StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Network Security - Research Paper Example

Cite this document
Summary
The paper "Network Security" tells us about client machine. This trace contains 7 packets exchanged between two end points. One end point is a client machine while other end point is a server with host name “linux-server”…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER97.3% of users find it useful
Network Security
Read Text Preview

Extract of sample "Network Security"

Introduction: This trace contains 7 packets exchanged between two end points. One end point is a client machine while other end point is a server with host name "linux-server". The client machine attempted to establish 3 tcp sessions with the server on port 80, port 135 and port 139 The server which is apparently a web server acknowledged and accepted the request on port 80 while terminated the sessions on port 135 and 139 by sending RST messages. The detailed interpretation of every byte transferred is populated in the tables below Problems: I have following observations on the data which may be plugged in at appropriate stages Packet 1: 1. Source IP address mentioned in the description block 10.63.129.199 does not match with the IP address actually communicated in the packet ie 192.168.246.1 2. Destination port no mentioned in the description block is SSH while destination port no conveyed in the data block is 80 Packet 2: 1. Destination IP address mentioned in the description block 10.63.129.199 does not match with the IP address actually communicated in the packet ie 192.168.246.1 2. Source port no mentioned in the description block is SSH while source port no conveyed in the data block is 80 Packet 3 1. Source IP address mentioned in the description block 10.63.129.199 does not match with the IP address actually communicated in the packet ie 192.168.246.1 2. Destination port no mentioned in the description block is http while destination port no conveyed in the data block is 135 (MS-RPC) 3. Packet length mentioned in the description block is 44 while actual bytes mentioned are 46 Packet 4 1. Destination IP address mentioned in the description block 10.63.129.199 does not match with the IP address actually communicated in the packet ie 192.168.246.1 2. Source port no mentioned in the description block is http while source port no conveyed in the data block is 135 (MS-RPC) 3. The host rejected the connection by sending RST flag instead of sending SYN, ACK flag. This indicates the destination host is not willing to initiate inbound connection on port 135. Packet 5 1. Source IP address mentioned in the description block 10.63.129.199 does not match with the IP address actually communicated in the packet ie 192.168.246.1 2. Packet length mentioned in the description block is 44 while actual bytes mentioned are 46 Packet 6 1. Destination IP address mentioned in the description block 10.63.129.199 does not match with the IP address actually communicated in the packet ie 192.168.246.1 2. The host rejected the connection by sending RST flag instead of sending SYN, ACK flag. This indicates the destination host is not willing to initiate inbound connection on port 139. Packet 7 1. Source IP address mentioned in the description block 10.63.129.199 does not match with the IP address actually communicated in the packet ie 192.168.246.1 2. Packet length mentioned in the description block is 40 while actual bytes mentioned are 46 Detailed Description of Packets: Packet # 1 20:52:50.764815 IP (tos 0x0, ttl 46, id 18251, offset 0, flags [none], length: 44) 10.63.129.199.49206 > linux-server.ssh: S [tcp sum ok] 1304132321:1304132321(0) win 3072 0x0000: 4500 002c 474b 0000 2e06 d821 c0a8 f601 E..,GK.....!.... 0x0010: c0a8 f60c c036 0050 4dbb 7ae1 0000 0000 .....6.PM.z..... 0x0020: 6002 0c00 95a3 0000 0204 05b4 0000 ............. Bytes of the trace Breakdown in bits where necessary Description and significance 45 0100 0101 1st 4 bits represent IPv4; next 4 bits represent 5 double words long IP header (ie 20 bytes header). 00 Differentiated Services Field is not set. This byte was originally called the Type of Service (ToS) byte, but was redefined by RFC 2474 as the DS Field. It is used for marking packets for the purpose of applying different quality of service (QoS) levels to different packets 002c Length of the Layer 3 packet is 44 bytes 474b Identification value is 18251. This value helps in assembling fragmented packets 0000 IP header flags are not set 2e TTL (Time to Live) is 46 06 Layer 4 (transport layer)protocol is TCP d821 IP header checksum is 55329 C0a8 f601 Source IP address is 192.168.246.01 c0a8 f60c Destination IP address is 192.168.246.12 C036 TCP layer source port no is 49206 0050 TCP layer destination port no is 80 which is represents http or web application 4dbb 7ae1 TCP sequence no is 1304132321 0000 0000 Ack No is Nil as this is the first packet of the session 60 1010 0000 TCP header length is 6 double words ie 24 bytes. Next 4 bits are reserved for future use 02 0000 0010 TCP Flag byte showing SYN flag is set. This is connection initiation request 0c00 TCP window size is set to 3072 95a3 TCP checksum value is 38307 0000 Urgent Pointer field value is Nil. In the TCP flag field, Urgent code bit (URG flag) was also not set 0204 05b4 Optional parameter Maximum Segment Size value is 0x05b4 = 1460 bytes Packet # 2 20:52:50.764815 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], length: 44) linux-server.ssh > 10.63.129.199.49206: S [tcp sum ok] 826334583:826334583(0) ack 1304132322 win 5840 0x0000: 4500 002c 0000 4000 4006 cd6c c0a8 f60c E..,..@.@..l.... 0x0010: c0a8 f601 0050 c036 3140 dd77 4dbb 7ae2 .....P.61@.wM.z. 0x0020: 6012 16d0 7c0a 0000 0204 05b4 Bytes of the trace Breakdown in bits where necessary Description and significance 45 0100 0101 1st 4 bits represent IPv4; next 4 bits represent 5 double words long IP header (ie 20 bytes header) 00 Differentiated Services Field is not set. This byte was originally called the Type of Service (ToS) byte, but was redefined by RFC 2474 as the DS Field. It is used for marking packets for the purpose of applying different quality of service QoS) levels to different packets 002c Length of the Layer 3 packet is 44 bytes 0000 Identification value is 0. This value helps in assembling fragmented packets 4000 Don't fragment flag is ON. Next hop devices would either forward the packet without fragmenting or if their MTU is less, those will drop this packet 40 TTL (Time to Live) is 64 06 Layer 4 (transport layer)protocol is TCP Cd6c IP header checksum is 0xcd6c C0a8 f60c Source IP address is 192.168.246.12 c0a8 f601 Destination IP address is 192.168.246.1 0050 TCP layer source port no is 80 C036 TCP layer destination port no is 49206 3140 dd77 TCP sequence no is 826334583 4dbb 7ae2 Ack field is 1304132322. This is the packet expected next from the other end; which means that n-1 receipt is acknowledged 60 1010 0000 TCP header length is 6 double words ie 24 bytes. Next 4 bits are reserved for future use 12 0001 0010 TCP Flag byte showing ACK & SYN flags are set. This is willingness from the host to continue establishment of this TCP session. 16d0 TCP window size is set to 5840 7c0a TCP checksum value is 0x7c0a 0000 Urgent Pointer field value is Nil. In the TCP flag field, Urgent code bit (URG flag) was also not set 0204 05b4 Optional parameter Maximum Segment Size value is 0x05b4 = 1460 bytes Packet # 3 20:52:50.764815 IP (tos 0x0, ttl 46, id 28683, offset 0, flags [none], length: 44) 10.63.129.199.49206 > linux-server.http: S [tcp sum ok] 1304132321:1304132321(0) win 3072 0x0000: 4500 002c 700b 0000 2e06 af61 c0a8 f601 E..,p......a.... 0x0010: c0a8 f60c c036 0087 4dbb 7ae1 0000 0000 .....6..M.z..... 0x0020: 6002 0c00 956c 0000 0204 05b4 0000 ....l........ Bytes of the trace Breakdown in bits where necessary Description and significance 45 0100 0101 1st 4 bits represent IPv4; next 4 bits represent 5 double words long IP header (ie 20 bytes header) 00 Differentiated Services Field is not set. This byte was originally called the Type of Service (ToS) byte, but was redefined by RFC 2474 as the DS Field. It is used for marking packets for the purpose of applying different quality of service (QoS) levels to different packets 002c Length of the Layer 3 packet is 44 bytes 700b Identification value is 28683. This value helps in assembling fragmented packets 0000 IP header flags are not set 2e TTL (Time to Live) is 46 06 Layer 4 (transport layer)protocol is TCP af61 IP header checksum is 0xaf61 C0a8 f601 Source IP address is 192.168.246.01 c0a8 f60c Destination IP address is 192.168.246.12 C036 TCP layer source port no is 49206 0087 TCP layer destination port no is 135 which is for MS-RPC 4dbb 7ae1 TCP sequence no is 1304132321 0000 0000 Ack No is Nil as this is the first packet of the session 60 1010 0000 TCP header length is 6 double words ie 24 bytes. Next 4 bits are reserved for future use 02 0000 0010 TCP Flag byte showing SYN flag is set. This is connection initiation request 0c00 TCP window size is set to 3072 956c This is TCP checksum value 0000 Urgent Pointer field value is Nil. In the TCP flag field, Urgent code bit (URG flag) was also not set 0204 05b4 Optional parameter Maximum Segment Size value is 0x05b4 = 1460 bytes Packet # 4 20:52:50.764815 IP (tos 0x0, ttl 255, id 0, offset 0, flags [DF], length: 40) linux-server.http > 10.63.129.199.49206: R [tcp sum ok] 0:0(0) ack 1304132322 win 0 0x0000: 4500 0028 0000 4000 ff06 0e70 c0a8 f60c E..(..@....p.... 0x0010: c0a8 f601 0087 c036 0000 0000 4dbb 7ae2 .......6....M.z. 0x0020: 5014 0000 b915 0000 P....... Bytes of the trace Breakdown in bits where necessary Description and significance 45 0100 0101 1st 4 bits represent IPv4; next 4 bits represent 5 double words long IP header (ie 20 bytes header) 00 Differentiated Services Field is not set. This byte was originally called the Type of Service (ToS) byte, but was redefined by RFC 2474 as the DS Field. It is used for marking packets for the purpose of applying different quality of service QoS) levels to different packets 0028 Length of the Layer 3 packet is 40 bytes 0000 Identification value is 0. This value helps in assembling fragmented packets 4000 Don't fragment flag is ON. Next hop devices would either forward the packet without fragmenting or if their MTU is less, those will drop this packet ff TTL (Time to Live) is 255 06 Layer 4 (transport layer)protocol is TCP 0e70 This is IP header checksum C0a8 f60c Source IP address is 192.168.246.12 c0a8 f601 Destination IP address is 192.168.246.1 0087 TCP layer source port no is 135 C036 TCP layer destination port no is 49206 0000 0000 TCP sequence no is 0 4dbb 7ae2 Ack field is 1304132322. This is the packet expected next from the other end; which means that n-1 receipt is acknowledged 50 0101 0000 TCP header length is 5 double words ie 20 bytes. Next 4 bits are reserved for future use 14 0001 0100 TCP Flag byte showing ACK and RST flags are set. This is a message that the host is not going to entertain the inbound connection on TCP port 135 0000 TCP window size is not set b915 This is the TCP checksum value 0000 Urgent Pointer field value is Nil. In the TCP flag field, Urgent code bit (URG flag) was also not set Packet # 5 20:52:50.764815 IP (tos 0x0, ttl 37, id 43574, offset 0, flags [none], length: 44) 10.63.129.199.49206 > linux-server.netbios-ssn: S [tcp sum ok] 1304132321:1304132321(0) win 2048 0x0000: 4500 002c aa36 0000 2506 7e36 c0a8 f601 E..,.6..%.6.... 0x0010: c0a8 f60c c036 008b 4dbb 7ae1 0000 0000 .....6..M.z..... 0x0020: 6002 0800 9968 0000 0204 05b4 0000 ....h........ Bytes of the trace Breakdown in bits where necessary Description and significance 45 0100 0101 1st 4 bits represent IPv4; next 4 bits represent 5 double words long IP header (ie 20 bytes header) 00 Differentiated Services Field is not set. This byte was originally called the Type of Service (ToS) byte, but was redefined by RFC 2474 as the DS Field. It is used for marking packets for the purpose of applying different quality of service (QoS) levels to different packets 002c Length of the Layer 3 packet is 44 bytes aa36 Identification value is 43574 . This value helps in assembling fragmented packets 0000 IP header flags are not set 25 TTL (Time to Live) is 37 06 Layer 4 (transport layer)protocol is TCP 7d36 IP header checksum is 0x7e36 C0a8 f601 Source IP address is 192.168.246.1 c0a8 f60c Destination IP address is 192.168.246.12 C036 TCP layer source port no is 49206 008b TCP layer destination port no is 139 which is for netbios-ssn 4dbb 7ae1 TCP sequence no is 1304132321 0000 0000 Ack No is Nil as this is the first packet of the session 60 1010 0000 TCP header length is 6 double words ie 24 bytes. Next 4 bits are reserved for future use 02 0000 0010 TCP Flag byte showing SYN flag is set. This is connection initiation request from the host on a new port no 139 0800 TCP window size is set to 2048 9968 This is TCP checksum value 0000 Urgent Pointer field value is Nil. In the TCP flag field, Urgent code bit (URG flag) was also not set 0204 05b4 Optional parameter Maximum Segment Size value is 0x05b4 = 1460 bytes Packet # 6 20:52:50.764815 IP (tos 0x0, ttl 255, id 0, offset 0, flags [DF], length: 40) linux-server.netbios-ssn > 10.63.129.199.49206: R [tcp sum ok] 0:0(0) ack 1304132322 win 0 0x0000: 4500 0028 0000 4000 ff06 0e70 c0a8 f60c E..(..@....p.... 0x0010: c0a8 f601 008b c036 0000 0000 4dbb 7ae2 .......6....M.z. 0x0020: 5014 0000 b911 0000 P....... Bytes of the trace Breakdown in bits where necessary Description and significance 45 0100 0101 1st 4 bits represent IPv4; next 4 bits represent 5 double words long IP header (ie 20 bytes header) 00 Differentiated Services Field is not set. This byte was originally called the Type of Service (ToS) byte, but was redefined by RFC 2474 as the DS Field. It is used for marking packets for the purpose of applying different quality of service QoS) levels to different packets 0028 Length of the Layer 3 packet is 40 bytes 0000 Identification value is 0. This value helps in assembling fragmented packets 4000 Don't fragment flag is ON. Next hop devices would either forward the packet without fragmenting or if their MTU is less, those will drop this packet ff TTL (Time to Live) is 255 06 Layer 4 (transport layer)protocol is TCP 0e70 This is IP header checksum C0a8 f60c Source IP address is 192.168.246.12 c0a8 f601 Destination IP address is 192.168.246.1 008b TCP layer source port no is 139 C036 TCP layer destination port no is 49206 0000 0000 TCP sequence no is 0 4dbb 7ae2 Ack field is 1304132322. This is the packet expected next from the other end; which means that n-1 receipt is acknowledged 50 0101 0000 TCP header length is 5 double words ie 20 bytes. Next 4 bits are reserved for future use 14 0001 0100 TCP Flag byte showing RST & ACK flags are set. This is a message that the host is not going to entertain the inbound connection on port 139 0000 TCP window size is not set b911 This is the TCP checksum value 0000 Urgent Pointer field value is Nil. In the TCP flag field, Urgent code bit (URG flag) was also not set Packet # 7 20:52:50.764815 IP (tos 0x0, ttl 128, id 32061, offset 0, flags [none], length: 40) 10.63.129.199.49206 > linux-server.ssh: R [tcp sum ok] 1304132322:1304132322(0) win 0 0x0000: 4500 0028 7d3d 0000 8006 5033 c0a8 f601 E..(}=....P3.... 0x0010: c0a8 f60c c036 0050 4dbb 7ae2 4dbb 7ae2 .....6.PM.z.M.z. 0x0020: 5004 0000 f0be 0000 0000 0000 0000 P............. Bytes of the trace Breakdown in bits where necessary Description and significance 45 0100 0101 1st 4 bits represent IPv4; next 4 bits represent 5 double words long IP header (ie 20 bytes header) 00 Differentiated Services Field is not set. This byte was originally called the Type of Service (ToS) byte, but was redefined by RFC 2474 as the DS Field. It is used for marking packets for the purpose of applying different quality of service (QoS) levels to different packets 0028 Length of the Layer 3 packet is 40 bytes 7d3d Identification value is 32061. This value helps in assembling fragmented packets 0000 IP header flags are not set 80 TTL (Time to Live) is 128 06 Layer 4 (transport layer)protocol is TCP 5033 IP header checksum is 0x5033 C0a8 f601 Source IP address is 192.168.246.1 c0a8 f60c Destination IP address is 192.168.246.12 C036 TCP layer source port no is 49206 0050 TCP layer destination port no is 80 which is for http 4dbb 7ae2 TCP sequence no is 1304132322. This is the second packet for the first session which was initiated by the host on destination port 80 4dbb 7ae2 This is TCP ack no. calculated by adding the last received ack no (which is this packet's sequence no) and its segment length 50 0101 0000 TCP header length is 5 double words ie 20 bytes. Next 4 bits are reserved for future use 04 0000 0100 TCP Flag byte showing RST flag is set. This signifies that the initiator wants to reset the TCP connection 0000 TCP window size is set to Nil. Ack is required before further packets can be sent f0be This is TCP checksum value 0000 Urgent Pointer field value is Nil. In the TCP flag field, Urgent code bit (URG flag) was also not set Conclusion: This is not clear why description block is showing wrong IP addresses. - How come on same time stamp accurate upto micro second level, all communication took place. I have not seen such thing in practical environment + Two connections were reset by the server might be due to reason that it is not configured to listen on these ports. + One http connection was reset by the client itself even after getting SYN,ACK from the server. This can be due to the reason that on socket layer IP bound is 10.63.129.199 while the reply is received on 192.168.246.1 for which it is not expecting anything and thus the client itself sends out a RST message to the server References: 1. Douglas E. Comer, Internetworking with TCP/IP: Volume 1 - Principles, Protocols and Architecture, 3rd Edition, Prentice Hall, 1995, ISBN 0-13-216987-8. 2. Dan Farmer and Wietse Venema, Internet Security, Addison Wesley Longman, 1996, ISBN 0-201-63497-X 3. Chris McNab, Network Security Assessment: Know Your Network, Second Edition, O'Reilly, 2007, ISBN: 0-596-51030-6 Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(“Network Security Research Paper Example | Topics and Well Written Essays - 2500 words - 1”, n.d.)
Retrieved from https://studentshare.org/technology/1499724-network-security
(Network Security Research Paper Example | Topics and Well Written Essays - 2500 Words - 1)
https://studentshare.org/technology/1499724-network-security.
“Network Security Research Paper Example | Topics and Well Written Essays - 2500 Words - 1”, n.d. https://studentshare.org/technology/1499724-network-security.
  • Cited: 0 times

CHECK THESE SAMPLES OF Network Security

Major Importance of Network Security

Full Paper Title Name University Network Security In a world where information flows incessantly, companies usually spend a lot of in their endeavor to attain secure computer systems, including servers, firewall and security software, in addition to other areas of computer security such as the physical space and the rules of access.... The most popular Network Security appliance that is used in almost every small or corporate network to provide security is a firewall....
5 Pages (1250 words) Research Paper

Computer Network Security

The prime purpose of the paper "Computer Network Security" is to discuss patch management issues that frequently update security patches on systems.... Secondly, configuration management also plays an essential role in ensuring security for mission-critical aviation applications.... All the identified attack interfaces must be addressed by taking the following factors into consideration (Mitigating security threats by minimizing software attack surfaces....
4 Pages (1000 words) Essay

Data and Network Security

This paper ''Data and Network Security'' tells that The company is known as 'Enterprise Training Solutions' is involved in the primary activity of providing training services and is based in Leeds, England as well as in Edinburgh, Scotland.... This point signifies the fact that there are no notable security measures at least for the ground floor.... The fact that a large share of 'Enterprise training solutions' offices are located on the ground floor adds to the threat of a potential security breach....
11 Pages (2750 words) Essay

Network Security Assignment

Security policies provide roadmap to the IT staff that is planning Network Security implementations and identifies acceptable use of organizational resources; more so, it acts as a security contract with employees This paper makes a conclusion that all employees of the organization should adhere to the following policies of the company.... security on them other hand refers to the measures.... hellip; According to the report information security entails the adoption of specific measures that are supposed to prevent the unauthorized access, manipulation, use or the denial of access to any data, information, or capabilities that will ensure confidentiality....
9 Pages (2250 words) Assignment

Wireless Network Security

The wireless MANET network is associated with protocols that are not well designed in terms of Network Security, as there is no centralized administration to monitor or configure MANET.... However, most of the wireless network protocols associated with MANET is designed for optimum bandwidth utilization but not for optimal security.... This report talks about Mobile Ad Hoc network which refers to a type of mobile network in which each node has the ability to act as a router”....
7 Pages (1750 words) Essay

Network Security Planning

Furthermore, Network Security planning also aims at… This is made possible through developing additional security design aspects that are inevitable for the enhancement of control, visibility, and general safety Network Security planning Introduction Network Security planning entails developing best practices and measures for protecting the network infrastructure.... Furthermore, Network Security planning also aims at developing a strong foundation where more advanced security measures, techniques, and methods can be subsequently established....
2 Pages (500 words) Research Paper

Network Security Assessment

As a consultant of assessing the Network Security for a large… Network scanning on the other hand is the process of identifying any active networks either to attack or assess them.... As a consultant of assessing the Network Security for a large organization, I must undertake various methodologies and use various tools in this assessment.... This type of scanning makes use of a software that looks for flaws in the database, testing the system for such flaws and coming up with a report on the same that is useful in tightening the security of the system....
2 Pages (500 words) Essay

Network Security System

This case study "Network Security System" evaluates the network topology in the institution in terms of efficiency and safety and provides the best alternative or option for maintaining the security apparatus.... It specifically outlines the installation of a Perimeter Network Security system.... It specifically outlines the installation of a Perimeter Network Security system based on Cisco devices.... The present network topology and design of the computer present on the campus are highly at risk of being compromised in terms of security Bridge....
8 Pages (2000 words) Case Study
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us