Network Security through the protocol Essay Example | Topics and Well Written Essays - 1500 words

Network Security through the protocol - Essay Example DF is the flag Don't Fragment S is the first part of three-way TCP handshake (SYN, SYN, ACK) Seq is the sequence number Ack is the Acknowledgement TcpLen is the length of the TCP protocol TcpOption Provision for optional header fields MSS 1460 is the maximum segment size, or maximum IP datagram size that can be handled without using fragmentation. Both sides of the connection must agree on a value; if they are different, the lower value is used. As we have seen the dissection of the above packet we will directly get into packet analyses for the rest of the packets. Analyses of all the network packets: 08/16-15:27:17.820587 193.63.129.192:1843 -> 193.63.129.187:139 TCP TTL:128 TOS:0x0 ID:48195 IpLen:20 DgmLen:44 DF ******S* Seq: 0xF1908361 Ack: 0x0 Win: 0x2000 TcpLen: 24 TCP Options (1) => MSS: 1460 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ At this packet the source address is sending information to the destination through TCP. Here the initial phase of the TCP is done. Sync is done in the TCP handshake. The sequence number is given in hexadecimal. Now the destination 193.63.129.187 would receive the packet and send an acknowledgement back to the source. 08/16-15:27:17.820656 193.63.129.187:139 -> 193.63.129.192:1843 TCP TTL:128 TOS:0x0 ID:2676 IpLen:20 DgmLen:44 DF ***A**S* Seq: 0x7CFB7BBA Ack: 0xF1908362 Win: 0x2238 TcpLen: 24 TCP Options (1) => MSS: 1460 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ Here we see that the destination with port 139 has sent an acknowledgement back to the source 192.63.129.187 with an acknowledgement 0xF1908362. This Ack would be received by the 192.63.129.187. 08/16-15:27:17.820785 193.63.129.192:1843 -> 193.63.129.187:139 TCP TTL:128 TOS:0x0...Generally these packets can be easily sniffed using different packet sniffers like wireshark, snort, capsa etc., These packet analyzers are generally used so that it can used to analyze any kind of network problem, it can be used to detect the network intrusion attempts, it can gain information for effecting a network intrusion, to monitor the network usage, to debug client and server communication. Here let us analyze and decode the network packets. MSS 1460 is the maximum segment size, or maximum IP datagram size that can be handled without using fragmentation. Both sides of the connection must agree on a value; if they are different, the lower value is used. At this packet the source address is sending information to the destination through TCP. Here the initial phase of the TCP is done. Sync is done in the TCP handshake. The sequence number is given in hexadecimal. Now being familiar with all the packet information let us move forward where the actual data has been transmitted between the two IP address. In the above packet we can see the hex dump of the packet where there is a message sent to the destination here. This is where the Session Request is done. Similarly the above packet gathers the acknowledgement of the previous packets and sends it as the sequence to the destination address where the connection has been established.