the ack and nack of programming - cloud object...
TRANSCRIPT
NFJS Software Symposium Series 2012
Ken Sipe
The ACK and NACK of Programming
Ack & NackAbout Speaker
Developer: Embedded, C++, Java, Groovy, Grails, C#, Objective CSpeaker: JavaOne 2009 Rock Star, NFJS, JAXMicrosoft MCPSun Certified Java 2 ArchitectMaster of Scrums Agile CoachInstructor: VisiBroker CORBA
Rational Rose, OOAD
http://kensipe.blogspot.com/http://del.icio.us/kensipetwitter: @[email protected]
Ack & Nack
How Well Do You Know Your Computer?
3
Ack & Nack
“The network is the computer”
-- John Gage
4
Ack & NackMotivations
n Understand One Abstraction Lower¨ then where you are
n Developer Productivityn Security
Ack & Nack
6
192.168.0.1
Ack & Nack
7
Ack & NackAgenda
n Understanding the Challengesn OSIn Tools of the traden WiFi
Ack & NackNetworking is Hard
n Asynchronousn Bandwidthn Latencyn Service Discovery
Ack & Nack
OSI Model
13
Ack & Nack7 Layers
n Physical Layern Data-Link Layern Network Layern Transport Layern Session Layern Presentation Layern Application Layer
Ack & NackLayers
n Each Layer¨Has a Header
n contains protocol info
¨Has a Bodyn data
¨Wraps the Previous Layern The body of a layer is the head + body of the previous layer
Ack & Nack
Ack & Nack
Hardware
Ethernet Ports
IP
TCP
Socket
Ack & Nack
Point to Point
Host to Host
Ack & Nack
Ack & NackPhysical Layer (Layer 1)
n Cablesn Physical Connections
Ack & Nack
==
promiscuous mode cloaking
Ack & Nack
n Hub¨ extends single LAN
n Bridge / Layer-2 Switch¨ connects 2 or more LANs together¨works a data link layer
n Router / Layer-3 Switch¨ connects any combination of LANs and WANs¨works at network layer
Ack & NackData Link Layer (Layer 2)
n <inter-office mail> relative to postal systemn Media Access Control (MAC) addresses
¨ globally unique address¨ 6 bytes¨ xx:xx:xx:xx:xx:xx¨ 90:27:e4:f8:b5:15
90 27 e4 f8 b5 15{ {vendor code interface serial number
Ack & NackMAC(s)
n Ethernet Header¨ 14 bytes¨ source and destination MAC for this packet
n MAC isn’t intended to change¨ fingerprint of the network
Ack & NackARP
n Address Resolution Protocol (ARP)¨ associates MAC - IP¨ broadcast
n “Hey... Who has IP X?”
n Resolution usually is cached
Ack & Nack
Ack & Nack
n arp tools¨ arp
n arp -an arpon -ln arpon -i wlan0 -D
n mac spoofing¨ ifconfig wlan0 hw ether 00:80:48:BA:d1:30
n arp poisoning¨ arpspoof
n arpspoof -t <router_id> <local_ip>n arpspoof -t <local_ip> <router_id>
¨ ettercap -NaC <router_id> <local_ip>
Ack & Nack
Ack & NackNetwork Layer (Layer 3)
n Internet Protocol (IP)n Protocols
¨ ICMP¨ARP¨RARP
Ack & NackIP
n Internet Protocol (IP)¨ versions:
n IPv4n IPv6
n Form:¨ xx.xx.xx.xx¨ 192.169.0.1 or 10.0.1.1
n Size:¨ 20 bytes
Ack & Nack
n IPv4¨ 32 bits
n private¨ 10.0.0.0 - 10.255.255.255¨ 172.16.0.0 - 172.31.255.255¨ 192.168.0.0 - 192.168.255.255
Ack & NackDatagrams Header
Ack & Nack
n IPv6¨ 128 bits (16 bytes)
n 2001:0db8:3241:0000:0000:9a8f:00c9:952e
¨ leading zeros not written¨ consecutive all-zero groups can be replaced with ::
n 2001:0db8:3241::9a8f:00c9:952e
¨Reservedn ::1/128 (127.0.0.1 in IPv4)
Ack & NackIP
n IP alone does NOT guarantee:¨ connections¨ ensure delivery
Ack & Nack
Ack & Nack
Ack & NackDNS
n Domain Name System¨ resolve host name to IP address (A)¨ resolve an IP address to host name (PTR)¨ find mail servers for domain (MX)¨ find name servers for domain (NS)¨ find host name for IP (AAAA)¨ alias (CNAME)
Ack & NackIP Tools
n ifconfig / ipconfign whoisn pingn dhclient
¨DNS utility
n nslookupn dsniff - DNS Spoofing
¨dnsspoof
Ack & NackWhere in the IP?
n tracerouten netstat -rn zenmap
Ack & NackTransport Layer (Layer 5)
n Major Protocols¨Transmission Control Protocol (TCP)¨User Datagram Protocol (UDP)
n TCP used by:¨HTTP¨ SMTP¨ FTP
Ack & NackUDP
n Less overhead¨ no connection establishment
n more effiecient¨ no guaranteed delivery
n Data reception from more than one machinen apps
¨weather, time, video, games
Ack & NackTCP
n TCP¨Reliable¨Bi-Directional
n Ensures packets are ordered prior to sending to the next layer¨TCP Flags¨ sequence numbers
Ack & NackTCP header
Ack & NackTCP
TCP Flag Meaning Purpose
URG Urgent Important data
ACK Acknowledgement Acks a packet
PSH Push Do not buffer
RST Reset Resets a connection
SYN Synchronize Synchronizes the sequence numbers at the beginning of a connection
FIN Finish Goodbye
Ack & Nack
Ack & NackTCP Tools
n tcpdumpn wireshark
n Note:¨ pcap - packet capture
n libpcapn WinPcap
Ack & NackWireshark
n find top talkers on the netn recognize the most common connection
problemsn spot delays between client requestn detect network congestionn graph application throughputn identify service response times
Ack & Nack
Ack & NackSession Layer
n Ports¨ 64k possible ports¨< 1024 privileged ports
n Well Known (/etc/services)¨ 22 - ssh¨ 25 - smtp¨ 80 - http¨ 443 - https
Ack & NackSocket
n Socket¨ IP¨Port
¨ 192.168.0.1:80
Ack & NackSocket Tools
n lsof¨ lsof -i
n open connections
¨ lsof -i -nn just TCP/UDP
¨ lsof -i :8080n who owns 8080
¨ lsof -u ksipen what owned by ksipe
¨ lsof +p 6565n what all does pid 6565 own
Ack & Nack
Ack & Nacknmap
n nmap -O localhost¨ guess the OS
n nmap -T4 -A localhost¨ agressively scan, at a level 4 (O, sC, traceroute)
Ack & NackSession Tools - Proxy
Ack & NackOther useful tools
n netcat¨$ nc -l 3333¨$ nc 192.168.0.1 3333
n $ ssh -f -L 23333:127.0.0.1:3333 [email protected] sleep 10; nc 127.0.0.1 3333 | pv -b > backup.iso¨ ssh with a port forward¨ copy of file through nc¨ port 3333 firewalled, port 22 open for ssh
Ack & Nack
Wifi
58
Ack & Nack
WiFi
61
Almost impossible to secure
Ack & NackManagement Frame
n Authn De-Authn Association Reqn Association Respn Reassociation Reqn Reassociation Respn Beaconn Probe Requestn Probe Resp
Ack & NackWEP Crack
n In 2007¨ 3 seconds to crack 104-bit WEP key¨ 1.7GHz Pentium M¨< 1 min for data capture
n Today with GPU¨ “fjR8n”
n CPU in 24 sec w/ 9.8 million guesses/secn GPU < one sec w/ 3.3 billion guesses/sec
¨ “fh0GH5h”n CPU ~ 4 daysn GPU ~ 17 mins 30 secs
Ack & NackSecuring your WiFi Access
n Business VPNn TorGuardn Tor Project
¨ https://www.torproject.org/
Ack & NackSummary
n Top Tools¨WireShark¨ nmap¨ lsof¨ netstat¨ routetrace