How the Internet works
38
Wolf Paulus Wolf Paulus . com How the Internet works - Hacking iTunes -
-
Upload
wolf-paulus -
Category
Technology
-
view
2.744 -
download
1
description
This is talk is a little shady, a little underground, and attendees have been seen wearing diggnation shirts and even brought beer – brown bag style of course. However, it’s all about “How the Internet works” and while I talk a lot about MAC and IP addresses, TCP, packets, ports, TTL, NAT, and all that, it has always been a lot fun for everyone. I talk about how applications like iTunes announce shared playlists and why sharing them only works on LANs but not over the Internet – and of course you will see how you can “work around” this .. limitation.
Transcript of How the Internet works
Wolf Paulus
Wolf Paulus . com
How the Internet works - Hacking iTunes -
1963
© 2006 Wolf Paulus
© 2006 Wolf Paulus
Packet-Switched vs. Circuit-Switched
• Circuit-switched networks require dedicated point-to-point connections during calls.
• Packet-switched networks move data in separate, small blocks -- packets -- based on the destination address in each packet. When received, packets are reassembled in the proper sequence to make up the message.
© 2006 Wolf Paulus
MAC Address
• MAC or Ethernet-ID, like a SSN
00 : 0a : 95 : a5 : a3 : 8c
6 pairs 00..FF (256) = 2566 = 248 =
281,474,976,710,000
• 1st 3 pairs identify the manufacturer:
E.g. : 00 : 0a : 95 : .. : .. : .. - Apple
© 2006 Wolf Paulus
Vendor/Ethernet MAC Address Lookup and Search
http://www.coffer.com/mac_find/
© 2006 Wolf Paulus
Hacker Tip
Changing your MAC Address
• Mac OS X
• sudo ifconfig en0 ether 00:01:02:03:04:05
• Linux1. /etc/init.d/networking stop
2. ifconfig eth0 hw ether 00:01:02:03:04:08
3. /etc/init.d/networking start
© 2006 Wolf Paulus
IP v. 4 - 32-bit Address
• IP - like a Phone Number or ZIP code
• Manually assigned or through DHCP
• 17 . 254 . 3 . 183
• 2564 = 232 = 4,294,967,296
© 2006 Wolf Paulus
IP v 4
• Internet Protocol Version 4
• 8-bit . 8-bit . 8-bit . 8-bit e.g. 17 . 254 . 3 . 183
• Originally
• 1st 8 bits defined the location
• 24 bits to address computers on that network
© 2006 Wolf Paulus
Class A, B, and C
© 2006 Wolf Paulus
Special IP Ranges
© 2006 Wolf Paulus
© 2006 Wolf Paulus
Inter-Domain Routing
© 2006 Wolf Paulus
How Packets work . . .
• A packet consists of three elements
• Header (.. Envelope)
• Data (.. Letter)
• Trailer
© 2006 Wolf Paulus
IP Packet Structure• Time to Live (TTL)
• Protocol (1 = ICMP, 6 = TCP, 17 = UDP )
• Source and Destination Address
© 2006 Wolf Paulus
Packet Sniffer Output0x0000: 4500 003e ca34 0000 4011 d581 c0a8 c8330x0010: 4315 0f08 c9d0 0035 002a c595 347c 01000x0020: 0001 0000 0000 0000 0265 6e09 7769 6b690x0030: 7065 6469 6103
[ TTL 64 ] [ UDP = 17] = 40 11Header Checksum ...Source addr. 192.168.200.51 = c0 a8 c8 33
© 2006 Wolf Paulus
IP Packet
UDP Packet
© 2006 Wolf Paulus
IP Packet
TCP Packet
© 2006 Wolf Paulus
Packet Sniffer Output0x0000: 4500 003c ca40 4000 4006 9419 c0a8 c8330x0010: cf8e 83f7 ce5a 0050 944b 24a8 0000 00000x0020: a002 ffff dc90 0000 0204 05b4 0103 03000x0030: 0101 080a 697b
TTL= 64, TCP= 6 40 06Source Address= 192.168.200.51 c0 a8 c8 33
Destination: wikimedia.org= 207.142.131.247 cf 8e 83 f7Destination Port HTTP= 80 00 50
Router and NAT Router
netstat -rnWPBook:~ wolf$ netstat -rnRouting tables
Internet:Destination Gateway Flags Refs Use Netif Expiredefault 192.168.234.240 UGSc 105 31 en1127 127.0.0.1 UCS 0 0 lo0127.0.0.1 127.0.0.1 UH 13 45570 lo0169.254 link#5 UCS 0 0 en1192.168.234 link#5 UCS 1 0 en1192.168.234.138 127.0.0.1 UHS 0 1 lo0192.168.234.240 0:3:a0:89:76:7c UHLW 106 42 en1 1099
en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1356 inet6 fe80::214:51ff:fe7a:8439%en1 prefixlen 64 scopeid 0x5 inet 192.168.234.138 netmask 0xffffff00 broadcast 192.168.234.255 ether 00:14:51:7a:84:39 media: autoselect status: active supported media: autoselect
ifconfig en1
arp -a
sd-ex1.verity.com (192.168.0.125) at 0:11:43:d9:23:9a on en0 [ethernet]cs2.verity.com (192.168.0.143) at 0:7:e9:18:7f:75 on en0 [ethernet]denali.verity.com (192.168.0.151) at 0:14:22:16:65:3f on en0 [ethernet]vrty-sd1.verity.com (192.168.0.160) at 0:7:e9:18:7e:ec on en0 [ethernet]vrty-sd2.verity.com (192.168.0.162) at 0:7:e9:18:7e:eb on en0 [ethernet]qavm01 (192.168.1.36) at 0:14:22:72:33:2f on en0 [ethernet]englabd2.nato.cardiff.com (192.168.1.71) at 0:d0:b7:b8:1e:b2 on en0 [ethernet]? (192.168.1.127) at 0:c0:4f:60:39:cf on en0 [ethernet]? (192.168.1.140) at 0:b0:d0:44:ac:df on en0 [ethernet]? (192.168.1.152) at 0:d0:b7:b8:9c:3b on en0 [ethernet]csdlab-b03 (192.168.2.75) at 0:c0:4f:4:1c:5b on en0 [ethernet]ldap2000.ad2000.qalab (192.168.2.85) at 0:3:47:f3:b5:de on en0 [ethernet]perf06.perform.qalab (192.168.2.88) at 0:12:3f:20:b7:43 on en0 [ethernet]wpaulus-xp-p650.verity.com (192.168.2.143) at 0:8:74:4f:eb:52 on en0 [ethernet]sd-irtr-1.verity.com (192.168.2.247) at 0:3:e3:eb:96:ff on en0 [ethernet]dotnetxp.qa.perform (192.168.3.70) at 0:3:47:f3:a3:34 on en0 [ethernet]
© 2006 Wolf Paulus
NAT-Router Port Forwarding
© 2006 Wolf Paulus
© 2006 Wolf Paulus
Hacking iTunes Sharing
© 2006 Wolf Paulus
iTunes - Sharing Playlist• iTunes announces the
availability of shared playlists via Multicast DNS (aka Zeroconf, Rendezvous, or Bonjour)224.0.0.251
• TTL = 255 = 0xFF
• Protocol = UDP = 0x11
• Destination = 224.0.0.251
0x0000: 4518 01f4 4e50 0000 ff11 0187 c0a8 c8650x0010: e000 00fb 14e9 14e9 01e0 db14 0000 84000x0020: 0000 0008 0000 0002 0c57 5042 6f6f 6b200x0030: 4d75 7369 6305
© 2006 Wolf Paulus
Code: Multicast Receiver
MulticastSocket ms = new MulticastSocket(1234); ms.joinGroup(InetAddress.getByName("225.9.3.97");
byte[] data = new byte[256];
while (true) { DatagramPacket dgp = new DatagramPacket(data, data.length); try { ms.receive(dgp); } catch (IOException e) { // whatever .. } ...
}
© 2006 Wolf Paulus
Code: Multicast Sender
MulticastSocket ms = new MulticastSocket() InetAddress mia = InetAddress.getByName("225.9.3.97");int mport = 1234;byte[] data = "My Messgage".getBytes();ms.setTimeToLive( 47 ); try { ms.send(new DatagramPacket(data,data.length,mia,mport));} catch (IOException e) {}
© 2006 Wolf Paulus
iTunes - Receiving shared songs
iTunes serves songs to a remote client using TCP port 3689
• TTL = 2 = 0x02
• Protocol = TCP = 0x6
• Source / Server = 192.168.200.101
• Destination / Client = 192.168.200.51
• Server Port = 3689
0x0000: 4500 05dc 5627 4000 0206 0b0b c0a8 c8650x0010: c0a8 c833 0e69 d2e2 9f1c 6d86 c7b4 73610x0020: 8010 ffff bb4e 0000 0101 080a 0c37 55b40x0030: 697c 13f1 2a9c
© 2006 Wolf Paulus
Overcome broadcast filtering
• NetWork Beacon
serves as a proxy for services on other computers or devices.
http://www.chaoticsoftware.com
• RendezvousProxy
Java Implementation
http://ileech.sourceforge.net
© 2006 Wolf Paulus
Overcome broadcast filtering
© 2006 Wolf Paulus
Overcome broadcast filtering• modttl ;-)
modttl is intended for network administrators that are looking to modify the TTL of packets beings sent from their servers
This allows you to restrict the TTL of packets that you only want going a certain number of hops from your server or extend the TTL of packets that for some reason are set to low.
© 2006 Wolf Paulus
Overcome broadcast filtering
Running modttl on the serving machine:
Using divert port 17780TTL of packets will be set to 255Creating a socketBinding a socketPriority has been set to -15Waiting for data...00071 divert 17780 tcp from 192.168.100.51 3689 to any out xmit en0
• modttl.tgz
modifies the TTL of packets. Works on OS X and FreeBSD.
http://www.intrarts.com/software.html
© 2006 Wolf Paulus
Hacking iTunes Sharing
© 2003-2006 Carlsbad Cubes© 2006 wolfpaulus.com
Thanks for coming
