used a
system of address classes to manage and
allocate IP addresses within networks. These
classes define different ranges of IP addresses
based on their purpose and size. There are five
classes in total: A, B, C, D, and E. This became
part of the History right now
Address Classes
● In CIDR notation, the subnet mask is expressed as the number of bits set to 1
in the mask. For example:
○ A subnet mask of 255.255.255.0 (or /24 in CIDR) means the first 24
bits are for the network and the remaining 8 bits are for hosts.
Example
● Consider an IP address 192.168.1.100 with a subnet mask 255.255.255.0
(/24). In binary, the subnet mask is 11111111.11111111.11111111.00000000.
● Thus, the network address is 192.168.1.0, and the range of host addresses is
from 192.168.1.1 to 192.168.1.254, with 192.168.1.255 reserved for
broadcasts.
A subnet, short for subnetwork, is a logical
subdivision of an IP network. It allows network
administrators to divide a larger network into
smaller, more manageable segments. Subnetting
helps improve network performance, security,
and efficiency by organizing devices into smaller
groups based on their IP addresses.
Subnetting
● Subnetting involves creating smaller networks within a larger network by
borrowing bits from the host portion of the IP address to create additional
network addresses.
● By subnetting, administrators can efficiently allocate IP addresses and reduce
broadcast traffic, improving network performance.
● Subnetting also enhances network security by isolating segments of the
network and implementing access controls between subnets.
Subnet Calculation
● To create subnets, you determine the number of subnets and hosts per
subnet required for your network.
● You then calculate the subnet mask based on the number of subnet bits
needed. For example, if you need 4 subnets, you would borrow 2 bits (2^2 = 4
subnets) from the host portion of the subnet mask.
● The formula for calculating the number of hosts per subnet is 2^(number of
host bits) - 2, where the -2 accounts for the network address and broadcast
address, which cannot be assigned to hosts.
Subnetting Example
● the IP address 192.168.1.0 with a subnet mask of 255.255.255.0 (/24). subnet
this network into 4 subnets.
● Borrowing 2 bits from the host portion (making it a /26 subnet mask), you
create subnets:
○ Subnet 1: 192.168.1.0/26 (192.168.1.1 to 192.168.1.62)
○ Subnet 2: 192.168.1.64/26 (192.168.1.65 to 192.168.1.126)
○ Subnet 3: 192.168.1.128/26 (192.168.1.129 to 192.168.1.190)
○ Subnet 4: 192.168.1.192/26 (192.168.1.193 to 192.168.1.254)