Topología, redes y Subredes #
- centralizada
-
descentralizada
-
en malla o mesh
Asignación de IPs por medio de DHCP #
- DHCP server
- DHCP client
Red de 4 equipos #
B
dice, necesito una IP! #
- mensaje:
DHCPDISCOVER
- protocolo: UDP
- puerto destino: 67
- dirección física: 01:12:23:34:45:bb
D
dice, yo te puedo dar IP! #
- mensaje:
DHCPOFFER
- dirección física: 01:12:23:34:45:dd
- dirección IP: 192.168.10.102
- gateway: 192.168.10.1
- dns primario: 8.8.8.8
- dns secundario: 8.8.4.4
B
dice, confirmo recepción! #
- mensaje:
DHCPREQUEST
D
dice, confirmo confirmación! #
- mensaje:
DHCPACK
Resolución de nombres de dominios DNS #
1host localhost
localhost.gcoop.com.ar has address 127.0.0.1
1dig osiux.com
; <<>> DiG 9.8.4-P1 <<>> osiux.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12788
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;osiux.com. IN A
;; ANSWER SECTION:
osiux.com. 300 IN A 96.8.118.129
;; Query time: 198 msec
;; SERVER: 192.168.10.3#53(192.168.10.3)
;; WHEN: Tue Apr 9 23:29:33 2013
;; MSG SIZE rcvd: 43
viendo un paquete de query dns #
1tcpdump -r dns-query.pcap -nvX
02:14:20.301428 IP (tos 0x0, ttl 64, id 27874, offset 0, flags [none], proto UDP (17), length 55)
127.0.0.1.57039 > 127.0.0.1.53: 39172+ A? osiux.com. (27)
0x0000: 4500 0037 6ce2 0000 4011 0fd2 7f00 0001 E..7l...@.......
0x0010: 7f00 0001 decf 0035 0023 fe36 9904 0100 .......5.#.6....
0x0020: 0001 0000 0000 0000 056f 7369 7578 0363 .........osiux.c
0x0030: 6f6d 0000 0100 01 om.....
analizando un paquete de query dns #
1tshark -r dns-query.pcap -VO dns
Frame 1: 71 bytes on wire (568 bits), 71 bytes captured (568 bits)
Linux cooked capture
Internet Protocol Version 4, Src: 127.0.0.1 (127.0.0.1), Dst: 127.0.0.1 (127.0.0.1)
User Datagram Protocol, Src Port: 57039 (57039), Dst Port: domain (53)
Domain Name System (query)
Transaction ID: 0x9904
Flags: 0x0100 Standard query
0... .... .... .... = Response: Message is a query
.000 0... .... .... = Opcode: Standard query (0)
.... ..0. .... .... = Truncated: Message is not truncated
.... ...1 .... .... = Recursion desired: Do query recursively
.... .... .0.. .... = Z: reserved (0)
.... .... ...0 .... = Non-authenticated data: Unacceptable
Questions: 1
Answer RRs: 0
Authority RRs: 0
Additional RRs: 0
Queries
osiux.com: type A, class IN
Name: osiux.com
Type: A (Host address)
Class: IN (0x0001)
capturar consultas al dns #
ssh root@linksys '/usr/sbin/tcpdump -i br0 -s 0 -w - dst port 53' >linksys.pcap
ranking de dns #
tcpdump -r linksys.pcap -c 2000 -nnnA dst port 53 | \
egrep -o "A+\? .*\." | sed s/".$"//g | awk '{print $2}' | \
egrep -v "(osiux|fbcdn|akamai)" | sort | uniq -c | sort -nr | head
::: {#ranking-dns}
47 www.facebook.com 42 dns.msftncsi.com 41 su.ff.avast.com 37 ssl.google-analytics.com 37 ipv6.msftncsi.com 32 www.habbo.es 26 imap.googlemail.com 21 dynamic.zoneedit.com 19 www.msftncsi.com 18 kiwwwi.com.ar
:::
Sniffers nmap, dsniff #
nmap #
1nmap -sV --open 192.168.10.0/24 -p22 | head
Starting Nmap 5.21 ( http://nmap.org ) at 2014-01-04 21:39 ART
Nmap scan report for obelisco.osiux.bal (10.4.14.225)
Host is up (0.0047s latency).
PORT STATE SERVICE VERSION
22/tcp open ssh Dropbear sshd 0.48 (protocol 2.0)
Service Info: OS: Linux
Nmap scan report for caipiroska.osiux.bal (10.4.14.229)
Host is up (0.0013s latency).
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 5.9p1 Debian 5ubuntu1.1 (protocol 2.0)
Service Info: OS: Linux
Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 256 IP addresses (2 hosts up) scanned in 33.07 seconds
Túneles y Redes Privadas Virtuales VPN #
Redireccionar puertos con ssh
#
ssh -L 2525:localhost:25 osiux.com
Proxy Socks mediante ssh #
ssh -D 9090 osiux.com
Tunel reverso con ssh #
ssh -R 12345:localhost:22 osiux.com
Cómo saber la IP de un equipo? #
B dice, cuál es la IP de D? #
- Se que D es 00:14:d1:18:4a:dd
- Yo soy B y mi mac es 00:14:d1:18:4a:bb
- Todos reciben paquete ARP por difusión
D contesta, mi IP es 10.4.14.225 #
Quénes están en esta red? #
1sudo arp-scan --interface eth0 --localnet
:
0 packets received by filter, 0 packets dropped by kernel
Ending arp-scan 1.8.1: 256 hosts scanned in 1.625 seconds (157.54 hosts/sec). 0 responded
pingueando #
1ping -c 5 127.0.0.1
PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data.
64 bytes from 127.0.0.1: icmp_req=1 ttl=64 time=0.066 ms
64 bytes from 127.0.0.1: icmp_req=2 ttl=64 time=0.050 ms
64 bytes from 127.0.0.1: icmp_req=3 ttl=64 time=0.050 ms
64 bytes from 127.0.0.1: icmp_req=4 ttl=64 time=0.048 ms
64 bytes from 127.0.0.1: icmp_req=5 ttl=64 time=0.049 ms
--- 127.0.0.1 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 3999ms
rtt min/avg/max/mdev = 0.048/0.052/0.066/0.010 ms
capturando pings #
sudo tcpdump -i lo -nnnt -c 5 icmp
viendo un ping
#
sudo tcpdump -i lo -nnntvvX -c 1 -e icmp
00:00:00:00:00:00 > 00:00:00:00:00:00, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 84)
127.0.0.1 > 127.0.0.1: ICMP echo request, id 4177, seq 329, length 64
0x0000: 4500 0054 0000 4000 4001 3ca7 7f00 0001 E..T..@.@.<.....
0x0010: 7f00 0001 0800 a68d 1051 0149 e754 5e51 .........Q.I.T^Q
0x0020: 022f 0d00 0809 0a0b 0c0d 0e0f 1011 1213 ./..............
0x0030: 1415 1617 1819 1a1b 1c1d 1e1f 2021 2223 .............!"#
0x0040: 2425 2627 2829 2a2b 2c2d 2e2f 3031 3233 $%&'()*+,-./0123
0x0050: 3435 3637 4567
traceroute #
1traceroute -m 100 216.81.59.173
traceroute to 216.81.59.173 (216.81.59.173), 100 hops max, 60 byte packets
1 malbec (192.168.10.3) 0.107 ms 0.087 ms 0.083 ms
2 10.29.64.1 (10.29.64.1) 9.180 ms 9.206 ms 9.190 ms
3 cpe-181-47-254-17.telecentro-reversos.com.ar (181.47.254.17) 9.645 ms 9.653 ms 9.706 ms
4 telecentro.baires1.bai.seabone.net (195.22.220.33) 10.882 ms 10.307 ms 10.762 ms
5 bundle-ether1.baires1.bai.seabone.net (195.22.220.32) 15.964 ms 16.074 ms 15.974 ms
6 * * *
7 xe-1-2-0.mia10.ip4.tinet.net (77.67.71.97) 142.397 ms 139.703 ms 142.354 ms
8 xe-2-1-0.atl11.ip4.tinet.net (89.149.184.21) 156.811 ms xe-3-0-0.atl11.ip4.tinet.net (89.149.180.202) 158.695 ms 158.561 ms
9 epik-networks-gw.ip4.tinet.net (77.67.69.158) 159.786 ms 159.491 ms 159.581 ms
10 po0-3.dsr2.atl.epikip.net (216.81.59.2) 176.330 ms 176.462 ms 176.281 ms
11 * * *
12 Episode.IV (206.214.251.1) 224.463 ms 226.258 ms 220.950 ms
13 A.NEW.HOPE (206.214.251.6) 250.974 ms 247.808 ms 259.092 ms
14 It.is.a.period.of.civil.war (206.214.251.9) 259.944 ms 250.907 ms 255.839 ms
15 Rebel.spaceships (206.214.251.14) 218.522 ms 226.211 ms 219.834 ms
16 striking.from.a.hidden.base (206.214.251.17) 241.201 ms 236.375 ms 232.261 ms
17 have.won.their.first.victory (206.214.251.22) 241.703 ms 236.591 ms 224.864 ms
18 against.the.evil.Galactic.Empire (206.214.251.25) 216.832 ms 216.318 ms 214.477 ms
19 During.the.battle (206.214.251.30) 208.949 ms 210.051 ms 208.008 ms
20 Rebel.spies.managed (206.214.251.33) 212.787 ms 212.294 ms 212.273 ms
21 to.steal.secret.plans (206.214.251.38) 255.908 ms 258.825 ms 257.972 ms
22 to.the.Empires.ultimate.weapon (206.214.251.41) 213.769 ms 213.009 ms 216.689 ms
23 the.DEATH.STAR (206.214.251.46) 218.461 ms 218.095 ms 219.359 ms
24 an.armored.space.station (206.214.251.49) 209.458 ms 211.553 ms 213.325 ms
25 with.enough.power.to (206.214.251.54) 216.680 ms 215.119 ms 215.551 ms
26 destroy.an.entire.planet (206.214.251.57) 229.043 ms 225.637 ms 225.987 ms
27 Pursued.by.the.Empires (206.214.251.62) 217.677 ms 217.609 ms 221.162 ms
28 sinister.agents (206.214.251.65) 212.421 ms 218.351 ms 217.477 ms
29 Princess.Leia.races.home (206.214.251.70) 217.438 ms 215.519 ms 215.707 ms
30 aboard.her.starship (206.214.251.73) 208.869 ms 211.286 ms 209.410 ms
31 custodian.of.the.stolen.plans (206.214.251.78) 254.545 ms 257.170 ms 257.258 ms
32 that.can.save.her (206.214.251.81) 230.703 ms 226.975 ms 224.884 ms
33 people.and.restore (206.214.251.86) 213.461 ms 212.716 ms 210.437 ms
34 freedom.to.the.galaxy (206.214.251.89) 240.426 ms 238.993 ms 238.415 ms
35 0-----I-------I-----0 (206.214.251.94) 225.745 ms 228.150 ms 227.564 ms
36 0------------------0 (206.214.251.97) 239.726 ms 242.001 ms 241.268 ms
37 0-----------------0 (206.214.251.102) 216.268 ms 217.171 ms 219.559 ms
38 0----------------0 (206.214.251.105) 213.450 ms 212.874 ms 210.651 ms
39 0---------------0 (206.214.251.110) 211.686 ms 212.642 ms 213.635 ms
40 0--------------0 (206.214.251.113) 243.655 ms 241.858 ms 238.552 ms
41 0-------------0 (206.214.251.118) 218.823 ms 217.698 ms 217.625 ms
42 0------------0 (206.214.251.121) 221.651 ms 217.936 ms 217.573 ms
43 0-----------0 (206.214.251.126) 254.899 ms 255.905 ms 253.906 ms
44 0----------0 (206.214.251.129) 219.658 ms 214.849 ms 218.945 ms
45 0---------0 (206.214.251.134) 254.542 ms 255.310 ms 258.304 ms
46 0--------0 (206.214.251.137) 221.805 ms 218.502 ms 216.293 ms
47 0-------0 (206.214.251.142) 218.543 ms 219.614 ms 218.705 ms
48 0------0 (206.214.251.145) 213.497 ms 216.123 ms 215.188 ms
49 0-----0 (206.214.251.150) 250.876 ms 250.727 ms 253.698 ms
50 0----0 (206.214.251.153) 217.614 ms 218.582 ms 219.936 ms
51 0---0 (206.214.251.158) 216.849 ms 214.232 ms 212.980 ms
52 0--0 (206.214.251.161) 217.178 ms 216.413 ms 215.734 ms
53 0-0 (206.214.251.166) 228.141 ms 231.885 ms 226.433 ms
54 00 (206.214.251.169) 255.405 ms 258.888 ms 258.736 ms
55 I (206.214.251.174) 239.065 ms 241.727 ms 241.572 ms
56 By.Ryan.Werber (206.214.251.177) 228.102 ms 226.607 ms 228.030 ms
57 Blizzards.Breed.CCIE.Creativity (206.214.251.182) 239.656 ms 238.884 ms 239.301 ms
58 Please.Try.Again.Tracerote.to.obiwan.scrye.net (206.214.251.185) 215.164 ms 215.725 ms 216.688 ms
59 read.more.at.beaglenetworks.net (206.214.251.190) 228.818 ms * *
1traceroute -m 255 obiwan.scrye.net | awk {'print $2'}
protocolos #
Qué tiene un paquete TCP/IP? #
+------------------------+--------------------------+
| MAC origen fe:ca:fe:ca | MAC destino ca:fe:ca:fe |
+------------------------+--------------------------+
| IP origen 192.168.1.22 | IP destino 96.8.118.129 |
+---------------------------------------------------+
| Puerto origen 45678 | Puerto destino: 80 |
+------------------------+--------------------------+
| Nro Secuencia 12345 | Nro ACK |
+---+---+---+---+---+----+--------------------------+
| U | A | P | R | S | F | GET / HTTP/1.0 |
| R | C | S | S | Y | I | |
| G | K | H | T | N | N | |
+---+---+---+---+---+---+---------------------------+
Ethernet header #
| |1 |2 |3 |
|0|1|2|3|4|5|6|7|8|9|0|1|2|3|4|5|6|7|8|9|0|1|2|3|4|5|6|7|8|9|0|1|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Hardware type | Protocol type |
+---------------+---------------+-------------------------------+
|Hw address len.|Pr address len.| Opcode |
+---------------+---------------+-------------------------------+
| Source hardware address |
+---------------------------------------------------------------+
| Source protocol address |
+---------------------------------------------------------------+
| Destination hardware address |
+---------------------------------------------------------------+
| Destination protocol address |
+---------------------------------------------------------------+
| Data |
+---------------------------------------------------------------+
IP header #
| |1 |2 |3 |
|0|1|2|3|4|5|6|7|8|9|0|1|2|3|4|5|6|7|8|9|0|1|2|3|4|5|6|7|8|9|0|1|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Version| IHL | Diff.Services | Total length |
+-------+-------+---------------+-----+-------------------------+
| Identification |Flags| Fragment offset |
+---------------+---------------+-----+-------------------------+
| TTL | Protocol | Header checksum |
+---------------+---------------+-------------------------------+
| Source IP address |
+---------------------------------------------------------------+
| Destination IP address |
+---------------------------------------------------------------+
| Options and padding |
+---------------------------------------------------------------+
UPD header #
| |1 |2 |3 |
|0|1|2|3|4|5|6|7|8|9|0|1|2|3|4|5|6|7|8|9|0|1|2|3|4|5|6|7|8|9|0|1|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Source Port | Destination Port |
+-------------------------------+-------------------------------+
| Length | Checksum |
+-------------------------------+-------------------------------+
| Data |
+---------------------------------------------------------------+
TCP header #
| |1 |2 |3 |
|0|1|2|3|4|5|6|7|8|9|0|1|2|3|4|5|6|7|8|9|0|1|2|3|4|5|6|7|8|9|0|1|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Source Port | Destination Port |
+-------------------------------+-------------------------------+
| Sequence Number |
+-------------------------------+-------------------------------+
| Acknowledgment Number |
+-------+-----+-----+-+-+-+-+-+-+-------------------------------+
|dOffset|rsrvd| ECN |U|A|P|R|S|F| Window |
| | | |R|C|S|S|Y|I| |
| | | |G|K|H|T|N|N| |
+-------+-----+-----+-+-+-+-+-+-+-------------------------------+
| Checksum | Urgent Pointer |
+-------------------------------+-------------------------------+
| Options and padding |
+---------------------------------------------------------------+
| Data |
+---------------------------------------------------------------+
ChangeLog #
- [2013-06-05 mié] simplifico y hago correcciones varias
- [2013-04-09 mar] corrijo gráficos ascii-art
- [2013-04-04 jue] primer borrador general