Networking 101

“5-minute University”

● We're just going to cover the basic technologies that make up the Internet

● There's a lot more content in a Computer Networking class that's very valuable, this is just enough material to be able to talk about cybersecurity issues

● Hopefully not boring for students that already took CS 485/ECE 440/CS 585

Network of two machines

10.0.8.1 10.0.8.2

IP address: identifies the machine on the network.Local (10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12) vs. Internet routable (e.g., 64.106.21.143).

● What stops me from saying my IP address is something else (e.g., an IP that belongs to someone else) on the same network as me?

man manman ifconfigifconfig | less

ARP: Address Resolution Protocol

● MAC (media access control) address (e.g., “c4:02:32:6b:00:00”) is supposed to be unique to the network interface– Also called a hardware address

(from http://chrissanders.org/packet-captures/)

● What stops me from saying my hardware address is something else?

CIDR

● Classless Inter-Domain Routing

● /27 has a net mask of 255.255.255.224

From Wikipedia

Some notation

● 192.168.55.0/24● 10.0.9.0/24● 10.0.8.0/24

Network of networks

192.168.55.1 192.168.55.2

10.0.8.1 10.0.8.2

10.0.9.1

10.0.9.2

192.168.55.3

IP (Internet Protocol) routing

Graphic by Danny Adams

● What stops me from saying my IP address is one from a network on the other side of the world?

tracepath -n uchicago.eduroute -narp -n

TCP/IP

● TCP = Transport Control Protocol● Port: a number that identifies a process or service on the remote

machine● Socket: a way for a process on one machine to communicate with a

process on another machine– Can be identified by two port:ipaddress tuples

● TCP is connection-oriented, packets can be lost and retransmitted, delivered out of order, etc.– Compare to UDP, which is the User Datagram Protocol

● See http.pcap example from https://wiki.wireshark.org/SampleCaptures#HyperText_Transport_Protocol_.28HTTP.29

screenCtrl+A then C to CreateCtrl+A then N for Nexthost www.cs.unm.edu

nc 64.106.20.27 80(in other terminal...)netstat -tpn | less

DNS maps hostnames to IPs and vice versa

host 64.106.20.60host wiki.cs.unm.edu

man dig

BGP = Border Gateway Protocol

● A path vector protocol that is a lot like a distance vector protocol– Tell your neighbors what routes you know about

● BGP is how Autonomous Systems (ASes) route packets on the Internet

Network Insecurity

● ARP, IP, everything else can be spoofed● Man-in-the-middle: router pretends to be the host, can do

anything– Almost every time you connect to public Wifi

– Another example: China's Great Cannon

● Man-on-the-side: more limited, can see packets and insert, but can't modify or drop– Example: NSA QUANTUM

● What are the different places in the network where these types of attacks can be implemented?