Networking Concepts: Difference between revisions
Jump to navigation
Jump to search
mNo edit summary |
|||
| Line 43: | Line 43: | ||
|- | |- | ||
| 67, 68 || UDP || [[DHCP]] || Assigns IP addresses automatically | | 67, 68 || UDP || [[DHCP]] || Assigns IP addresses automatically | ||
|- | |||
| 69 || UDP || [[TFTP]] || Trivial File Transfer Protocol – lightweight file transfers | |||
|- | |- | ||
| 80 || TCP || [[HTTP]] || Standard web traffic | | 80 || TCP || [[HTTP]] || Standard web traffic | ||
| Line 49: | Line 51: | ||
|- | |- | ||
| 123 || UDP || [[NTP]] || Clock synchronization | | 123 || UDP || [[NTP]] || Clock synchronization | ||
|- | |||
| 135 || TCP || [[RPC]] || Microsoft Remote Procedure Call | |||
|- | |||
| 137–139 || UDP/TCP || [[NetBIOS]] || Windows NetBIOS services (name resolution, session services) | |||
|- | |- | ||
| 143 || TCP || [[IMAP]] || Internet Message Access Protocol – email | | 143 || TCP || [[IMAP]] || Internet Message Access Protocol – email | ||
|- | |- | ||
| 161, 162 || UDP || [[SNMP]] || Device monitoring | | 161, 162 || UDP || [[SNMP]] || Device monitoring | ||
|- | |||
| 389 || TCP/UDP || [[LDAP]] || Lightweight Directory Access Protocol | |||
|- | |- | ||
| 443 || TCP || [[HTTPS]] || Encrypted HTTP via TLS | | 443 || TCP || [[HTTPS]] || Encrypted HTTP via TLS | ||
|- | |- | ||
| 445 || TCP || [[SMB]] || Windows file/printer sharing | | 445 || TCP || [[SMB]] || Windows file/printer sharing | ||
|- | |||
| 465 || TCP || [[SMTPS]] || Secure SMTP (over SSL) | |||
|- | |||
| 514 || UDP || [[Syslog]] || Logging protocol for network devices | |||
|- | |||
| 587 || TCP || [[SMTP Submission]] || Mail submission with STARTTLS | |||
|- | |||
| 636 || TCP || [[LDAPS]] || Secure LDAP (over SSL) | |||
|- | |||
| 993 || TCP || [[IMAPS]] || Secure IMAP (over SSL) | |||
|- | |||
| 995 || TCP || [[POP3S]] || Secure POP3 (over SSL) | |||
|- | |||
| 1433 || TCP || [[MSSQL]] || Microsoft SQL Server | |||
|- | |||
| 1521 || TCP || [[Oracle DB]] || Oracle Database listener | |||
|- | |||
| 1723 || TCP || [[PPTP]] || Point-to-Point Tunneling Protocol (VPN) | |||
|- | |||
| 1883 || TCP || [[MQTT]] || Lightweight messaging protocol for IoT | |||
|- | |||
| 2049 || TCP/UDP || [[NFS]] || Network File System | |||
|- | |||
| 3128 || TCP || [[Squid Proxy]] || Default Squid proxy port | |||
|- | |- | ||
| 3306 || TCP || [[MySQL]] || MySQL database service | | 3306 || TCP || [[MySQL]] || MySQL database service | ||
|- | |- | ||
| 3389 || TCP || [[RDP]] || Windows remote access | | 3389 || TCP || [[RDP]] || Windows remote access | ||
|- | |||
| 3690 || TCP || [[SVN]] || Subversion version control | |||
|- | |||
| 4444 || TCP || [[Metasploit]] || Common port for reverse shells and Metasploit handlers | |||
|- | |||
| 5060 || UDP/TCP || [[SIP]] || Session Initiation Protocol – VoIP signaling | |||
|- | |||
| 5900 || TCP || [[VNC]] || Virtual Network Computing remote desktop | |||
|- | |||
| 5985, 5986 || TCP || [[WinRM]] || Windows Remote Management – HTTP/HTTPS | |||
|- | |||
| 6379 || TCP || [[Redis]] || In-memory key-value data store | |||
|- | |||
| 8000 || TCP || [[HTTP-Alt]] || Alternate HTTP services | |||
|- | |- | ||
| 8080 || TCP || [[HTTP-Alt]] || Proxy or alternate web services | | 8080 || TCP || [[HTTP-Alt]] || Proxy or alternate web services | ||
|- | |||
| 8443 || TCP || [[HTTPS-Alt]] || Alternate HTTPS with TLS | |||
|- | |||
| 9000 || TCP || [[PHP-FPM]] || FastCGI Process Manager for PHP | |||
|- | |||
| 9200 || TCP || [[Elasticsearch]] || REST API for Elasticsearch nodes | |||
|- | |||
| 11211 || TCP || [[Memcached]] || High-performance caching system | |||
|- | |||
| 27017 || TCP || [[MongoDB]] || NoSQL database used in many web apps | |||
|} | |} | ||
Revision as of 02:34, 29 May 2025
Networking Concepts
Understanding network fundamentals is essential for reconnaissance, lateral movement, and post-exploitation. Knowing how IP addressing, protocols, routing, and ports function allows attackers to discover services, manipulate traffic, tunnel covertly, and evade detection.
This section provides a structured overview of the core principles and tools used to analyze, interact with, and exploit networks in real-world offensive operations.
Network Fundamentals
- OSI Model and TCP/IP Stack
- IP Addressing (IPv4 vs IPv6), CIDR Notation, Subnets
- MAC Addressing and ARP Protocol
- NAT, PAT, and Routing Basics
- MTU and Packet Fragmentation
Protocol Behavior
- TCP Protocol and TCP Three-Way Handshake
- UDP Protocol and stateless behavior
- ICMP Protocol – echo requests, TTL, and diagnostics
- DNS Resolution and record types (A Record, CNAME, MX, TXT)
Transport & Application Protocols
- TCP vs UDP vs SCTP – flow control and reliability
- HTTP Protocols: HTTP/1.1, HTTP/2, HTTP/3 (QUIC)
- TLS 1.3, cipher suites, and Forward Secrecy
- SMB Protocol, LDAP, Kerberos Authentication
- SIP Protocol, RTP Protocol – VoIP signaling and media
- DNSSEC, DoT, DoH
Port Overview
Understanding ports and services is critical for network reconnaissance and service identification.
| Port | Protocol | Common Service | Description |
|---|---|---|---|
| 20, 21 | TCP | FTP | File Transfer Protocol – used for transferring files |
| 22 | TCP | SSH | Secure Shell – remote access to systems |
| 23 | TCP | Telnet | Unencrypted remote login service |
| 25 | TCP | SMTP | Simple Mail Transfer Protocol – sending emails |
| 53 | UDP/TCP | DNS | Domain Name System – resolves domain names to IP addresses |
| 67, 68 | UDP | DHCP | Assigns IP addresses automatically |
| 69 | UDP | TFTP | Trivial File Transfer Protocol – lightweight file transfers |
| 80 | TCP | HTTP | Standard web traffic |
| 110 | TCP | POP3 | Email retrieval |
| 123 | UDP | NTP | Clock synchronization |
| 135 | TCP | RPC | Microsoft Remote Procedure Call |
| 137–139 | UDP/TCP | NetBIOS | Windows NetBIOS services (name resolution, session services) |
| 143 | TCP | IMAP | Internet Message Access Protocol – email |
| 161, 162 | UDP | SNMP | Device monitoring |
| 389 | TCP/UDP | LDAP | Lightweight Directory Access Protocol |
| 443 | TCP | HTTPS | Encrypted HTTP via TLS |
| 445 | TCP | SMB | Windows file/printer sharing |
| 465 | TCP | SMTPS | Secure SMTP (over SSL) |
| 514 | UDP | Syslog | Logging protocol for network devices |
| 587 | TCP | SMTP Submission | Mail submission with STARTTLS |
| 636 | TCP | LDAPS | Secure LDAP (over SSL) |
| 993 | TCP | IMAPS | Secure IMAP (over SSL) |
| 995 | TCP | POP3S | Secure POP3 (over SSL) |
| 1433 | TCP | MSSQL | Microsoft SQL Server |
| 1521 | TCP | Oracle DB | Oracle Database listener |
| 1723 | TCP | PPTP | Point-to-Point Tunneling Protocol (VPN) |
| 1883 | TCP | MQTT | Lightweight messaging protocol for IoT |
| 2049 | TCP/UDP | NFS | Network File System |
| 3128 | TCP | Squid Proxy | Default Squid proxy port |
| 3306 | TCP | MySQL | MySQL database service |
| 3389 | TCP | RDP | Windows remote access |
| 3690 | TCP | SVN | Subversion version control |
| 4444 | TCP | Metasploit | Common port for reverse shells and Metasploit handlers |
| 5060 | UDP/TCP | SIP | Session Initiation Protocol – VoIP signaling |
| 5900 | TCP | VNC | Virtual Network Computing remote desktop |
| 5985, 5986 | TCP | WinRM | Windows Remote Management – HTTP/HTTPS |
| 6379 | TCP | Redis | In-memory key-value data store |
| 8000 | TCP | HTTP-Alt | Alternate HTTP services |
| 8080 | TCP | HTTP-Alt | Proxy or alternate web services |
| 8443 | TCP | HTTPS-Alt | Alternate HTTPS with TLS |
| 9000 | TCP | PHP-FPM | FastCGI Process Manager for PHP |
| 9200 | TCP | Elasticsearch | REST API for Elasticsearch nodes |
| 11211 | TCP | Memcached | High-performance caching system |
| 27017 | TCP | MongoDB | NoSQL database used in many web apps |
IPv6 Considerations
- IPv6 Addressing: link-local vs global
- Neighbor Discovery Protocol (NDP) and SLAAC
- IPv6 Extension Headers and their use in evasion
- Dual Stack Networking and Teredo
- IPv6 Attack Surface – RA spoofing, header chains
Diagnostic & Monitoring Tools
- ping, traceroute / tracert
- netstat / ss, ip / ifconfig
- dig / nslookup
- tcpdump, Wireshark, nmap, masscan
- nc / netcat, hping3, scapy
Packet Crafting & Manipulation
Tunneling & Encapsulation
- SSH Tunneling (local/remote/SOCKS)
- VPNs: IPsec, OpenVPN, WireGuard
- DNS Tunneling, ICMP Tunneling, HTTP Tunneling
- Overlay protocols: GRE, VXLAN, GENEVE
- Tools: ssh, stunnel, iodine, chisel
Network Security Devices & Controls
- Stateless vs Stateful Firewalls
- IDS / IPS (Snort, Suricata)
- WAFs and proxy filtering
- VLAN Segmentation, Zero Trust
- Load Balancers – L4 vs L7
Packet Capture & Analysis
- tcpdump, Wireshark, pcap files
- Common filters: `tcp.port == 80`, `ip.addr == 192.168.1.1`, `dns.qry.name`
Network Mapping & Visualization
- Nmap, Netdiscover, Zenmap
- Traceroute topology graphs