New protocols and other network services are generally easier to add to a layered architecture. The reason for using a layered networking approach is that a layered model takes a task, such as data communications, and breaks it into a series of tasks, activities or components, each of which is defined and developed independently. But the more you use this (and you will) the faster it will come to you. ![]() I know it looks long and complicated at first, and trust me it is. If you are serious about learning networking and information security, my advice is to memorize this image. The model is divided into seven layers, as shown below. Think of it this way, the OSI model describes the steps to be used to transfer data from one networked device to another. The OSI model is a layered model that describes how information moves from an application running on one networked computer to an application running on another networked computer. I believe knowing how something works is much better than just learning to do it, so let's dive into some networking! The Open Source Interconnection (OSI) Model Regardless of which port is being sent to, or even which host, for that matter.īefore we get into grabbing frames and causing mayhem for lulz, we need to explain what a packet is and the concept of a frame. Packet capture allows us to intercept any packet that is seen by the network device, and grab it in its entirety, headers and all. Now, this is an oversimplified version of what really goes on, but I'm trying to illustrate a point. The UDP header is stripped off and the packet payload (the data) is handed over to the application that the packet was sent to. Finally, let's say it's determined that the packet is a UDP packet. Well, the OS must now strip of the IP header and determine which type of IP packet it is. To do so, it strips off the Ethernet header of the packet and looks at the next layer. Normally, once the packet is handed off, the operating system must determine exactly what type of packet it is. Everything.įor example, assume that your network card picks up a packet from someone else's network. This includes passwords, logins, instant messaging conversations, emails, etc. Granted encrypted data will be unreadable to you, you can still see it, and anything that is sent plain text (not encrypted) can be grabbed very easily. ![]() But what traffic are we talking about?Įverything. Packet sniffers are more formally known as network analyzers and protocol analyzers. ![]() In a shared Ethernet, you can think of all of the computers in a LAN as being plugged into the same wire, and all of the traffic that travels through it can be captured. Wouldn't it be nice to just sit at your buddy's house, plug into his network, and see exactly what he's doing? What if it was as easy as that? What makes packet sniffers like Wireshark such potent tools is that a majority of local area networks (LANs) are based on the shared Ethernet notion.
0 Comments
Leave a Reply. |