Information Security Practices 1.1 (Network Sniffing)

Language 2023-06-05 05:01:54 views: null

foreword

        This network sniffing is actually using wireshark to capture packets. At that time, I was in a rush to do it, so I just wrote something casually. The reference value is relatively small.

        The first practice was because the winter vacation was bad at home, and then I did it two days before school started, so the quality was not very good. But it can be regarded as a practice, just take a look.

Require

        Use network sniffing tools to capture network communication packets and analyze sensitive information in the packets

key step

  1. Open Wireshark.                                                                                                                           

        2. Click capture, then set as shown in the picture, and then click start to capture (because my computer is WIFI, so I need to select WLAN to capture; the local connection in the above picture: if the computer has turned on the hotspot, and the mobile phone has connected to the hotspot, then These local connections will have network fluctuations)

        3. The following figure is the capture result:

        Because the network connection accesses many IP addresses, there are many destination IP addresses, which are quite chaotic, so I use Baidu's IP address to check.

        4. Open the cmd window, and then enter: ping www.baidu.com  to test the connection between the host and Baidu. We found that we can connect normally, and then we return to the Wireshark interface, in the search bar above, enter: ip.addr == 183.232.231.172, and press the Enter key to filter out the network information other than the host and Baidu.

        5. Data packet layered protocol display:

        6. It can be seen from the previous results that the connection between the host and Baidu mainly uses ICMP and TCP protocols.

        As shown in the figure above, it shows the three-way handshake protocol of TCP.

First handshake protocol:

 The host sends a TCP to the destination ip, the flag bit is SYN, and the serial number is 0, which means that the host requests a connection. The key attributes of the packet are as follows:

SYN: Flag bit, indicating a request to establish a connection

Seq = 0: The initial connection value is 0, and the relative sequence number of the data packet starts from 0, indicating that no data has been sent yet

Ack =0: The initial connection value is 0, and the number of packets has been received, indicating that no data is currently received

The second handshake protocol:

The destination server sends back an acknowledgment packet, the flag bit is SYN, ACK, and the acknowledgment number (Acknowledgment Number) is set to the client's ISN plus 1. That is, 0+1=1, as shown in the figure below. The key attributes of the data packet are as follows: [SYN + ACK]: flag bit, agree to establish a connection, and send back SYN+ACKSeq = 0: the initial establishment value is 0, indicating that no data has been sent yet

Ack = 1: Indicates the number of data bits successfully received by the current end. Although the client has not sent any valid data, the confirmation number is still increased by 1 because it contains the SYN or FIN flag. (It will not affect the count of valid data, because packets containing SYN or FIN flag bits do not carry valid data)

The third handshake:

The host sends an acknowledgment packet (ACK) again, the SYN flag is 0, and the ACK flag is 1. And put the ACK sequence number field +1 sent by the server, put it in the confirmation field and send it to the other party, and write the ISN +1 in the data segment, as shown in the figure below:

 The key attributes of the packet are as follows:

ACK: flag bit, indicating that the record has been received

Seq = 1: Indicates that 1 data has been sent currently

Ack = 1: Indicates the number of data bits successfully received by the current end. Although the server has not sent any valid data, the confirmation number is still increased by 1, because it contains the SYN or FIN flag (it will not affect the count of valid data, because Packets containing SYN or FIN flags do not carry valid data).

In this way, the TCP three-way handshake is passed and the connection is established. Start data interaction

Analysis of the role of network sniffing in information security

        Network sniffing is a commonly used technique in information security applications, and it can be used as a tool for hacking or computer security management. For security maintenance personnel, network sniffing can be used to monitor the network and discover network attacks in time. For example, you can check whether the TCP three-way handshake protocol is normally completed when the source IP address accesses the website. If the three-way handshake protocol is not completed normally, it means that the access is abnormal. In short, network sniffing is of great significance for maintaining computer security.

Guess you like

Origin blog.csdn.net/xiexieyuchen/article/details/130935283
Recommended
Apache Doris version 2.0.10 is officially released!
Open Source Daily | Big models go to war; big model unicorns are revealed to be selling themselves; Zhou Hongyi suggests that Google open source all its products; the largest open source AI community provides $10 million to share GPUs
Ranking
JS inheritance and monitoring
[ProblemSolving][Ubuntu][LyX] The selected document class ... requires external files that are not available...
Java threads sharing static variable
balancap/SSD-Tensorflow使用及训练预测自己的数据集
Detailed core ES6
JS --- reverse traversal achieved Array array, the array is connected string
How to Uninstall (or Reinstall) Windows 10’s Ubuntu Bash Shell
Linux modify the hostname method
Charging Specification BC v1.2
node的性能和java对比分析
Daily
More
2024-05-17(6)
2024-05-16(23)
2024-05-15(5)
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)

Code World

© 2018 codetd.com