--- title: 'Lecture 03B Network Protocols' disqus: hackmd --- :::info ST1010 Networking Fundamentals ::: Lecture 03B Network Protocols === <style> img{ /* border: 2px solid red; */ margin-left: auto; margin-right: auto; width: 80%; display: block; } </style> ## Table of Contents [TOC] Telnet --- - allow user to login remotely to another system - port 23 - old protocol - data not encrypted - use SSH (secure shell) Secure Shell (SSH) --- - popular for remote login - port 22 - data encrypted Email Protocols --- ### Simple Mail Transport Protocol (SMTP) - to transmit emails between computers - server to server or client to server ### Post Office Protocol (POP3) - emails stored in mail server - users use own client comps to retrieve emails from server - POP3 used to retrieve these emails - POP3S - secured  ### Internet Message Access Protocol (IMAP4) - alt to POP3 - IMAPS - secured Address Resolution Protocol (ARP) --- - when device has packet to send, will look at dest ip - determines if dest ip on same local network - look at net part of ip addr - if dest not local, packet sent to gateway - if dest local, send packet to dest - MAC needed to send packet to dest on local network #### To Find MAC Addr of IP Addr - sender look at ARP table - if ip not in arp table, sender send arp broadcast to all devices in local network to ask who has that ip addr - device with ip addr send arp reply to sender with its mac - sender send packet to the mac addr - sender update arp table with the mac in case need to send more packets again #### Find MAC Addr on Different Network - src comp uses arp to retrieve mac addr of router configed as default gateway - packet delivered to router - router determine whr packet shld go next - when packet gets to dest network, router on dest network use arp to get dest comp's mac - packet delivered to dest comp ### ARP Poisoning/Spoofing - atker poison arp table - cause devices to send packets to him #### Normal Scenario  #### Attack Scenario  Domain Name System (DNS) --- - dns server translate fully qualified domain names (Eg. www.yahoo.com) to IP addr (Eg. 72.30.38.140) - dns is distributed db system running on internet - ea domain have 1 or more dns servers - dns server (AKA nameserver) contain db holding section of domain names mapped to IP addr  #### How it Works  ### DNS Poisoning/Spoofing - atker edit dns db/cache - direct users to his own website - proper config of dns can reduce risks of this atk #### Example  Simple Network Management Protocol (SNMP) --- - for remote monitoring & management of network nodes - snmp manager monitors set of snmp agents installed on network nodes - check perf of monitored nodes - make changes in config of monitored nodes - snmp agent can send warning to snmp manager of unusual situations ### Ping Sweeps - ping sweep sends ping packets to range of IP addr to see which system will reply - used to see which system is alive - AKA ICMP sweep ### Basic Port Scan - when send SYN packet to web server on port 80, it send back SYN/ACK packet as 3 way handshake  - if port 80 not opened, no packet sent back  - firewalls can be configed to blk such port scans  Banner Grabbing --- - many services return info like ver num when client connects to it - AKA banner - banner grabbing - method to find more info abt running service - usually telnet/netcat used for banner grabbing Summary ---  ###### tags: `NETF` `DISM` `School` `Notes`