SlideShare una empresa de Scribd logo

There and back again

Descargar como ODP, PDF
Jon Spriggs
Jon Spriggs

This talk was presented at PHPNW in December. It's a high level overview of how the Internet works.

1 de 24
“There and back again” How The Internet Works Photo: http://www.flickr.com/photos/86530412@N02/8210762750/ by StockMonkeys.com A talk by Jon “The Nice Guy” Spriggs First given at PHPNW December 2012
It's simple, right?
It's all about perspective ● The previous slide was right “from a certain point of view” ● But it left out a lot of complicated bits ● Things like: – What does your router do? – How does your ISP reach your server? – What about the network where the server is? ● So, let's drill down a bit
Much closer, but still not quite right
Getting across it all... ● Many of you will already refer to all your connections as being TCP/IP connections – They're not all TCP/IP, some are UDP/IP, or ICMP/IP, or just, IP, or ARP, or GRE/IP, or IPSEC/IP or … well, lots of things. – And that doesn't get us anywhere near the actual application protocol ● It's actually explained through a few different models – Some refer to it as the OSI Model (ISO/IEC 7498-1) – Some as the Internet Protocol Suite (RFC1112) ● But, the way you get from host to host, or host to network, is by piling a few different things on top of each other ● So, let's look at how that is supposed to work
Let's start with getting on your network. It's harder than it looks! ● We'll assume it's a CAT5e wired network with DHCP! ● Plug in both ends of the ethernet cable and provide power to the NIC ● Ethernet link (power & comms) detected, speed and duplex (optional), plus media type (optional++) is negotiated ● When using a switch, it learns the MAC address of the devices behind each port, and only sends packets for that MAC address to that port. Hubs used to be much more common, because they wouldn't learn MAC addresses, and would broadcast the traffic across all it's ports. An attacker could just attach to a hub and see all traffic, but with switches they must convince the network they have the MAC of the router. ● Computer requests DHCP address using it's MAC address and the DHCP server replies with an address, netmask, (optional) default route and a lease time. ● When the computer tries to connect to an IP address, it uses it's routing table. If the address is “directly connected” on the same subnet, it requests the MAC address of the IP address, otherwise it requests the MAC address of the gateway. ● The computer communicates at “Layer 2” with the MAC address it learned, and the rest of the link is assumed to have worked* ● If the computer is resolving a DNS name, it's got to communicate with the DNS server to ask for the IP address of the server, so it can start the IP dance again.
WOW, wasn't that hard! ● And this stuff happens EVERY time you connect! To anything. ● It's a wonder anything on the internet EVER works! ● And in that explanation you've not even got past your LOCAL network. ● 99% of the time, you don't need to know about this stuff, but sometimes it helps when you've got some weird error log, or network issue to understand how this all works.
TCP and UDP ● TCP is considered reliable, as it ensures a conversation can occur by using a handshake to prove two-way connections. – Used in HTTP, HTTPS, SMTP, LDAP, XMPP, FTP, SSH ● UDP is a “fire and forget” protocol – the connection is not guaranteed, which makes it a faster and efficient protocol, while not always reliable. – Used in DNS, TFTP, Syslog, NTP, VPNs* ● Some systems will use a combination of both TCP and UDP to perform different roles, for example voice or video conferencing products will set up the link using TCP, then share media over UDP. ● DNS uses UDP for client queries, and TCP to exchange updates between authoritative nodes and replication targets. ● There are other L3 protocols, such as GRE or ESP which use neither TCP or UDP to communicate.
So how does this routing thing work then? ● Routes are defined in one of three ways – Statically assigned ● Have I been told which way to go? ● A default gateway classes as this, as does anything added using route add – Dynamically (e.g. BGP, EIGRP, RIP, etc.) ● Has something else, which I trust, told me what networks live beyond it? – Local (IP address and NetMask defined) ● Does this address live in my subnet? ● A route has a “Metric” which defines the “cost” of using it, but there are rules, for example: – The metric is only relevant with equally specific networks, so, a route to the network 10.8.0.0/24 is more specific than a route to the 10.8.0.0/16 network – If we have two routes for 10.8.0.0/24, one with a Metric of 1, and the other with a Metric of 2, the Metric 1 “wins”, even if the Metric 1 gateway is down – If we have two routes for 10.8.0.0/24, with the same Metric, but where the gateway for one is up, and the other isn't, the gateway which is up “wins” – A local route can be overridden with a static route, but this gets messy FAST
WAN Accelerators ● A pair (or cluster) of WAN accelerators will tend to be deployed between your last router before the WAN router and the WAN router at either end of a high-volume or low capacity WAN link ● Each end builds a data dictionary which is exchanged with the other members and then sends just the dictionary entries ● Consider, much of IP traffic relates to the various packet headers, using a WAN accelerator can reduce the amount of traffic being sent over a known link, especially with high traffic targets (such as MS-AD servers or DNS)
Proxy ● Most of you will have seen/heard of these, particularly if you work for a company of any size above 2 or 3 employees. ● Usually deployed to broker a connection between you and a web server, a proxy will intercept the connection request to a remote server, do “stuff” with the content (cache it, filter it, strip stuff out, etc.) and then give you the content. ● It used to be very common before NAT was prevalent in network connections, letting several machines connect to the internet, appearing as one IP or service.
Reverse Proxy ● A reverse proxy exposes several services as one device sharing common ports ● Sometimes used to encrypt public traffic (HTTPS → HTTP), while permitting the private traffic to be intercepted and actions performed upon it (e.g. AV scans) ● Mostly seen with web servers, but sometimes mail, FTP or even several services on one port using a principal called multiplexing ● See also services such as pagekite which permits remote devices to share their web services with a public URL
Host Based Firewall ● Usually best examples of these are IPTables for Linux, Microsoft Firewall for Windows, PFSense for BSD. ● They prevent inbound connections where unexpected, and outbound connections where specified. ● Good for when you're on public wifi, 3g or raw internet. Useful if you've got a virus infection elsewhere in your local network.
Firewall (L2) ● A layer 2 firewall looks at the IP headers only (source IP and port, destination IP and port) ● It's called a layer 2 firewall, or sometimes a “bump in the wire”, because it's invisible to the devices either side of the firewall ● It will typically only have a management address, and will be connected between a switch and a router, or between a switch and a server.
Firewall (L3) ● Most common firewall deployment. ● Inspect inbound and outbound connections from a network, matching a white/black list. ● A common place to perform NAT ● This role, on a home network, is performed by your cable modem or ADSL router, usually...
Firewall (L7) ● Otherwise known as an Application Firewall ● This inspects traffic in known protocols (e.g. HTTP, HTTPS, FTP, SMTP, etc.) and applies Accept/Deny/Drop rules to those protocols. ● It is usually considered to be slower than L3 firewalls (sometimes even 1/10th as fast) ● Frequently used to hand off AV scanning etc. ● Usually deployed after an L3 Firewall
Intrusion Protection System ● Much like the L2 Firewalls, IPS devices tend to be “bump-in-the-wire” devices. ● They look for network anomalies ● Typically, IPS systems are updated more frequently than firewalls ● Some IPS devices can update L2, L3 and L7 firewalls to protect immediately against network threats.
Load Balancer ● A load balancer MAY – Work with a device to see how much load it is under – Look at how much traffic has been sent to a device – Round-Robin traffic to each “up” member – Poll each member to see whether it's still accepting requests ● And then will pass traffic from each request to one of the members of a cluster. ● Frequently seen in front of DNS servers, Web Servers, SMTP servers, etc.
VPN Terminators ● Usually seen in IPSec or SSL varieties ● Will terminate lots of incoming connections from external workers ● Mostly implemented as a hardware appliance, although many L3 firewalls will also perform the same role on existing hardware ● IPSec VPNs largely being replaced with SSL VPNs for “Road Warriors” and home workers, although Site-To- Site VPNs are still the domain of IPSec and Hardware gateways
Closer to your corporate networks
OK, that's enough devices, how about troubleshooting some of this? ● Tools include: – ifconfig/ipconfig ● Check your interfaces are up, and passing traffic OK – netstat ● Check your routing table and active/listening connections – ping/traceroute ● Check your connectivity from host to host – nslookup/dig/whois ● Check your DNS responses – nmap ● Check a device's listening services, your Network Topology, OS and App fingerprints – Packet Captures (e.g. wireshark, tcpdump, snoop) ● Check the traffic looks right
If we've got time, we can talk about some protocols, if you're interested? ● Hands up if you want to talk protocols – Such as HTTP and HTTPS – Or why SFTP is not the same as FTPS or FTP ● And what is the difference between Active and Passive FTP – Why SSH is better than Telnet, and SCP is better than FTP – How DNS works (I might need some help on this :D) – How DHCP works – Different VPN technologies (IPsec, OpenVPN, PPTP, SSH, and more) – Or something else...... you choose!
“There and back again” How The Internet Works Photo: http://www.flickr.com/photos/86530412@N02/8210762750/ by StockMonkeys.com Questions?

Recomendados

Dynamic Routing with FRR - pfSense Hangout December 2017
Dynamic Routing with FRR - pfSense Hangout December 2017Dynamic Routing with FRR - pfSense Hangout December 2017
Dynamic Routing with FRR - pfSense Hangout December 2017Netgate
 
Advanced OpenVPN Concepts on pfSense 2.4 & 2.3.3 - pfSense Hangout February 2017
Advanced OpenVPN Concepts on pfSense 2.4 & 2.3.3 - pfSense Hangout February 2017Advanced OpenVPN Concepts on pfSense 2.4 & 2.3.3 - pfSense Hangout February 2017
Advanced OpenVPN Concepts on pfSense 2.4 & 2.3.3 - pfSense Hangout February 2017Netgate
 
BGP Flowspec (RFC5575) Case study and Discussion
BGP Flowspec (RFC5575) Case study and DiscussionBGP Flowspec (RFC5575) Case study and Discussion
BGP Flowspec (RFC5575) Case study and DiscussionAPNIC
 
pfSense firewall workshop guide
pfSense firewall workshop guidepfSense firewall workshop guide
pfSense firewall workshop guideSopon Tumchota
 
Haystack Integration of NFC and DASH7
Haystack Integration of NFC and DASH7Haystack Integration of NFC and DASH7
Haystack Integration of NFC and DASH7Haystack Technologies
 
Tunneling vpn security and implementation
Tunneling vpn security and implementationTunneling vpn security and implementation
Tunneling vpn security and implementationMohibullah Saail
 
RADIUS and LDAP - pfSense Hangout August 2015
RADIUS and LDAP - pfSense Hangout August 2015RADIUS and LDAP - pfSense Hangout August 2015
RADIUS and LDAP - pfSense Hangout August 2015Netgate
 
More on Using Haystack + DASH7 with MQTT
More on Using Haystack + DASH7 with MQTTMore on Using Haystack + DASH7 with MQTT
More on Using Haystack + DASH7 with MQTTHaystack Technologies
 

Recomendados

Dynamic Routing with FRR - pfSense Hangout December 2017
Dynamic Routing with FRR - pfSense Hangout December 2017Dynamic Routing with FRR - pfSense Hangout December 2017
Dynamic Routing with FRR - pfSense Hangout December 2017Netgate
 
Advanced OpenVPN Concepts on pfSense 2.4 & 2.3.3 - pfSense Hangout February 2017
Advanced OpenVPN Concepts on pfSense 2.4 & 2.3.3 - pfSense Hangout February 2017Advanced OpenVPN Concepts on pfSense 2.4 & 2.3.3 - pfSense Hangout February 2017
Advanced OpenVPN Concepts on pfSense 2.4 & 2.3.3 - pfSense Hangout February 2017Netgate
 
BGP Flowspec (RFC5575) Case study and Discussion
BGP Flowspec (RFC5575) Case study and DiscussionBGP Flowspec (RFC5575) Case study and Discussion
BGP Flowspec (RFC5575) Case study and DiscussionAPNIC
 
pfSense firewall workshop guide
pfSense firewall workshop guidepfSense firewall workshop guide
pfSense firewall workshop guideSopon Tumchota
 
Haystack Integration of NFC and DASH7
Haystack Integration of NFC and DASH7Haystack Integration of NFC and DASH7
Haystack Integration of NFC and DASH7Haystack Technologies
 
Tunneling vpn security and implementation
Tunneling vpn security and implementationTunneling vpn security and implementation
Tunneling vpn security and implementationMohibullah Saail
 
RADIUS and LDAP - pfSense Hangout August 2015
RADIUS and LDAP - pfSense Hangout August 2015RADIUS and LDAP - pfSense Hangout August 2015
RADIUS and LDAP - pfSense Hangout August 2015Netgate
 
More on Using Haystack + DASH7 with MQTT
More on Using Haystack + DASH7 with MQTTMore on Using Haystack + DASH7 with MQTT
More on Using Haystack + DASH7 with MQTTHaystack Technologies
 
WebRTC
WebRTCWebRTC
WebRTCallanh0526
 
Guide to home networking
Guide to home networkingGuide to home networking
Guide to home networkingDilan Gilluly
 
Site to-multi site open vpn solution with mysql db
Site to-multi site open vpn solution with mysql dbSite to-multi site open vpn solution with mysql db
Site to-multi site open vpn solution with mysql dbChanaka Lasantha
 
Scripting on Routers - NANOG 47
Scripting on Routers - NANOG 47Scripting on Routers - NANOG 47
Scripting on Routers - NANOG 47Richard Steenbergen
 
CISSP Week 5
CISSP Week 5CISSP Week 5
CISSP Week 5jemtallon
 
Funtions of i pv6
Funtions of i pv6Funtions of i pv6
Funtions of i pv6thanhthat1
 
L2 tp
L2 tpL2 tp
L2 tpRamya Chowdary
 
MQTT + DASH7 Integration
MQTT + DASH7 IntegrationMQTT + DASH7 Integration
MQTT + DASH7 IntegrationHaystack Technologies
 
What is Ping
What is PingWhat is Ping
What is PingDisha Dudhal
 
A Practical Guide to (Correctly) Troubleshooting with Traceroute
A Practical Guide to (Correctly) Troubleshooting with TracerouteA Practical Guide to (Correctly) Troubleshooting with Traceroute
A Practical Guide to (Correctly) Troubleshooting with TracerouteRichard Steenbergen
 
Security and identity management on WebRTC
Security and identity management on WebRTCSecurity and identity management on WebRTC
Security and identity management on WebRTCQuobis
 
Introduction P2p
Introduction P2pIntroduction P2p
Introduction P2pDavide Carboni
 
Multivendor MPLS L3VPN
Multivendor MPLS L3VPNMultivendor MPLS L3VPN
Multivendor MPLS L3VPNStefano Sasso
 
Traceroute- A Networking Tool
Traceroute- A Networking ToolTraceroute- A Networking Tool
Traceroute- A Networking ToolAmit Kumar
 
Site to-multi site open vpn solution-latest
Site to-multi site open vpn solution-latestSite to-multi site open vpn solution-latest
Site to-multi site open vpn solution-latestChanaka Lasantha
 
Networking & dns 101
Networking & dns 101Networking & dns 101
Networking & dns 101Marc Cluet
 
Wireshark, Tcpdump and Network Performance tools
Wireshark, Tcpdump and Network Performance toolsWireshark, Tcpdump and Network Performance tools
Wireshark, Tcpdump and Network Performance toolsSachidananda Sahu
 
Low Latency Mobile Messaging using MQTT
Low Latency Mobile Messaging using MQTTLow Latency Mobile Messaging using MQTT
Low Latency Mobile Messaging using MQTTHenrik Sjöstrand
 
Packet analyzing with wireshark-basic of packet analyzing - Episode_02
Packet analyzing with wireshark-basic of packet analyzing - Episode_02Packet analyzing with wireshark-basic of packet analyzing - Episode_02
Packet analyzing with wireshark-basic of packet analyzing - Episode_02Dhananja Kariyawasam
 
Performance test
Performance testPerformance test
Performance testTony Fortunato
 
Zoe Romano_DesignLibrary_Creative Mornings
Zoe Romano_DesignLibrary_Creative MorningsZoe Romano_DesignLibrary_Creative Mornings
Zoe Romano_DesignLibrary_Creative MorningsDesignLibrary Milano
 
Contributing to Open Source
Contributing to Open SourceContributing to Open Source
Contributing to Open SourceAhmed Saeed
 

Más contenido relacionado

La actualidad más candente

Guide to home networking
Guide to home networkingGuide to home networking
Guide to home networkingDilan Gilluly
 
Site to-multi site open vpn solution with mysql db
Site to-multi site open vpn solution with mysql dbSite to-multi site open vpn solution with mysql db
Site to-multi site open vpn solution with mysql dbChanaka Lasantha
 
CISSP Week 5
CISSP Week 5CISSP Week 5
CISSP Week 5jemtallon
 
Funtions of i pv6
Funtions of i pv6Funtions of i pv6
Funtions of i pv6thanhthat1
 
A Practical Guide to (Correctly) Troubleshooting with Traceroute
A Practical Guide to (Correctly) Troubleshooting with TracerouteA Practical Guide to (Correctly) Troubleshooting with Traceroute
A Practical Guide to (Correctly) Troubleshooting with TracerouteRichard Steenbergen
 
Security and identity management on WebRTC
Security and identity management on WebRTCSecurity and identity management on WebRTC
Security and identity management on WebRTCQuobis
 
Multivendor MPLS L3VPN
Multivendor MPLS L3VPNMultivendor MPLS L3VPN
Multivendor MPLS L3VPNStefano Sasso
 
Traceroute- A Networking Tool
Traceroute- A Networking ToolTraceroute- A Networking Tool
Traceroute- A Networking ToolAmit Kumar
 
Site to-multi site open vpn solution-latest
Site to-multi site open vpn solution-latestSite to-multi site open vpn solution-latest
Site to-multi site open vpn solution-latestChanaka Lasantha
 
Networking & dns 101
Networking & dns 101Networking & dns 101
Networking & dns 101Marc Cluet
 
Wireshark, Tcpdump and Network Performance tools
Wireshark, Tcpdump and Network Performance toolsWireshark, Tcpdump and Network Performance tools
Wireshark, Tcpdump and Network Performance toolsSachidananda Sahu
 
Low Latency Mobile Messaging using MQTT
Low Latency Mobile Messaging using MQTTLow Latency Mobile Messaging using MQTT
Low Latency Mobile Messaging using MQTTHenrik Sjöstrand
 
Packet analyzing with wireshark-basic of packet analyzing - Episode_02
Packet analyzing with wireshark-basic of packet analyzing - Episode_02Packet analyzing with wireshark-basic of packet analyzing - Episode_02
Packet analyzing with wireshark-basic of packet analyzing - Episode_02Dhananja Kariyawasam
 

La actualidad más candente (20)

WebRTC
WebRTCWebRTC
WebRTC
 
Guide to home networking
Guide to home networkingGuide to home networking
Guide to home networking
 
Site to-multi site open vpn solution with mysql db
Site to-multi site open vpn solution with mysql dbSite to-multi site open vpn solution with mysql db
Site to-multi site open vpn solution with mysql db
 
Scripting on Routers - NANOG 47
Scripting on Routers - NANOG 47Scripting on Routers - NANOG 47
Scripting on Routers - NANOG 47
 
CISSP Week 5
CISSP Week 5CISSP Week 5
CISSP Week 5
 
Funtions of i pv6
Funtions of i pv6Funtions of i pv6
Funtions of i pv6
 
L2 tp
L2 tpL2 tp
L2 tp
 
MQTT + DASH7 Integration
MQTT + DASH7 IntegrationMQTT + DASH7 Integration
MQTT + DASH7 Integration
 
What is Ping
What is PingWhat is Ping
What is Ping
 
A Practical Guide to (Correctly) Troubleshooting with Traceroute
A Practical Guide to (Correctly) Troubleshooting with TracerouteA Practical Guide to (Correctly) Troubleshooting with Traceroute
A Practical Guide to (Correctly) Troubleshooting with Traceroute
 
Security and identity management on WebRTC
Security and identity management on WebRTCSecurity and identity management on WebRTC
Security and identity management on WebRTC
 
Introduction P2p
Introduction P2pIntroduction P2p
Introduction P2p
 
Multivendor MPLS L3VPN
Multivendor MPLS L3VPNMultivendor MPLS L3VPN
Multivendor MPLS L3VPN
 
Traceroute- A Networking Tool
Traceroute- A Networking ToolTraceroute- A Networking Tool
Traceroute- A Networking Tool
 
Site to-multi site open vpn solution-latest
Site to-multi site open vpn solution-latestSite to-multi site open vpn solution-latest
Site to-multi site open vpn solution-latest
 
Networking & dns 101
Networking & dns 101Networking & dns 101
Networking & dns 101
 
Wireshark, Tcpdump and Network Performance tools
Wireshark, Tcpdump and Network Performance toolsWireshark, Tcpdump and Network Performance tools
Wireshark, Tcpdump and Network Performance tools
 
Low Latency Mobile Messaging using MQTT
Low Latency Mobile Messaging using MQTTLow Latency Mobile Messaging using MQTT
Low Latency Mobile Messaging using MQTT
 
Packet analyzing with wireshark-basic of packet analyzing - Episode_02
Packet analyzing with wireshark-basic of packet analyzing - Episode_02Packet analyzing with wireshark-basic of packet analyzing - Episode_02
Packet analyzing with wireshark-basic of packet analyzing - Episode_02
 
Performance test
Performance testPerformance test
Performance test
 

Destacado

Zoe Romano_DesignLibrary_Creative Mornings
Zoe Romano_DesignLibrary_Creative MorningsZoe Romano_DesignLibrary_Creative Mornings
Zoe Romano_DesignLibrary_Creative MorningsDesignLibrary Milano
 
Contributing to Open Source
Contributing to Open SourceContributing to Open Source
Contributing to Open SourceAhmed Saeed
 
Git: The Lean, Mean, Distributed Machine
Git: The Lean, Mean, Distributed MachineGit: The Lean, Mean, Distributed Machine
Git: The Lean, Mean, Distributed Machineerr
 
Levelling up in open source
Levelling up in open sourceLevelling up in open source
Levelling up in open sourceJon Spriggs
 
Usability Speech (Jens Hoffmann) - T3CON08
Usability Speech (Jens Hoffmann) - T3CON08Usability Speech (Jens Hoffmann) - T3CON08
Usability Speech (Jens Hoffmann) - T3CON08Jens Hoffmann
 
Open Government Data and MongoDB
Open Government Data and MongoDBOpen Government Data and MongoDB
Open Government Data and MongoDBLuigi Montanez
 
Research success story in the making
Research success story in the makingResearch success story in the making
Research success story in the makingAhmed Saeed
 
Importing Code and Existing Containers to OpenShift - Minneapolis Docker Meet...
Importing Code and Existing Containers to OpenShift - Minneapolis Docker Meet...Importing Code and Existing Containers to OpenShift - Minneapolis Docker Meet...
Importing Code and Existing Containers to OpenShift - Minneapolis Docker Meet...Keith Resar
 

Destacado (10)

Zoe Romano_DesignLibrary_Creative Mornings
Zoe Romano_DesignLibrary_Creative MorningsZoe Romano_DesignLibrary_Creative Mornings
Zoe Romano_DesignLibrary_Creative Mornings
 
Contributing to Open Source
Contributing to Open SourceContributing to Open Source
Contributing to Open Source
 
Git: The Lean, Mean, Distributed Machine
Git: The Lean, Mean, Distributed MachineGit: The Lean, Mean, Distributed Machine
Git: The Lean, Mean, Distributed Machine
 
Get involved
Get involvedGet involved
Get involved
 
Levelling up in open source
Levelling up in open sourceLevelling up in open source
Levelling up in open source
 
Usability Speech (Jens Hoffmann) - T3CON08
Usability Speech (Jens Hoffmann) - T3CON08Usability Speech (Jens Hoffmann) - T3CON08
Usability Speech (Jens Hoffmann) - T3CON08
 
Open Government Data and MongoDB
Open Government Data and MongoDBOpen Government Data and MongoDB
Open Government Data and MongoDB
 
Research success story in the making
Research success story in the makingResearch success story in the making
Research success story in the making
 
Be A Civic Coder
Be A Civic CoderBe A Civic Coder
Be A Civic Coder
 
Importing Code and Existing Containers to OpenShift - Minneapolis Docker Meet...
Importing Code and Existing Containers to OpenShift - Minneapolis Docker Meet...Importing Code and Existing Containers to OpenShift - Minneapolis Docker Meet...
Importing Code and Existing Containers to OpenShift - Minneapolis Docker Meet...
 

Similar a There and back again

Basic ccna interview questions and answers ~ sysnet notes
Basic ccna interview questions and answers ~ sysnet notesBasic ccna interview questions and answers ~ sysnet notes
Basic ccna interview questions and answers ~ sysnet notesVamsi Krishna Kalavala
 
Network and security concepts
Network and security conceptsNetwork and security concepts
Network and security conceptssonuagain
 
The difference between a hub, switch and router webopedia
The difference between a hub, switch and router webopediaThe difference between a hub, switch and router webopedia
The difference between a hub, switch and router webopediaHarikiran Raju
 
Networks Have Layers - Understanding The OSI Model
Networks Have Layers - Understanding The OSI ModelNetworks Have Layers - Understanding The OSI Model
Networks Have Layers - Understanding The OSI ModelBrandon Checketts
 
The Evolving Internet Fndtn
The Evolving Internet FndtnThe Evolving Internet Fndtn
The Evolving Internet Fndtnguestbf78f8b
 
IPS NAT and VPN.pptx
IPS NAT and VPN.pptxIPS NAT and VPN.pptx
IPS NAT and VPN.pptxkarthikvcyber
 
The benefit of BGP for every service provider
The benefit of BGP for every service providerThe benefit of BGP for every service provider
The benefit of BGP for every service providerThomas Mangin
 
Hubs vs switches vs routers
Hubs vs switches vs routersHubs vs switches vs routers
Hubs vs switches vs routers3Anetwork com
 
Site-to-Site VPNs - pfSense Hangout November 2015
Site-to-Site VPNs - pfSense Hangout November 2015Site-to-Site VPNs - pfSense Hangout November 2015
Site-to-Site VPNs - pfSense Hangout November 2015Netgate
 
CISSP Week 7
CISSP Week 7CISSP Week 7
CISSP Week 7jemtallon
 
Learning series fundamentals of Networking and Medical Imaging
Learning series fundamentals of Networking and Medical ImagingLearning series fundamentals of Networking and Medical Imaging
Learning series fundamentals of Networking and Medical ImagingRyan Furlough, BSCPE CPAS
 
Understanding_Network_Devices.pptx
Understanding_Network_Devices.pptxUnderstanding_Network_Devices.pptx
Understanding_Network_Devices.pptxmeynard samson
 
NAT on pfSense 2.3 - pfSense Hangout May 2016
NAT on pfSense 2.3 - pfSense Hangout May 2016NAT on pfSense 2.3 - pfSense Hangout May 2016
NAT on pfSense 2.3 - pfSense Hangout May 2016Netgate
 
FlowER Erlang Openflow Controller
FlowER Erlang Openflow ControllerFlowER Erlang Openflow Controller
FlowER Erlang Openflow ControllerHolger Winkelmann
 
Basic Introduction to Technology (networking).pdf
Basic Introduction to Technology (networking).pdfBasic Introduction to Technology (networking).pdf
Basic Introduction to Technology (networking).pdftthind
 
Simplified Networking and Troubleshooting for K-12 Teachers
Simplified Networking and Troubleshooting for K-12 TeachersSimplified Networking and Troubleshooting for K-12 Teachers
Simplified Networking and Troubleshooting for K-12 Teacherswebhostingguy
 

Similar a There and back again (20)

Basic ccna interview questions and answers ~ sysnet notes
Basic ccna interview questions and answers ~ sysnet notesBasic ccna interview questions and answers ~ sysnet notes
Basic ccna interview questions and answers ~ sysnet notes
 
Network and security concepts
Network and security conceptsNetwork and security concepts
Network and security concepts
 
The difference between a hub, switch and router webopedia
The difference between a hub, switch and router webopediaThe difference between a hub, switch and router webopedia
The difference between a hub, switch and router webopedia
 
Mcse question
Mcse questionMcse question
Mcse question
 
class12_Networking2
class12_Networking2class12_Networking2
class12_Networking2
 
Networks Have Layers - Understanding The OSI Model
Networks Have Layers - Understanding The OSI ModelNetworks Have Layers - Understanding The OSI Model
Networks Have Layers - Understanding The OSI Model
 
The Evolving Internet Fndtn
The Evolving Internet FndtnThe Evolving Internet Fndtn
The Evolving Internet Fndtn
 
IPS NAT and VPN.pptx
IPS NAT and VPN.pptxIPS NAT and VPN.pptx
IPS NAT and VPN.pptx
 
The benefit of BGP for every service provider
The benefit of BGP for every service providerThe benefit of BGP for every service provider
The benefit of BGP for every service provider
 
Hubs vs switches vs routers
Hubs vs switches vs routersHubs vs switches vs routers
Hubs vs switches vs routers
 
Site-to-Site VPNs - pfSense Hangout November 2015
Site-to-Site VPNs - pfSense Hangout November 2015Site-to-Site VPNs - pfSense Hangout November 2015
Site-to-Site VPNs - pfSense Hangout November 2015
 
CISSP Week 7
CISSP Week 7CISSP Week 7
CISSP Week 7
 
Learning series fundamentals of Networking and Medical Imaging
Learning series fundamentals of Networking and Medical ImagingLearning series fundamentals of Networking and Medical Imaging
Learning series fundamentals of Networking and Medical Imaging
 
Understanding_Network_Devices.pptx
Understanding_Network_Devices.pptxUnderstanding_Network_Devices.pptx
Understanding_Network_Devices.pptx
 
NAT on pfSense 2.3 - pfSense Hangout May 2016
NAT on pfSense 2.3 - pfSense Hangout May 2016NAT on pfSense 2.3 - pfSense Hangout May 2016
NAT on pfSense 2.3 - pfSense Hangout May 2016
 
FlowER Erlang Openflow Controller
FlowER Erlang Openflow ControllerFlowER Erlang Openflow Controller
FlowER Erlang Openflow Controller
 
Basic Networking
Basic NetworkingBasic Networking
Basic Networking
 
Basic Introduction to Technology (networking).pdf
Basic Introduction to Technology (networking).pdfBasic Introduction to Technology (networking).pdf
Basic Introduction to Technology (networking).pdf
 
Simplified Networking and Troubleshooting for K-12 Teachers
Simplified Networking and Troubleshooting for K-12 TeachersSimplified Networking and Troubleshooting for K-12 Teachers
Simplified Networking and Troubleshooting for K-12 Teachers
 
lis508p02a-10.ppt
lis508p02a-10.pptlis508p02a-10.ppt
lis508p02a-10.ppt
 

Más de Jon Spriggs

Why use version control software
Why use version control softwareWhy use version control software
Why use version control softwareJon Spriggs
 
Resources For Floss Projects
Resources For Floss ProjectsResources For Floss Projects
Resources For Floss ProjectsJon Spriggs
 
Routers Firewalls And Proxies - OH MY!
Routers Firewalls And Proxies - OH MY!Routers Firewalls And Proxies - OH MY!
Routers Firewalls And Proxies - OH MY!Jon Spriggs
 
Identity On The Internet
Identity On The InternetIdentity On The Internet
Identity On The InternetJon Spriggs
 
An introduction to µBlogging
An introduction to µBloggingAn introduction to µBlogging
An introduction to µBloggingJon Spriggs
 
Using SMS in your personal project
Using SMS in your personal projectUsing SMS in your personal project
Using SMS in your personal projectJon Spriggs
 

Más de Jon Spriggs (7)

Why use version control software
Why use version control softwareWhy use version control software
Why use version control software
 
Resources For Floss Projects
Resources For Floss ProjectsResources For Floss Projects
Resources For Floss Projects
 
Routers Firewalls And Proxies - OH MY!
Routers Firewalls And Proxies - OH MY!Routers Firewalls And Proxies - OH MY!
Routers Firewalls And Proxies - OH MY!
 
Installing Gpg
Installing GpgInstalling Gpg
Installing Gpg
 
Identity On The Internet
Identity On The InternetIdentity On The Internet
Identity On The Internet
 
An introduction to µBlogging
An introduction to µBloggingAn introduction to µBlogging
An introduction to µBlogging
 
Using SMS in your personal project
Using SMS in your personal projectUsing SMS in your personal project
Using SMS in your personal project
 

There and back again

  • 1. “There and back again” How The Internet Works Photo: http://www.flickr.com/photos/86530412@N02/8210762750/ by StockMonkeys.com A talk by Jon “The Nice Guy” Spriggs First given at PHPNW December 2012
  • 3. It's all about perspective ● The previous slide was right “from a certain point of view” ● But it left out a lot of complicated bits ● Things like: – What does your router do? – How does your ISP reach your server? – What about the network where the server is? ● So, let's drill down a bit
  • 4. Much closer, but still not quite right
  • 5. Getting across it all... ● Many of you will already refer to all your connections as being TCP/IP connections – They're not all TCP/IP, some are UDP/IP, or ICMP/IP, or just, IP, or ARP, or GRE/IP, or IPSEC/IP or … well, lots of things. – And that doesn't get us anywhere near the actual application protocol ● It's actually explained through a few different models – Some refer to it as the OSI Model (ISO/IEC 7498-1) – Some as the Internet Protocol Suite (RFC1112) ● But, the way you get from host to host, or host to network, is by piling a few different things on top of each other ● So, let's look at how that is supposed to work
  • 6.
  • 7. Let's start with getting on your network. It's harder than it looks! ● We'll assume it's a CAT5e wired network with DHCP! ● Plug in both ends of the ethernet cable and provide power to the NIC ● Ethernet link (power & comms) detected, speed and duplex (optional), plus media type (optional++) is negotiated ● When using a switch, it learns the MAC address of the devices behind each port, and only sends packets for that MAC address to that port. Hubs used to be much more common, because they wouldn't learn MAC addresses, and would broadcast the traffic across all it's ports. An attacker could just attach to a hub and see all traffic, but with switches they must convince the network they have the MAC of the router. ● Computer requests DHCP address using it's MAC address and the DHCP server replies with an address, netmask, (optional) default route and a lease time. ● When the computer tries to connect to an IP address, it uses it's routing table. If the address is “directly connected” on the same subnet, it requests the MAC address of the IP address, otherwise it requests the MAC address of the gateway. ● The computer communicates at “Layer 2” with the MAC address it learned, and the rest of the link is assumed to have worked* ● If the computer is resolving a DNS name, it's got to communicate with the DNS server to ask for the IP address of the server, so it can start the IP dance again.
  • 8. WOW, wasn't that hard! ● And this stuff happens EVERY time you connect! To anything. ● It's a wonder anything on the internet EVER works! ● And in that explanation you've not even got past your LOCAL network. ● 99% of the time, you don't need to know about this stuff, but sometimes it helps when you've got some weird error log, or network issue to understand how this all works.
  • 9. TCP and UDP ● TCP is considered reliable, as it ensures a conversation can occur by using a handshake to prove two-way connections. – Used in HTTP, HTTPS, SMTP, LDAP, XMPP, FTP, SSH ● UDP is a “fire and forget” protocol – the connection is not guaranteed, which makes it a faster and efficient protocol, while not always reliable. – Used in DNS, TFTP, Syslog, NTP, VPNs* ● Some systems will use a combination of both TCP and UDP to perform different roles, for example voice or video conferencing products will set up the link using TCP, then share media over UDP. ● DNS uses UDP for client queries, and TCP to exchange updates between authoritative nodes and replication targets. ● There are other L3 protocols, such as GRE or ESP which use neither TCP or UDP to communicate.
  • 10. So how does this routing thing work then? ● Routes are defined in one of three ways – Statically assigned ● Have I been told which way to go? ● A default gateway classes as this, as does anything added using route add – Dynamically (e.g. BGP, EIGRP, RIP, etc.) ● Has something else, which I trust, told me what networks live beyond it? – Local (IP address and NetMask defined) ● Does this address live in my subnet? ● A route has a “Metric” which defines the “cost” of using it, but there are rules, for example: – The metric is only relevant with equally specific networks, so, a route to the network 10.8.0.0/24 is more specific than a route to the 10.8.0.0/16 network – If we have two routes for 10.8.0.0/24, one with a Metric of 1, and the other with a Metric of 2, the Metric 1 “wins”, even if the Metric 1 gateway is down – If we have two routes for 10.8.0.0/24, with the same Metric, but where the gateway for one is up, and the other isn't, the gateway which is up “wins” – A local route can be overridden with a static route, but this gets messy FAST
  • 11. WAN Accelerators ● A pair (or cluster) of WAN accelerators will tend to be deployed between your last router before the WAN router and the WAN router at either end of a high-volume or low capacity WAN link ● Each end builds a data dictionary which is exchanged with the other members and then sends just the dictionary entries ● Consider, much of IP traffic relates to the various packet headers, using a WAN accelerator can reduce the amount of traffic being sent over a known link, especially with high traffic targets (such as MS-AD servers or DNS)
  • 12. Proxy ● Most of you will have seen/heard of these, particularly if you work for a company of any size above 2 or 3 employees. ● Usually deployed to broker a connection between you and a web server, a proxy will intercept the connection request to a remote server, do “stuff” with the content (cache it, filter it, strip stuff out, etc.) and then give you the content. ● It used to be very common before NAT was prevalent in network connections, letting several machines connect to the internet, appearing as one IP or service.
  • 13. Reverse Proxy ● A reverse proxy exposes several services as one device sharing common ports ● Sometimes used to encrypt public traffic (HTTPS → HTTP), while permitting the private traffic to be intercepted and actions performed upon it (e.g. AV scans) ● Mostly seen with web servers, but sometimes mail, FTP or even several services on one port using a principal called multiplexing ● See also services such as pagekite which permits remote devices to share their web services with a public URL
  • 14. Host Based Firewall ● Usually best examples of these are IPTables for Linux, Microsoft Firewall for Windows, PFSense for BSD. ● They prevent inbound connections where unexpected, and outbound connections where specified. ● Good for when you're on public wifi, 3g or raw internet. Useful if you've got a virus infection elsewhere in your local network.
  • 15. Firewall (L2) ● A layer 2 firewall looks at the IP headers only (source IP and port, destination IP and port) ● It's called a layer 2 firewall, or sometimes a “bump in the wire”, because it's invisible to the devices either side of the firewall ● It will typically only have a management address, and will be connected between a switch and a router, or between a switch and a server.
  • 16. Firewall (L3) ● Most common firewall deployment. ● Inspect inbound and outbound connections from a network, matching a white/black list. ● A common place to perform NAT ● This role, on a home network, is performed by your cable modem or ADSL router, usually...
  • 17. Firewall (L7) ● Otherwise known as an Application Firewall ● This inspects traffic in known protocols (e.g. HTTP, HTTPS, FTP, SMTP, etc.) and applies Accept/Deny/Drop rules to those protocols. ● It is usually considered to be slower than L3 firewalls (sometimes even 1/10th as fast) ● Frequently used to hand off AV scanning etc. ● Usually deployed after an L3 Firewall
  • 18. Intrusion Protection System ● Much like the L2 Firewalls, IPS devices tend to be “bump-in-the-wire” devices. ● They look for network anomalies ● Typically, IPS systems are updated more frequently than firewalls ● Some IPS devices can update L2, L3 and L7 firewalls to protect immediately against network threats.
  • 19. Load Balancer ● A load balancer MAY – Work with a device to see how much load it is under – Look at how much traffic has been sent to a device – Round-Robin traffic to each “up” member – Poll each member to see whether it's still accepting requests ● And then will pass traffic from each request to one of the members of a cluster. ● Frequently seen in front of DNS servers, Web Servers, SMTP servers, etc.
  • 20. VPN Terminators ● Usually seen in IPSec or SSL varieties ● Will terminate lots of incoming connections from external workers ● Mostly implemented as a hardware appliance, although many L3 firewalls will also perform the same role on existing hardware ● IPSec VPNs largely being replaced with SSL VPNs for “Road Warriors” and home workers, although Site-To- Site VPNs are still the domain of IPSec and Hardware gateways
  • 21. Closer to your corporate networks
  • 22. OK, that's enough devices, how about troubleshooting some of this? ● Tools include: – ifconfig/ipconfig ● Check your interfaces are up, and passing traffic OK – netstat ● Check your routing table and active/listening connections – ping/traceroute ● Check your connectivity from host to host – nslookup/dig/whois ● Check your DNS responses – nmap ● Check a device's listening services, your Network Topology, OS and App fingerprints – Packet Captures (e.g. wireshark, tcpdump, snoop) ● Check the traffic looks right
  • 23. If we've got time, we can talk about some protocols, if you're interested? ● Hands up if you want to talk protocols – Such as HTTP and HTTPS – Or why SFTP is not the same as FTPS or FTP ● And what is the difference between Active and Passive FTP – Why SSH is better than Telnet, and SCP is better than FTP – How DNS works (I might need some help on this :D) – How DHCP works – Different VPN technologies (IPsec, OpenVPN, PPTP, SSH, and more) – Or something else...... you choose!
  • 24. “There and back again” How The Internet Works Photo: http://www.flickr.com/photos/86530412@N02/8210762750/ by StockMonkeys.com Questions?

Notas del editor

  1. 7. Application layer e.g. DNS, FTP, HTTP, SSH 6. Presentation layer e.g. MIME 5. Session layer e.g. Named pipe, NetBIOS, SOCKS, SPDY or TLS/SSL 4. Transport layer e.g. TCP or UDP 3. Network layer e.g. IP (v4, v6), ARP, IPsec 2. Data link layer e.g. SLIP, PLIP, IEEE 802.3 (ethernet), PPP 1. Physical layer e.g. IEEE 802.3, IEEE 802.11, USB, Bluetooth, RS-232