Networking For Hackers! (Common Network Protocols)

hey everyone today we're talking about common Network protocols some of you asked for a full guide on wire shark but I realized that to use wi shark well you need to understand Network protocols first in the hacking World knowing about Network protocols is essential because you can't do much without them that's why I'm making this video to help you grasp the basics of network protocols which will set you up for Success when using tools like wire shark and hacking let's begin with IP addresses internet protocol addresses are like the backbone of the digital world there

would allow us to do things like email video chat on Zoom watch YouTube send tweets and browse the web you could say they're almost as important as the world itself spinning in fact you're able to watch this video on YouTube because of IP addresses every digital device we use whether it's a computer laptop phone or tablet gets assigned an IP address this address enables devices to communicate and connect with each other think an IP address as similar to your house address without it no one would be able to find you and send you mail now

let's discuss public and private IP addresses our IP address system has a limitation there aren't enough IP addresses to cover all devices that need to connect to the internet the current ipv4 system has only 4.3 billion IP addresses which isn't sufficient considering there are over 8 billion people on the planet each with multiple devices to address this scarcity a system was developed to reuse a group of IP addresses within a local area network or Lan which are not accessible over the Internet these addresses can be used repeatedly within each local network helping conserve The Limited

number of IP addresses available these private addresses typically start with numbers like 192 168 10 point or 17216 you might have noticed these private IP addresses such as 192 16 8 or 10 point something when checking your network configuration for example using IF config on a collie system these addresses are only usable within your local area network and cannot be used to communicate over the Internet directly for internet communication your private IP address needs to be translated into a public IP address by a network address translation ornat device this translation process allows devices within your

local network to access the internet using a shared public IP address this is necessary because private IP addresses within a local area network cannot be directly used on the internet since they are not unique many lands use the same private IP addresses internally when a machine inside the land wants to communicate over the Internet it sends a request to the natat device the natat device then records the internal IP address of the machine in a table and converts it to the external IP address of the router when the response packet returns from its destination on

the the internet the natat device checks its table and forwards the packet to the internal IP address of the original machine within the Lan this whole process happens seamlessly and individual systems or users within the Lan typically don't realize that their private IP addresses are being translated to a public IP address by the natat device to enable internet communication the next protocol is DHCP Dynamic host configuration protocol or DHCP is a protocol that dynamically assigns IP address add es this means that instead of having a fixed IP address all the time your device gets a

new IP address each time it connects to a network DHCP is commonly used on local area networks or lands where private IP addresses are used when a device joins a lan it sends a request to the DHCP server asking for an IP address the DHCP server then assigns an IP address to that device for a specific period known as a lease this lease defines how long the device can use that particular IP address the interesting part is that each time you connect to the Lan you're likely to receive a different Dynamic IP address although usually

within the same range this Dynamic allocation of IP addresses by DHCP helps manage and optimize the use of available IP addresses within the network all right let's talk about the next protocol IP or Internet Protocol in an easy to understand way IP is like a travel guide for data packets on the internet it helps these packets know where to go the destination and where they're coming from the source it's often paired up with other protocols like TCP to form what's commonly known as TCP IP now let's take a peek at what's inside an IP packet

header this header is like the packets ID card carrying information that can be super useful for someone exploring hacking or doing forensic investigations in the first row of this ID card version it tells us which version of Ip is being used either V4 or V6 internet header length this is all about the length of the header moving on to the second row type of service or to this part describes the packet service type like if it's focused on speed reliability or cost Effectiveness total length this tells us the overall size of the packet including its

data in the third row identification each packet gets a unique ID helpful for putting together fragmented packets IP Flags this field helps us know if the packet is split into smaller parts or not which can be sneaky for bypassing security measures fragment offset if a packet is split this field tells us where it starts in the sequence now on to row four and five Source or destination these are super important because they show where the packet is coming from and where it's headed finally in row six options this is a flexible part of the header

and it's optional to use padding if needed this part fills in any extra space in the header understanding these details helps in figuring out how data travels across the internet and can even give clues about the systems sending and receiving the data the next protocol is TCP in the TCP header there are several important fields that are crucial for both aspiring hackers and forensic investigators to grasp starting with row One Source Port destination Port these fields are vital as they determine the source and destination port showing where the communication is coming from and where it's

headed moving on to row two sequence number this number is generated by the sender's TCP stack and ensures that packets are arranged in the correct order when they arrive it's also crucial in preventing man in the middle attacks next in row three acknowledgement number this Echoes back the sequence number confirming that the packet has been received if no acknowledgement is received within a set time the sender resends the packet to ensure successful delivery this reliability distinguishes TCP from UDP which doesn't guarantee packet delivery skipping ahead to the flags in row four sin initiates a new

connection Finn signals the normal closing of a connection a acknowledges receipt of a packet crucial after the three-way handshake RSD indicates a hard close of a connection often used to communicate errors urg marks urgent data in the packet PS sh directs the data past the buffer to the application understanding these flags is essential especially for those familiar with Recon tools like nmap or hping 3 as they're used to create packets for specific purposes such as evading detection or eliciting responses from secure systems in row four the window siiz field manages packet buffering aiding in flow

control it's also useful for OS identification as different operating systems have varying window sizes allowing for OS prediction with about 80% accuracy the cheim in row five ensures data Integrity while the urg pointer indicates urgent data if the urg flag is set lastly row six contains options and padding allowing for additional information and aligning the TCP header to a multiple of 32 bits understanding these TCP header Fields is crucial for analyzing Network traffic identifying potential security threats and gaining insights into the systems communicating over the Network every TCP connection starts with a three-way handshake imagine

you're trying to start a conversation with someone let's say ordering a pizza over the phone you dial the pizza place and say hey I'd like to order a pizza this is like the sin packet where you're initiating the connection and saying hello I want to talk to you the pizza place responds sure we're ready to take your order this is like the sin act packet where the server acknowledges your request and says hi I'm here and ready to chat let's get started you then confirm great I'd like a large pepperoni pizza please this is like

the ACT packet where you acknowledge the server's response confirming that you're ready to proceed with the conversation or in this case the pizza order after this three-way handshake the pizza place knows you're ready to place your order just like in TCP both the client and server know they're ready to start exchanging data it's a way of ensuring a smooth and reliable connection before diving into the main conversation or data transfer let's dive into UDP or user datagram protocol UDP is a different kind of Beast compared to TCP while TCP is all about establishing a solid

connection like a handshake and ensuring every piece of data gets delivered UDP takes a more Carefree approach it's like the difference between sending a formal letter with tracking TCP versus tossing a postcard in the male UDP here's what makes UDP unique unlike TCP which requires a Formal Connection setup like the three-way handshake we talked about earlier UDP doesn't bother with all that it just sends packets out into the world without worrying about getting a confirmation of delivery because UDP skips the whole connection Assurance process it's lighter and faster than TCP this makes it perfect for

applications where speed matters more than ensuring every single packet gets through perfectly UDP shines in scenarios where efficiency is key and losing an occasional packet isn't a big deal think of streaming music or video missing a few seconds here or there won't ruin your experience but lagging behind because of a slow connection would definitely be a problem some of the key protocols that use UDP include DNS SNMP or ntp we'll dive deeper into these protocols later on now let's talk about the next protocol a RP or address resolution protocol ARP is like a translator for

devices on an Ethernet Network its job is to match up IP addresses which are logical with Mac addresses which are physical this way when a new device joins the network ARP assigns it an IP address within the Network's range and links it to its unique Mac address this information is crucial for network devices like routers gateways and switches to correctly Route traffic to the intended destination now here's how the RP Works in simple terms imagine you have two computers on the same ethernet Network let's call them computer 1 and computer 2 computer 1 wants to

send a message to computer 2 but it needs to know computer 2's Mac address like a home address computer one first checks its ARP table which is a list of known Mac addresses and their corresponding IP addresses if it finds computer 2's Mac address in the table great it can send the message directly if computer 1 doesn't have computer 2's Mac address in its ARP table it sends out a broadcast message to all devices on the network nwor asking hey who has IP address of this computer 2 sees the broadcast message and responds directly to

computer 1 saying I have IP address of this and my Mac address is this now that computer 1 knows computer 2's Mac address it can send the message directly to computer 2's Mac address and the communication is successful ARP is essential for smooth communication within a network but it's also a potential Target for attackers who might try to manipulate Ark messages to intercept or redirect Network traffic a tactic known as a man in the- Middle attack it's important to note that a RP lacks authentication making it vulnerable to exploitation by hackers this feature can be

used to discover all the systems on a network easily this becomes particularly useful when attempting to hack into another system within the local area network or when a hacker compromises a single user on the network and wants to Pivot to a more valuable Target such as a database server there are various tools available to hackers for discovering systems on a network these tools operate by sending out gratuitous ARP requests prompting systems on the network to respond with their IP addresses and Mac addresses for example in our Collie system we have a tool called net discover

that can be used for this purpose now the next protocol is denas the domain name system or DNS is a fundamental protocol that plays a crucial role in how we navigate the internet imagine a world without DNS we would have to remember countless IP addresses just to access our favorite websites picture having to memorize the lengthy ipv4 32-bit addresses for Google Facebook YouTube and other essential sites let alone dealing with even longer IPv6 128bit addresses it would be quite a daunting task thankfully DNS comes to the Rescue by translating domain names something humans are good

at remembering into IP addresses the language of internet routing in simpler terms DNS is like a translation service that converts a domain name like wwwg googlec into the computer friendly IP address that the internet understands and uses to Route data so when you type a domain name into your browser such as www googlec DNS steps in behind the scenes to quickly translate it into the corresponding IP address allowing your device to connect to the desired website seamlessly DNS is what makes navigating the internet so much easier and userfriendly for all of us the domain name

system has come a long way in terms of security but it used to be quite fragile and susceptible to attacks while improvements have been made over the years attacks on DNS still occur albeit less frequently one common type of attack involves harvesting information from DNS servers on the target Network a technique known as DNS scanning and DNS reconnaissance attackers can gather valuable data from DN servers such as domain names and Associated IP addresses which can be used for further exploitation on local area networks attackers May exploit DNS vulnerabilities by spoofing DNS responses using tools like

DNS spoof this allows them to redirect client traffic to a malicious local system controlled by the attacker for example an attacker could redirect banking traffic to their own fraudulent website capturing sensitive credentials and financial information the next protocol is FTP or file transfer protocol the FTP is a client server protocol used for transferring files over a network here's an overview of how FTP works and its current usage FTP follows a client server architecture where a client such as a computer or device requests files from a server and the server provides the requested files FTP operates

over the TC pip Suite of protocols ensuring reliable data transmission across networks FTP uses two channels for communication command Channel used by the client to send commands to the server such as requesting files or directories data Channel used for actual file transfers when a client requests a file the server opens a data channel to transfer the file to the client clients can perform various actions on files using FTP including downloading uploading editing copying and deleting files on the server while FTP was widely used in the past for file sharing and management its popularity has decreased

with the rise of HTTP for file transfers especially for public file sharing on the web however FTP remains a common protocol for private and secure file sharing such as in banking system or other environments where data security and privacy are Paramount the next protocol we'll talk about is SMB which stands for Server message Block it's a communication method that computers use to share files printers and other resources over a local network think of it as a way for computers to talk to each other and share stuff when you use SMB one computer acts as the

server that has the files or printers others want to access while the other computers are the clients that want to get those files or use the printers here's how it works in simple steps clients computers connect to servers other computers using tcpip or netbios which are just ways for computers to talk to each other over a network once connected clients can send commands to the server to access shared folders where files are stored read or write files or even use shared printers basically SMB lets you do on your computer what you normally do like access

ing files or printing but over the network so you can share things with others on the same network SMB in Windows and Samba in Linux Unix systems have historically been significant sources of critical vulnerabilities and this trend is likely to continue in the future over the past decade there have been several critical vulnerabilities related to SMB and windows these vulnerabilities have allowed attackers to send specially crafted packets to SMB Services exploiting weaknesses in the protocol by exploiting these vulnerabilities attackers could execute remote code with system privileges on the target system in simpler terms attackers could

take control of vulnerable systems and have full access to everything on them the next protocol we'll discuss is the simple male transport protocol commonly abbreviated as SMTP SMTP is a crucial protocol in the digital world especially for handling emails snp's main job is to move emails from one user to another even though SMTP was first standardized back in 1983 it's still the fundamental protocol used for sending emails today albeit with some Modern upgrades and improvements in simple terms SMTP acts as the Postal Service of the internet ensuring that your emails get delivered the next protocol

we'll look at is SNMP which stands for simple Network management protocol SNMP is a crucial part of the Internet Protocol Suite designed specifically for managing computers and Network devices in simpler terms SNMP allows computers and network devices to communicate and share information with each other it's like a system of Administrators managers keeping an eye on a group of computers or devices agents to ensure everything runs smoothly indeed the simple Network management protocol SNMP is often overlooked but plays a crucial role in maintaining a smoothly functioning Network however its importance also makes it a prime target

for attackers if an attacker manages to breach SNMP they gain access to a wealth of information about your network they can potentially decrypt encrypted VPN Communications allowing them to eases drop on sensitive data being transmitted additionally they can view and potentially manipulate every device connected to your network SNMP operates on UDP ports 161 and 162 enabling network devices to communicate with each other and allowing administrators to manage and monitor these devices however in the wrong hands SNMP access can lead to disastrous consequences attackers could Harvest sensitive information disrupt network operations or even take control of

critical devices like routers and switches causing widespread Havoc the next protocol is telnet telnet is a protocol designed for remote connectivity allowing a user to establish connections between a remote endpoint and a host machine to initiate a remote session when a connection is established tnet Pro prompts the user at the remote endpoint to log in once authenticated telnet grants the endpoint access to network resources and data located on the host computer originating from the 1960s telnet can be considered one of the earliest versions of remote communication protocols used in the development of the modern internet

however due to its lack of robust security features suitable for contemporary technology and Communications telnet is no longer widely used the main reason for Tel Net's declining usage is its vulnerability to security threats talet transmits data including login credentials in plain text making it susceptible to interception by malicious actors consequently modern secure protocols such as SSH or secure shell have largely replace telnet for remote access due to their enhanced security features such as encryption and stronger authentication mechanisms the next is HTTP protocol the hypertext transfer protocol or http p is a foundational technology of the

internet serving as the primary communication protocol for web applications originally designed for retrieving static web pages HTTP has evolved over time to support complex web applications that we commonly use today HTTP operates on a message-based Model where a client sends a request to a server and the server responds with a corresponding response it's important to note that HTTP is connectionless meaning that a connection is established and closed for each request response cycle however it uses TCP transmission control protocol as its underlying transport mechanism for Reliable data transmission in essence HTTP is the backbone that enables

seamless communication between clients such as web browsers and servers facilitating the transfer of web pages data and multimedia content across the internet hey everyone in this video we covered some of the most used and essential Network protocols while we didn't dive deep into each protocol I hope this overview helped you understand their significance in networking if you're interested in learning more about any specific protocol feel free to drop a comment below I'll consider your requests for future videos and create content that addresses your specific interests and I am making video on wi shark until then

make sure to watch this video and stay tuned for more informative content on network protocols and tools thanks for watching and I'll see you in the next video [Music] deal