Networking Fundamentals

ARP (Address Resolution Protocol)

• Connects every changing IP address to a fixed MAC address (Layer 2) in a Local Area Network (LAN)

• Broadcasts a packet to all devices of a network

• ARP Cache --> MAC address stored in table with Timeout

ARP Attacks:

1. ARP poisoning (Spoofing) - Attacker sends spoofed ARP packets to default gateway on a LAN to inject its MAC - IP pairing into the MAC Table; spoof MAC address of attacker

2. ARP Scanning - Bunch of Broadcast ARP packets (Scanner usually tries packets of Lengths of 42 & 60; 60 just has padding)

ICMP (Internet Control Message Protocol)

• Purpose is to send control and error messages:

  • Traceroute Command --> show the physical path of routers (hops) & time for each hop

  • Ping Command --> Measures speed of connection between 2 points; lag

• connectionless protocol, layer 3

Attacks:

1. Ping/ICMP Flood Attack - Flood victim device with Echo-Request packets

2. Ping of Death - Ping sent to victim machine with larger than allowable size (65535B)

3. Smurf Attacks - Attacker sends mass packets with victim's Src_IP; Echo replies then bombards victim

DNS

Attacks:

1. DNS Poisoning - Spoof IP addresses of legitimate sites

DHCP

TCP Handshake