StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Network Packets - Case Study Example

Cite this document
Summary
This case study "Network Packets" performs network packet analysis on the given set of network packets by sniffing the packets. It identifies issues with the network setup in the given network, based on the type of events happen in the Network packet. It also proposes a solution to the existing problem…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER95.1% of users find it useful
Network Packets
Read Text Preview

Extract of sample "Network Packets"

Network Packet Analysis Introduction The purpose of the study is to perform network packet analysis on the given set of network packets by sniffing the packets. Need to identify issue with the network setup in the given network based on the type of events happen in the Network packet. Need to propose a solution for the existing problem. Let us start with the structure of the IP data-gram and TCP packet structure. IP data gram structure: Version: 4 Header Length Type Of Service 0x0 Total Length Identification Flags Fragment Offset Time to Live Protocol Header Check-sum Source Port: Destination Port: Options Data Table 1. In Fig 1, the source and destination port are that of the sender and receiver. The sequence number is identification for the communication between hosts that can be seen as the request number from sender. The receiver sends the response for the request number by sending an acknowledgment with an acknowledgment Number which is same as that of the sequence number. The flag is an important field that marks the context of the network event. TCP packet structure: Fig 1. (TCP packet structure ) Network Traffic Analysis: The given network packets are compared with the predefined IP and TCP network packet structure. Each field of the predefined TCP packet structure is matched with the given network packet structure (as in Fig 1. and Fig 2.) and the interpretation of the network packet activity can be understood in this way. Let’s start the analysis. Packet 1: 09/16-15:27:17.820587 193.63.129.192:1843 -> 193.63.129.187:139 TCP TTL:128 TOS:0x0 ID:48195 IpLen:20 DgmLen:44 DF ******S* Seq: 0xF1908361 Ack: 0x0 Win: 0x2000 TcpLen: 24 TCP Options (1) => MSS: 1460 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ IP Packets: Time Stamp: 09/16-15:27:17.820587 Version: 4 Header Length: 20 Type Of Service 0x0 Total Length: 44 Identification: 48195 Flags: DF Fragment Offset: Time to Live: 128 Protocol: TCP Header Check-sum Source Port: 193.63.129.192:1843 Destination Port: 193.63.129.187:139 Options Data Interpretation: The above table represents IP Data-gram for the first packet. The version of the IP is “4”, the format of which is shown in Table.1. The identification number 48195 is used for distinguishing IP packets. The flag DF represents not to do fragmentation on the IP data-gram. TTL is the measure for existence of the IP data-grams, 128 indicates 128 secs or 128 hops. TCP is the protocol to be used in the transport layer. TCP packet Source Port: 193.63.129.192:1843 Destination Port: 193.63.129.187:139 Sequence Number: 0xF1908361 Acknowledgment Number: 0x0 Data Offset Reserved Flag SYN Windows: 0x2000 Check-sum Urgent Pointer TCP option: (1) Maximum : 1460 Padding Data Interpretation: A host from IP Address 193.63.129.192:1843 sends connection request to server 193.63.129.187:139. The sequence number in the TCP packet is used as reference by the client, so that it can identify for which request it is getting response from the server. The client specifies it can accept 0x2000 size window. The MSS is the 1460 represents the threshold value for the number of segments that can be used without fragmentation. Since the acknowledgment number is 0 it is understood that it is the first packet initiated by the client. It’s nothing but the first step in 3 way handshake which is represented by the flag parameter S. (Certified CCNA Guide, Wendell) Packet 2: 09/16-15:27:17.820656 193.63.129.187:139 -> 193.63.129.192:1843 TCP TTL:128 TOS:0x0 ID:2676 IpLen:20 DgmLen:44 DF ***A**S* Seq: 0x7CFB7BBA Ack: 0xF1908362 Win: 0x2238 TcpLen: 24 TCP Options (1) => MSS: 1460 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ This packet is sent as a reply from the server to client. The difference in this packet as that of the first one are:1. The FLAG (ACK SYN) instructs the client that the server have received the SYN request for the sequence number 0xF1908361 with the acknowledgment number 0xF1908362 (sequence number + 1). The server also sends the sequence number (0x7CFB7BBA) of its own for the client to respond with respective acknowledgment number. Packet 3 09/16-15:27:17.820785 193.63.129.192:1843 -> 193.63.129.187:139 TCP TTL:128 TOS:0x0 ID:48451 IpLen:20 DgmLen:40 DF ***A**** Seq: 0xF1908362 Ack: 0x7CFB7BBB Win: 0x2238 TcpLen: 20 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ The client then acknowledges the server for the sequence number (0x7CFB7BBA) with 0x7CFB7BBB as acknowledgment number (one incremented from sequence number). Thus it is evident that the 3 way hand shake is completed. Now the client and server can communicate. It is evident that the client opens the port 139 of the server which indicates that the SMB service response is expected. The SMB in turn uses the SMB NetBIOS functions for interacting with the network devices. (MSRPC NULL sessions, Jean-Baptiste) Packet 4 09/16-15:27:17.820801 193.63.129.192:1843 -> 193.63.129.187:139 TCP TTL:128 TOS:0x0 ID:48707 IpLen:20 DgmLen:112 DF ***AP*** Seq: 0xF1908362 Ack: 0x7CFB7BBB Win: 0x2238 TcpLen: 20 81 00 00 44 20 45 4B 44 45 43 4E 45 4A 46 45 46 ...D EKDECNEJFEF 43 45 4D 43 4E 44 42 44 45 43 41 43 41 43 41 43 CEMCNDBDECACACAC 41 43 41 43 41 00 20 45 4B 44 45 43 4E 45 4A 46 ACACA. EKDECNEJF 45 46 43 45 4D 43 4E 44 42 44 4A 43 41 43 41 43 EFCEMCNDBDJCACAC 41 43 41 43 41 41 41 00 ACACAAA. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ This packet is where the actual information client required. The FLAG AP indicates the ACK PACKET to the destination. This is where the session between the client and server is established. The packet is an encoded packet sent from the client to the server and it denotes a name of the NetBIOS service called J4-ITRL-14. Packet 5. 09/16-15:27:17.820875 193.63.129.187:139 -> 193.63.129.192:1843 TCP TTL:128 TOS:0x0 ID:2932 IpLen:20 DgmLen:44 DF ***AP*** Seq: 0x7CFB7BBB Ack: 0xF19083AA Win: 0x21F0 TcpLen: 20 82 00 00 00 .... =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ This packet acknowledges the ACK PACKET request made by the client for the acknowledgment number 0x7CFB7BBB confirms that session NetBIOS J4-ITRL-14 is registered and J4-ITRL-19 returned as the server NetBIOS name. Packet 6. 09/16-15:27:17.916990 193.63.129.192:1843 -> 193.63.129.187:139 TCP TTL:128 TOS:0x0 ID:48963 IpLen:20 DgmLen:214 DF ***AP*** Seq: 0xF19083AA Ack: 0x7CFB7BBF Win: 0x2234 TcpLen: 20 00 00 00 AA FF 53 4D 42 72 00 00 00 00 18 03 00 .....SMBr....... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FE CA ................ 00 00 00 00 00 87 00 02 50 43 20 4E 45 54 57 4F ........PC NETWO 52 4B 20 50 52 4F 47 52 41 4D 20 31 2E 30 00 02 RK PROGRAM 1.0.. 58 45 4E 49 58 20 43 4F 52 45 00 02 4D 49 43 52 XENIX CORE..MICR 4F 53 4F 46 54 20 4E 45 54 57 4F 52 4B 53 20 31 OSOFT NETWORKS 1 2E 30 33 00 02 4C 41 4E 4D 41 4E 31 2E 30 00 02 .03..LANMAN1.0.. 57 69 6E 64 6F 77 73 20 66 6F 72 20 57 6F 72 6B Windows for Work 67 72 6F 75 70 73 20 33 2E 31 61 00 02 4C 4D 31 groups 3.1a..LM1 2E 32 58 30 30 32 00 02 4C 41 4E 4D 41 4E 32 2E .2X002..LANMAN2. 31 00 02 4E 54 20 4C 4D 20 30 2E 31 32 00 1..NT LM 0.12. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ The above packets indicate that the client is giving set of dialects for the server, they are as follows 1. PC NETWORK PROGRAM 1.0 2. XENIX CORE 3. MICROSOFT NETWORKS 1.03 4. LAN MAN 1.0 5. Windows for Groups 3.1a 6. LM1.2x002 7. LANMAN2 8. NT LM 0.12 Packet 7. 09/16-15:27:17.917098 193.63.129.187:139 -> 193.63.129.192:1843 TCP TTL:128 TOS:0x0 ID:3188 IpLen:20 DgmLen:147 DF ***AP*** Seq: 0x7CFB7BBF Ack: 0xF1908458 Win: 0x2142 TcpLen: 20 00 00 00 67 FF 53 4D 42 72 00 00 00 00 98 03 00 ...g.SMBr....... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 FE CA ................ 00 00 00 00 11 07 00 03 32 00 01 00 04 11 00 00 ........2....... 00 00 01 00 00 00 00 00 FD 43 00 00 70 E8 2D 06 .........C..p.-. 31 45 C2 01 C4 FF 08 22 00 10 3F 5E D8 E2 24 3A 1E....."..?^..$: 26 53 00 4F 00 43 00 5F 00 53 00 45 00 43 00 55 &S.O.C._.S.E.C.U 00 52 00 49 00 54 00 59 00 00 00 .R.I.T.Y... =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ The above acknowledges that it required the SOC_SECURITY dialect which is corresponds to the dialect NT LM 0.12. Packet 8 09/16-15:27:18.015822 193.63.129.192:1843 -> 193.63.129.187:139 TCP TTL:128 TOS:0x0 ID:49219 IpLen:20 DgmLen:228 DF ***AP*** Seq: 0xF1908458 Ack: 0x7CFB7C2A Win: 0x21C9 TcpLen: 20 00 00 00 B8 FF 53 4D 42 73 00 00 00 00 18 03 80 .....SMBs....... 00 00 C6 87 BA 80 0C 5F BE 6A 00 00 00 00 FE CA ......._.j...... 00 00 00 00 0D 75 00 84 00 04 11 32 00 00 00 00 .....u.....2.... 00 00 00 01 00 00 00 00 00 00 00 D4 00 00 00 47 ...............G 00 00 00 00 00 00 57 00 69 00 6E 00 64 00 6F 00 ......W.i.n.d.o. 77 00 73 00 20 00 4E 00 54 00 20 00 31 00 33 00 w.s. .N.T. .1.3. 38 00 31 00 00 00 00 00 57 00 69 00 6E 00 64 00 8.1.....W.i.n.d. 6F 00 77 00 73 00 20 00 4E 00 54 00 20 00 34 00 o.w.s. .N.T. .4. 2E 00 30 00 00 00 00 00 04 FF 00 00 00 00 00 01 ..0............. 00 29 00 00 5C 00 5C 00 4A 00 34 00 2D 00 49 00 .)..\.\.J.4.-.I. 54 00 52 00 4C 00 2D 00 31 00 34 00 5C 00 49 00 T.R.L.-.1.4.\.I. 50 00 43 00 24 00 00 00 49 50 43 00 P.C.$...IPC. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ From the above packet it is understood that there is a null session created. The Windows NT opens the shared server service through IPC (Inter Process communication) and thus accessing anonymously. Conclusion: The clients tries to find the NetBIOS service from the server and it uses the LAN MAN to go for an unauthenticated session with the server. The exploitation of the loop whole in the NetBIOS function in Windows NT leads to NULL session creation. The one of the proposed solution could be we can use IP filter to avoid creating null session. We can also disable the anonymous user access in the Windows NT so that we can avoid null session. And we can create classified users to access the server. (MSRPC NULL sessions, Jean-Baptiste) References CCNA Certification Guide, Ed2. Wendell Odom TCP Packets, http://www.comsci.us/datacom/tcppacket.html MSRPC NULL sessions, Jean-Baptiste Marchand http://www.hsc.fr/ressources/presentations/null_sessions/msrpc_null_sessions.pdf Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(Network Packets Case Study Example | Topics and Well Written Essays - 1500 words, n.d.)
Network Packets Case Study Example | Topics and Well Written Essays - 1500 words. https://studentshare.org/information-technology/1744098-msc-network-secutity-network-traffic
(Network Packets Case Study Example | Topics and Well Written Essays - 1500 Words)
Network Packets Case Study Example | Topics and Well Written Essays - 1500 Words. https://studentshare.org/information-technology/1744098-msc-network-secutity-network-traffic.
“Network Packets Case Study Example | Topics and Well Written Essays - 1500 Words”. https://studentshare.org/information-technology/1744098-msc-network-secutity-network-traffic.
  • Cited: 0 times

CHECK THESE SAMPLES OF Network Packets

Why Is It Said That Packet Switching Employs Statistical Multiplexing

Packet switched networks entails small units of packets being routed through a network.... Thus, in this type of network, packets do not follow any pre-defined pattern as it is transmitted from different sources.... From the above information, it is true that Packet switching uses statistical multiplex where data packets are transmitted to many users by a single source link....  Therefore, multiplexing is the process of transmitting different data packets simultaneously by combining the signals into a single signal that ably moves through a bandwidth....
3 Pages (750 words) Essay

Research: Machine Learning

A Bayesian network is used to convert the existing non-spatial and non-temporal disease outbreak revealing systems.... Name: Instructor: Course: Date: Research: Machine Learning Spatio-temporal method for disease outbreak detection A disease outbreak surveillance system monitors occurrence of disease outbreaks in a region....
3 Pages (750 words) Research Paper

Virtual Network Design: DHCP Server

The paper “Virtual network Design: DHCP Server” seeks to evaluate virtual network, which is a system that composed of virtual machines that are usually configured to manage or process external or internal network resources.... hellip; The author explains that connecting a network adapter to a physical computer requires a virtual machine to be connected or linked to a virtual network to which the physical adapter is connected....
4 Pages (1000 words) Term Paper

Network Load Balancing

Thus, all Network Packets addressed to that specific NLB multicast MAC address, are received by all cluster servers; while the packets addressed to specific MAC address are received by individual servers.... In this fashion, the cluster servers can send/ receive packets to/ from each other (using their individual MAC address) and can send/ receive packets to/ from end clients/ users using NLB multicast MAC address (Cisco, 2009).... network load balancing is a technique which is used to increase the availability and scalability of critical systems and services (Microsoft, n....
2 Pages (500 words) Essay

Network Security Issues

Detection system is also limited because it relies on copies of Network Packets, which must be received from another switch.... ompared to detection system, intrusion prevention is more robust and has better features because it operate in inline mode where it checks as packets flows in teatime.... In networks, encryption is the principle… This process is achieved using encryption algorithms that are used to generate keys for encrypting and decrypting data. Technical security controls are used to provide control mechanisms within systems to as to mitigate potential security network security s of Learning Discuss the term confidentiality as it applies to data....
3 Pages (750 words) Essay

Adaptive Security Appliances

ASA by default assigns the outside network security level of zero and automatically limits the flow of Network Packets from this level to the higher levels'.... ASA automatically allows the flow of packets from this high level to the lower un-trusted level without the need for an ACL explicitly allowing for the packet flow.... Adaptive security appliances (APA) provide network security to the three main security zones assigning different levels of security depending on the level of trust associated with each security zone....
2 Pages (500 words) Essay

Material Science

Packet collision is a form of electrochemical collision that occurs when different Network Packets are sent through the same transmission medium at once.... The nano-scale of material is important because it enables scientists to understand the uniqueness of materials in terms of their chemical, physical and mechanical properties....
2 Pages (500 words) Essay

DOS Attacks as Easy Tools for Hackers

Or data packets are sent to the target system so much so that it cannot handle it and thus making it to either crash, reboot or more commonly deny services to legitimate users.... he trick in this attack is to ping a target system with excess data packets that exceed the maximum bytes allowed by TCP/IP protocols suite.... Teardrop attack uses the vulnerability present in the reassembling of data packets at the destination system.... This data is fragmented into small parts and divided into several packets....
5 Pages (1250 words) Case Study
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us