entendiendo la red

index | OSiUX | blog | docs | charlas | links

Topología, redes y Subredes

  • centralizada

    redes-centralizadas.png

  • descentralizada
  • en malla o mesh

    redes-mesh.png

Asignación de IPs por medio de DHCP

  • DHCP server
  • DHCP client

Red de 4 equipos

redes-lan.png

B dice, necesito una IP!

  • mensaje: DHCPDISCOVER
  • protocolo: UDP
  • puerto destino: 67
  • dirección física: 01:12:23:34:45:bb

redes-dhcp-discover.png

D dice, yo te puedo dar IP!

  • mensaje: DHCPOFFER
  • dirección física: 01:12:23:34:45:dd
  • dirección IP: 192.168.10.102
  • gateway: 192.168.10.1
  • dns primario: 8.8.8.8
  • dns secundario: 8.8.4.4

redes-dhcp-offer.png

B dice, confirmo recepción!

  • mensaje: DHCPREQUEST

redes-dhcp-request.png

D dice, confirmo confirmación!

  • mensaje: DHCPACK

redes-dhcp-ack.png

Resolución de nombres de dominios DNS

host localhost
localhost.gcoop.com.ar has address 127.0.0.1
dig osiux.com

; <<>> DiG 9.8.4-P1 <<>> osiux.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12788
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;osiux.com.			IN	A

;; ANSWER SECTION:
osiux.com.		300	IN	A	96.8.118.129

;; Query time: 198 msec
;; SERVER: 192.168.10.3#53(192.168.10.3)
;; WHEN: Tue Apr  9 23:29:33 2013
;; MSG SIZE  rcvd: 43

viendo un paquete de query dns

tcpdump -r dns-query.pcap -nvX
02:14:20.301428 IP (tos 0x0, ttl 64, id 27874, offset 0, flags [none], proto UDP (17), length 55)
    127.0.0.1.57039 > 127.0.0.1.53: 39172+ A? osiux.com. (27)
	0x0000:  4500 0037 6ce2 0000 4011 0fd2 7f00 0001  E..7l...@.......
	0x0010:  7f00 0001 decf 0035 0023 fe36 9904 0100  .......5.#.6....
	0x0020:  0001 0000 0000 0000 056f 7369 7578 0363  .........osiux.c
	0x0030:  6f6d 0000 0100 01                        om.....

analizando un paquete de query dns

tshark -r dns-query.pcap -VO dns
Frame 1: 71 bytes on wire (568 bits), 71 bytes captured (568 bits)
Linux cooked capture
Internet Protocol Version 4, Src: 127.0.0.1 (127.0.0.1), Dst: 127.0.0.1 (127.0.0.1)
User Datagram Protocol, Src Port: 57039 (57039), Dst Port: domain (53)
Domain Name System (query)
    Transaction ID: 0x9904
    Flags: 0x0100 Standard query
	0... .... .... .... = Response: Message is a query
	.000 0... .... .... = Opcode: Standard query (0)
	.... ..0. .... .... = Truncated: Message is not truncated
	.... ...1 .... .... = Recursion desired: Do query recursively
	.... .... .0.. .... = Z: reserved (0)
	.... .... ...0 .... = Non-authenticated data: Unacceptable
    Questions: 1
    Answer RRs: 0
    Authority RRs: 0
    Additional RRs: 0
    Queries
	osiux.com: type A, class IN
	    Name: osiux.com
	    Type: A (Host address)
	    Class: IN (0x0001)

capturar consultas al dns

ssh root@linksys '/usr/sbin/tcpdump -i br0 -s 0 -w - dst port 53' >linksys.pcap 

ranking de dns

tcpdump -r linksys.pcap -c 2000 -nnnA dst port 53 | \
egrep -o "A+\? .*\." | sed s/".$"//g | awk '{print $2}' | \
egrep -v "(osiux|fbcdn|akamai)" | sort | uniq -c | sort -nr | head
47 www.facebook.com
42 dns.msftncsi.com
41 su.ff.avast.com
37 ssl.google-analytics.com
37 ipv6.msftncsi.com
32 www.habbo.es
26 imap.googlemail.com
21 dynamic.zoneedit.com
19 www.msftncsi.com
18 kiwwwi.com.ar

Sniffers nmap, dsniff

nmap

nmap -sV --open 192.168.10.0/24 -p22 | head

Túneles y Redes Privadas Virtuales VPN

Redireccionar puertos con ssh

ssh -L 2525:localhost:25 osiux.com    

Proxy Socks mediante ssh

ssh -D 9090 osiux.com    

Tunel reverso con ssh

ssh -R 12345:localhost:22 osiux.com    

Cómo saber la IP de un equipo?

B dice, cuál es la IP de D?

  • Se que D es 00:14:d1:18:4a:dd
  • Yo soy B y mi mac es 00:14:d1:18:4a:bb
  • Todos reciben paquete ARP por difusión

redes-arp-1.png

D contesta, mi IP es 10.4.14.225

redes-arp-2.png

Quénes están en esta red?

sudo arp-scan --interface eth0 --localnet

0 packets received by filter, 0 packets dropped by kernel
Ending arp-scan 1.8.1: 256 hosts scanned in 1.625 seconds (157.54 hosts/sec). 0 responded

pingueando

ping -c 5 127.0.0.1
PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data.
64 bytes from 127.0.0.1: icmp_req=1 ttl=64 time=0.066 ms
64 bytes from 127.0.0.1: icmp_req=2 ttl=64 time=0.050 ms
64 bytes from 127.0.0.1: icmp_req=3 ttl=64 time=0.050 ms
64 bytes from 127.0.0.1: icmp_req=4 ttl=64 time=0.048 ms
64 bytes from 127.0.0.1: icmp_req=5 ttl=64 time=0.049 ms

--- 127.0.0.1 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 3999ms
rtt min/avg/max/mdev = 0.048/0.052/0.066/0.010 ms

capturando pings

sudo tcpdump -i lo -nnnt -c 5 icmp    

viendo un ping

sudo tcpdump -i lo -nnntvvX -c 1 -e icmp
00:00:00:00:00:00 > 00:00:00:00:00:00, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 84)
    127.0.0.1 > 127.0.0.1: ICMP echo request, id 4177, seq 329, length 64
  0x0000:  4500 0054 0000 4000 4001 3ca7 7f00 0001  E..T..@.@.<.....
  0x0010:  7f00 0001 0800 a68d 1051 0149 e754 5e51  .........Q.I.T^Q
  0x0020:  022f 0d00 0809 0a0b 0c0d 0e0f 1011 1213  ./..............
  0x0030:  1415 1617 1819 1a1b 1c1d 1e1f 2021 2223  .............!"#
  0x0040:  2425 2627 2829 2a2b 2c2d 2e2f 3031 3233  $%&'()*+,-./0123
  0x0050:  3435 3637                                4567     

traceroute

traceroute -m 100 216.81.59.173
traceroute to 216.81.59.173 (216.81.59.173), 100 hops max, 60 byte packets
 1  malbec (192.168.10.3)  0.107 ms  0.087 ms  0.083 ms
 2  10.29.64.1 (10.29.64.1)  9.180 ms  9.206 ms  9.190 ms
 3  cpe-181-47-254-17.telecentro-reversos.com.ar (181.47.254.17)  9.645 ms  9.653 ms  9.706 ms
 4  telecentro.baires1.bai.seabone.net (195.22.220.33)  10.882 ms  10.307 ms  10.762 ms
 5  bundle-ether1.baires1.bai.seabone.net (195.22.220.32)  15.964 ms  16.074 ms  15.974 ms
 6  * * *
 7  xe-1-2-0.mia10.ip4.tinet.net (77.67.71.97)  142.397 ms  139.703 ms  142.354 ms
 8  xe-2-1-0.atl11.ip4.tinet.net (89.149.184.21)  156.811 ms xe-3-0-0.atl11.ip4.tinet.net (89.149.180.202)  158.695 ms  158.561 ms
 9  epik-networks-gw.ip4.tinet.net (77.67.69.158)  159.786 ms  159.491 ms  159.581 ms
10  po0-3.dsr2.atl.epikip.net (216.81.59.2)  176.330 ms  176.462 ms  176.281 ms
11  * * *
12  Episode.IV (206.214.251.1)  224.463 ms  226.258 ms  220.950 ms
13  A.NEW.HOPE (206.214.251.6)  250.974 ms  247.808 ms  259.092 ms
14  It.is.a.period.of.civil.war (206.214.251.9)  259.944 ms  250.907 ms  255.839 ms
15  Rebel.spaceships (206.214.251.14)  218.522 ms  226.211 ms  219.834 ms
16  striking.from.a.hidden.base (206.214.251.17)  241.201 ms  236.375 ms  232.261 ms
17  have.won.their.first.victory (206.214.251.22)  241.703 ms  236.591 ms  224.864 ms
18  against.the.evil.Galactic.Empire (206.214.251.25)  216.832 ms  216.318 ms  214.477 ms
19  During.the.battle (206.214.251.30)  208.949 ms  210.051 ms  208.008 ms
20  Rebel.spies.managed (206.214.251.33)  212.787 ms  212.294 ms  212.273 ms
21  to.steal.secret.plans (206.214.251.38)  255.908 ms  258.825 ms  257.972 ms
22  to.the.Empires.ultimate.weapon (206.214.251.41)  213.769 ms  213.009 ms  216.689 ms
23  the.DEATH.STAR (206.214.251.46)  218.461 ms  218.095 ms  219.359 ms
24  an.armored.space.station (206.214.251.49)  209.458 ms  211.553 ms  213.325 ms
25  with.enough.power.to (206.214.251.54)  216.680 ms  215.119 ms  215.551 ms
26  destroy.an.entire.planet (206.214.251.57)  229.043 ms  225.637 ms  225.987 ms
27  Pursued.by.the.Empires (206.214.251.62)  217.677 ms  217.609 ms  221.162 ms
28  sinister.agents (206.214.251.65)  212.421 ms  218.351 ms  217.477 ms
29  Princess.Leia.races.home (206.214.251.70)  217.438 ms  215.519 ms  215.707 ms
30  aboard.her.starship (206.214.251.73)  208.869 ms  211.286 ms  209.410 ms
31  custodian.of.the.stolen.plans (206.214.251.78)  254.545 ms  257.170 ms  257.258 ms
32  that.can.save.her (206.214.251.81)  230.703 ms  226.975 ms  224.884 ms
33  people.and.restore (206.214.251.86)  213.461 ms  212.716 ms  210.437 ms
34  freedom.to.the.galaxy (206.214.251.89)  240.426 ms  238.993 ms  238.415 ms
35  0-----I-------I-----0 (206.214.251.94)  225.745 ms  228.150 ms  227.564 ms
36  0------------------0 (206.214.251.97)  239.726 ms  242.001 ms  241.268 ms
37  0-----------------0 (206.214.251.102)  216.268 ms  217.171 ms  219.559 ms
38  0----------------0 (206.214.251.105)  213.450 ms  212.874 ms  210.651 ms
39  0---------------0 (206.214.251.110)  211.686 ms  212.642 ms  213.635 ms
40  0--------------0 (206.214.251.113)  243.655 ms  241.858 ms  238.552 ms
41  0-------------0 (206.214.251.118)  218.823 ms  217.698 ms  217.625 ms
42  0------------0 (206.214.251.121)  221.651 ms  217.936 ms  217.573 ms
43  0-----------0 (206.214.251.126)  254.899 ms  255.905 ms  253.906 ms
44  0----------0 (206.214.251.129)  219.658 ms  214.849 ms  218.945 ms
45  0---------0 (206.214.251.134)  254.542 ms  255.310 ms  258.304 ms
46  0--------0 (206.214.251.137)  221.805 ms  218.502 ms  216.293 ms
47  0-------0 (206.214.251.142)  218.543 ms  219.614 ms  218.705 ms
48  0------0 (206.214.251.145)  213.497 ms  216.123 ms  215.188 ms
49  0-----0 (206.214.251.150)  250.876 ms  250.727 ms  253.698 ms
50  0----0 (206.214.251.153)  217.614 ms  218.582 ms  219.936 ms
51  0---0 (206.214.251.158)  216.849 ms  214.232 ms  212.980 ms
52  0--0 (206.214.251.161)  217.178 ms  216.413 ms  215.734 ms
53  0-0 (206.214.251.166)  228.141 ms  231.885 ms  226.433 ms
54  00 (206.214.251.169)  255.405 ms  258.888 ms  258.736 ms
55  I (206.214.251.174)  239.065 ms  241.727 ms  241.572 ms
56  By.Ryan.Werber (206.214.251.177)  228.102 ms  226.607 ms  228.030 ms
57  Blizzards.Breed.CCIE.Creativity (206.214.251.182)  239.656 ms  238.884 ms  239.301 ms
58  Please.Try.Again.Tracerote.to.obiwan.scrye.net (206.214.251.185)  215.164 ms  215.725 ms  216.688 ms
59  read.more.at.beaglenetworks.net (206.214.251.190)  228.818 ms * *
traceroute -m 255 obiwan.scrye.net | awk {'print $2'}

protocolos

redes-protocolos-1.png

redes-protocolos-2.png

Qué tiene un paquete TCP/IP?

+------------------------+--------------------------+
| MAC origen fe:ca:fe:ca | MAC destino  ca:fe:ca:fe |
+------------------------+--------------------------+
| IP origen 192.168.1.22 | IP destino  96.8.118.129 |
+---------------------------------------------------+
| Puerto origen    45678 | Puerto destino: 80       |
+------------------------+--------------------------+
| Nro Secuencia    12345 | Nro ACK                  |
+---+---+---+---+---+----+--------------------------+
| U | A | P | R | S | F | GET / HTTP/1.0            |
| R | C | S | S | Y | I |                           |
| G | K | H | T | N | N |                           |
+---+---+---+---+---+---+---------------------------+

Ethernet header

|                   |1                  |2                  |3  |
|0|1|2|3|4|5|6|7|8|9|0|1|2|3|4|5|6|7|8|9|0|1|2|3|4|5|6|7|8|9|0|1|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|         Hardware type         |          Protocol type        |
+---------------+---------------+-------------------------------+
|Hw address len.|Pr address len.|             Opcode            |
+---------------+---------------+-------------------------------+
|               Source hardware address                         |
+---------------------------------------------------------------+
|               Source protocol address                         |
+---------------------------------------------------------------+
|               Destination hardware address                    |
+---------------------------------------------------------------+
|               Destination protocol address                    |
+---------------------------------------------------------------+
|                            Data                               |
+---------------------------------------------------------------+

IP header

|                   |1                  |2                  |3  |
|0|1|2|3|4|5|6|7|8|9|0|1|2|3|4|5|6|7|8|9|0|1|2|3|4|5|6|7|8|9|0|1|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|Version|  IHL  | Diff.Services |     Total length              |
+-------+-------+---------------+-----+-------------------------+
|        Identification         |Flags|         Fragment offset |
+---------------+---------------+-----+-------------------------+
|    TTL        | Protocol      | Header checksum               |
+---------------+---------------+-------------------------------+
|                       Source IP address                       |
+---------------------------------------------------------------+
|                  Destination IP address                       |
+---------------------------------------------------------------+
|                     Options and padding                       |
+---------------------------------------------------------------+

UPD header

|                   |1                  |2                  |3  |
|0|1|2|3|4|5|6|7|8|9|0|1|2|3|4|5|6|7|8|9|0|1|2|3|4|5|6|7|8|9|0|1|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|          Source Port          |        Destination Port       |
+-------------------------------+-------------------------------+
|          Length               |        Checksum               |
+-------------------------------+-------------------------------+
|                           Data                                |
+---------------------------------------------------------------+

TCP header

|                   |1                  |2                  |3  |
|0|1|2|3|4|5|6|7|8|9|0|1|2|3|4|5|6|7|8|9|0|1|2|3|4|5|6|7|8|9|0|1|
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|          Source Port          |        Destination Port       |
+-------------------------------+-------------------------------+
|                        Sequence Number                        |
+-------------------------------+-------------------------------+
|                     Acknowledgment Number                     |
+-------+-----+-----+-+-+-+-+-+-+-------------------------------+
|dOffset|rsrvd| ECN |U|A|P|R|S|F|        Window                 |
|       |     |     |R|C|S|S|Y|I|                               |
|       |     |     |G|K|H|T|N|N|                               |
+-------+-----+-----+-+-+-+-+-+-+-------------------------------+
| Checksum                      | Urgent Pointer                |
+-------------------------------+-------------------------------+
|                      Options and padding                      |
+---------------------------------------------------------------+
|                           Data                                |
+---------------------------------------------------------------+

ChangeLog

  • [2013-06-05 Wed] simplifico y hago correcciones varias
  • [2013-04-09 Tue] corrijo gráficos ascii-art
  • [2013-04-04 Thu] primer borrador general