bn2019_2

arp -a

Packet Logging/Editing Decode Buffer Capture Driver Logging: permanent storage of packets for offline analysis Decode: packets must be decoded to human readable form. Buffer: packets must temporarily buffered prior to storage or processing. Capture driver: software driver to capture and filter network traffic.

Router Attacker

root@kali:/home/bungae# arpspoof -t 172.16.181.144 172.16.181.2 0:c:29:12:d:cd 0:c:29:4b:3a:ad 0806 42: arp reply 172.16.181.2 is-at 0:c:29:12:d:cd 0:c:29:12:d:cd 0:c:29:4b:3a:ad 0806 42: arp reply 172.16.181.2 is-at 0:c:29:12:d:cd 0:c:29:12:d:cd 0:c:29:4b:3a:ad 0806 42: arp reply 172.16.181.2 is-at 0:c:29:12:d:cd 0:c:29:12:d:cd 0:c:29:4b:3a:ad 0806 42: arp reply 172.16.181.2 is-at 0:c:29:12:d:cd

root@kali:~# tcpdump -v -XX arp tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes 20:57:41.840307 ARP, Ethernet (len 6), IPv4 (len 4), Reply _gateway is-at 00:0c:29:12:0d:cd (oui Unknown), length 28 0x0000: 000c 294b 3aad 000c 2912 0dcd 0806 0001..)K:...)... 0x0010: 0800 0604 0002 000c 2912 0dcd ac10 b502...)... 0x0020: 000c 294b 3aad ac10 b590..)k:... 20:57:43.840542 ARP, Ethernet (len 6), IPv4 (len 4), Reply _gateway is-at 00:0c:29:12:0d:cd (oui Unknown), length 28 0x0000: 000c 294b 3aad 000c 2912 0dcd 0806 0001..)K:...)... 0x0010: 0800 0604 0002 000c 2912 0dcd ac10 b502...)... 0x0020: 000c 294b 3aad ac10 b590..)k:...

root@kali:~# tcpdump -n -v icmp tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes 21:35:47.815183 IP (tos 0x0, ttl 64, id 43041, offset 0, flags [DF], proto ICMP (1), length 1500) 172.16.181.141 > 210.89.160.88: ICMP echo request, id 6076, seq 1, length 1480 root@kali:~# tcpdump -n -v icmp tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes 21:35:14.377091 IP (tos 0x0, ttl 64, id 19232, offset 0, flags [+], proto ICMP (1), length 1500) 172.16.181.141 > 210.89.164.90: ICMP echo request, id 6071, seq 1, length 1480 21:35:14.377174 IP (tos 0x0, ttl 64, id 19232, offset 1480, flags [none], proto ICMP (1), length 21) 172.16.181.141 > 210.89.164.90: ip-proto-1

Class A 0 1 2... 8 16 24 31 [bit]] 0 netid hostid Class B 1 0 netid hostid Class C 1 1 0 netid hostid Class D 1 1 1 0 Multicast address 11111111 11111111 11111111 00000000 255 255 255 0 Class C 주소 Subnet mask 11111111 11111111 11111111 11 000000 서브네트로 2bit 사용 255 255 255 0 Subnet mask

Reserved address blocks CIDR address block Description Reference 0.0.0.0/8 Current network (only valid as source address) RFC 1700 10.0.0.0/8 Private network RFC 1918 14.0.0.0/8 Public data networks RFC 1700 127.0.0.0/8 Loopback RFC 3330 128.0.0.0/16 Reserved (IANA) RFC 3330 169.254.0.0/16 Link-Local RFC 3927 172.16.0.0/12 Private network RFC 1918 191.255.0.0/16 Reserved (IANA) RFC 3330 192.0.0.0/24 Reserved (IANA) RFC 3330 192.0.2.0/24 Documentation and example code RFC 3330 192.88.99.0/24 IPv6 to IPv4 relay RFC 3068 192.168.0.0/16 Private network RFC 1918 198.18.0.0/15 Network benchmark tests RFC 2544 223.255.255.0/24 Reserved (IANA) RFC 3330 224.0.0.0/4 Multicasts (former Class D network) RFC 3171 240.0.0.0/4 Reserved (former Class E network) RFC 1700 255.255.255.255 Broadcast

void main() { unsigned int i; int c; i=0x4500+0x002c+0x02e4+0x8006+0x4a7d+0x8268+0xac10+0xb58d; if (i>0xffff) { }

08:16:48.095814 IP (tos 0x0, ttl 53, id 61092, offset 0, flags [none], proto TCP (6), length 60) 172.217.24.36.80 > 192.168.0.89.57664: Flags [S.], cksum 0xba9f (correct), seq 3366308004, ack 710814350, win 42408, options [mss 1380,sackOK,TS val 3588274860 ecr 1194836588,nop,wscale 7], length 0 0x0000: 4500 003c eea4 0000 3506 1119 acd9 1824 E..<...5...$ 0x0010: c0a8 0059 0050 e140 c8a5 c8a4 2a5e 2a8e...Y.P.@...*^*. 0x0020: a012 a5a8 ba9f 0000 0204 0564 0402 080a...d... 0x0030: d5e0 baac 4737 c26c 0103 0307...G7.l...

Packet Logging/Editing Decode Buffer Capture Driver Media Logging: permanent storage of packets for offline analysis Decode: packets must be decoded to human readable form. Buffer: packets must temporarily buffered prior to storage or processing. Capture driver: software driver to capture and filter network traffic. Media: usually an Ethernet card but could also be a wireless card or anything else.

FTP Mail http Etc 응용 프로그램 소켓 소켓 소켓 소켓 소켓 Port 21 번 Port 25 번 Port 80 번 Port 1025 번 Port IP :1.2.3.4

A B SEQ ACK SEQ ACK A0 0 -> SYN <-SYN,ACK B0 A1 A1 B1 -> ACK A1 B1 ->PSH,ACK 데이터 21B <-ACK B1 A22 <-PSH,ACK 데이터 1068B A22 B1069 ->ACK B1 A22 <- FIN, ACK B1069 A22 A22 B1070 -> ACK A22 B1070 -> FIN, ACK <-ACK B1070 A23

4XX ( 클라이언트에러 ) 400 bad request 401 unauthorized 403 forbidden 404 not found 5XX ( 서버에러 ) 500 int. server error 501 not impl. 502 bad gateway 503 svc not avail