Network Basics – Open Systems Interconnection

A network is a communication system that helps computers interact with each
other. To enable this interaction, certain rules must be followed. These rules
are known as protocol.

A network is a communication system that helps computers interact with each other. To enable this interaction, certain rules must be followed. These rules are known as protocol. A protocol is nothing but a set of rules or formats that are followed to create a means of effective communication between two or more computers. It is very difficult to build a protocol that is sufficient to cater to various kinds of applications and computers. Therefore, the need for a common platform that supports protocols at various levels of communication arises. Such a platform is the OSI reference model. will discuss the different layers of the OSI reference model.

You will also learn in greater detail about the important layers of network security.


Open Systems Interconnection (OSI)

The OSI reference model is an open set of definitions that presents a common technical framework for standardization of communication. This framework provides an infrastructure that is sufficient to place mandatory and optional components of effective communication in place. The OSI reference model is divided into several layers. Each layer provides a plug-in space to various components involved in networking. The layers of the OSI reference model are illustrated below.


The layers of the OSI reference model are as follows:

  • Physical layer
  • DataLink layer
  • Network layer
  • Transport layer
  • Session layer
  • Presentation layer
  • Application layer

Let explain each of these layers

Physical Layer

The physical layer is essentially the hardware support layer for networking equip-
ment. This layer provides electrical and functional characteristics to initialize,
maintain, and deactivate physical network links. Network links send bit streams
of data and understand information only in the form of individual bits. The
cabling used in a network is an example of a component that operates in the phys-
ical layer of the OSI model.

The physical layer takes care of the following components in a network:

  • Transmission medium
  • Means of signaling
  • Timing and clocks
  • Synchronous serial communication

Network security is not limited to intrusions; it also involves choosing the right
type of hardware while setting up your network. Therefore, though the physical
layer might not seem to be a very important part in a secure network, you can’t
overlook it. For example, poor quality cabling might save initial infrastructure
costs, but in the long run, it can lead to data loss even in the best protocols, such
as the User Datagram Protocol (UDP), and cause severe network performance
problems with other reliable protocols. Therefore, you should always use stan-
dardized networking equipment and avoid bizarre configurations for your net-
work—even if investing in standard networking components pushes the
networking budget a little higher.

Data Link Layer

The data link layer is the second basic layer of the OSI model. It provides a func-
tional and procedural medium for the exchange of data between network entities.
This layer understands data in the form of characters and enables you to initialize
and maintain data link connections. An example of a component that functions in
this layer of the OSI model is the standard of the Institute of Electrical and Elec-
tronic Engineers (IEEE), the IEEE 802.3 or Ethernet. Ethernet is a widely
accepted standard for LAN, and it can accommodate up to 1024 nodes. If the
distance is greater, the High-Level Data Link Control (HDLC)-based networks
are used.

Network Layer

The network layer is an important layer from the point of view of a network
administrator. This layer encapsulates most upper layers of the OSI model and
provides point-to-point interaction between the two networking components in
the upper layer. Some components of this layer, such as IP, Routers, and ICMP,
are important for network security. These components are discussed in the fol-
lowing sections.

Internet Protocol

Internet Protocol (IP) operates in the third layer of the OSI model and provides
encapsulation facilities to protocols that operate in the higher levels of the model.
An example of this is shown below.

Encapsulation of an ICMP packet within the IP protocol.

The IP protocol uses datagrams to communicate over a packet-switched network.
In a packet-switched network, every packet of data that is traveling through a
network is treated as a separate entity. The packet contains a header information
section, which contains the address of the recipient, and other important details
about the data within the packet. Intermediate systems, such as routers (discussed
in the next section) use this header information to forward the packet to the cor-
rect path or return an error message if the packet cannot be forwarded. An IP
datagram is depicted below.

Structure of an IP datagram.


Following is the structure of the IP packet header:

  • Version. This is the version of the IP.
  • IP Header Length. This field contains the size of the IP header. Note
    that this field contains only the length of the IP header and not the
    combined length of all headers that may be encapsulated inside the
    IP packet.
  • Type of Service. This field is usually set to zero and defines the “quality”
    of service that is expected from a network.
  • Packet Size. This field contains the total size of the packet, which is the
    sum of the size of the header and the size of actual data.
  • Identification. This is a 2-byte number that is used by recipient comput-
    ers to arrange fragmented data packets before merging them. More
    information on packet fragmenting and merging can be found in the
    “Routers” section of this chapter.
  • Flags. This is a combination of three bits that inform the intermediate
    systems about the fragmenting feasibility for a packet. The field also
    contains the Don’t Fragment (DF) flag of the IP packet.
  • Fragmentation Offset. This is a 13-bit byte count that starts from the
    first byte of the original packet (the packet before any fragmentation).
    This counter helps the end system, or the recipient computer, to confirm
    correct re-assembly of the packet.
  • Time To Live. This field contains an 8-bit number of hops that a packet
    can sustain. A packet can be routed only up to a certain number of times,
    which is specified in this field. This is done to avoid a scenario in which a
    packet continues to hop infinitely inside a network. Every time a packet
    is passed through a network, this number is decremented by the router.
  • Protocol. This field specifies the type of packet that is encapsulated
    inside the IP packet. A specific number represents each higher level,
    encapsulated protocol type. For example, if the packet being carried is an
    ICMP packet, the value of this field is 1. Similarly, if the packet is a
    TCP packet, the value of this field is 6.
  • Header Checksum. This field is a checksum number that can inform the
    recipient or an intermediate system whether the IP header is corrupted.
    End recipients or intermediate systems discard packets if the checksums
    are wrong. The checksum is initially inserted by the sender of the packet
    and can be updated by every intermediate system if any changes (such as
    fragmentation) are made to the packet.
  • Source Address. This is the IP address of the original sender of the
    packet. This field can be dangerously modified to spoof the identity of
    the sender during a network attack.
  • Destination Address. This is the IP address of the final recipient of the
    IP packet.
  • Options. The options are almost never used. If they are used, however,
    the size of the IP header can be increased.


Routers are computers or gadgets that do not directly store usernames or act as a
server or a client. Routers operate at the Network Layer 3 (L3) of the OSI model.
They forward data to the intended recipient. Routers may be used to connect two or more IP networks or to connect an IP network to an Internet connection.
Although routers need not know the information being sent through them, they
might modify certain aspects of the information to enable information packets to
reach the correct destination.
A router, in physical terms, consists of a computer with a minimum of two net-
work interface cards. Both these network cards should support IP. A router
receives a packet from each interface and forwards the received packets to an
appropriate output network interface. All packets received by the router have
DataLink layer (L2) protocol headers. The router removes these headers and adds
a new DataLink Layer header to the packet. After the new header is added to the
packet, it can be transmitted using the appropriate network interface.
A router reads the network layer header or IP header information before it can
decide the following:

  • Should the packet be forwarded?
  • Which network interface should the packet be forwarded to?

A series of steps is involved in routing a packet. These steps are shown here:

1. The router receives a packet.
2. The packet’s header information is extracted.
3. The destination IP address of the packet is extracted.
4. If the size of the packet is larger than the Maximum Transfer Unit
(MTU) and the packet’s header information has a Don’t Fragment (DF)
flag set, the packet is discarded. A message of failure is sent to the origi-
nal sender of the packet.
5. If the size of the packet is larger than the MTU but the DF flag is not
set, the packet is broken down into smaller fragments.
6. The best path for the packet is found by searching the routing table
stored inside the router.
7. If the size of the original packet is larger than the MTU, the small frag-
ments are dispatched through the appropriate network interface. Other-
wise, the packet is forwarded to its destination address.
8. The packet fragments are collected at the destination and reassembled.

Routing tables have the same format as the tables in network bridges
and switches. The difference is that routers are identified by the IP addresses of
computers instead of MAC hardware addresses.

The routing table is nothing but a list of known IP destination addresses and the
associated network interfaces that can be used to reach the destinations. Routers
also have a provision for a default network interface. This interface may be used
for all addresses that are not mentioned in a routing table. Routers also provide
packet filters. The packet filter simply discards unwanted packets, which can
cause an unnecessary overload on networks. The filter can be used as a firewall,
and unsupported protocols can be blocked outside the router. Such a firewall, to
some extent, can provide basic security to prevent unauthorized users from enter-
ing a network using remote computers.
The basic purpose of a router is to forward packets from one IP network to
another IP network. A router determines the broadcast IP destination of a net-
work from the logical AND of an IP address and its associated subnet mask. If a
router isn’t configured properly, a serious security threat can occur when a packet
is sent to a network broadcast address. If a large number of packets is forwarded,
your network might face the problem of network overload.
Routers are often used to connect different types of networks. A router can connect networks that use totally different link methodologies. For example, an HDLC link can connect a WAN to an Ethernet-based LAN, as shown below

Role of routers in a network.

The important thing to note here is that each of these networks has a different
MTU. This is due to the fact that optimization levels for packet sizes are differ-
ent for the two networks. Therefore, whenever a packet comes from the network
that has a bigger MTU and needs to go to the network with a smaller MTU


Transport Layer

The fourth layer in the OSI reference model is the transport layer. This layer facil-
itates data transfer between two end systems by encapsulating the data packet
within the network layer data packet. Two important components of the transport
layer are TCP and the UDP protocol, which are discussed in detail in this section.

TCP is a connection-oriented and reliable transport protocol. A connection-ori-
ented protocol implies that two hosts, wanting to communicate with each other,
must first establish a connection before actual data exchange can take place. In
TCP, a connection is established using a three-way handshake. TCP assigns
sequence numbers to every packet in each segment, and all data received is
responded to with an acknowledgement to the sender. TCP hides perplexing net-
work details from the upper layers of the IP protocol.

Information Fields in a TCP Packet
A typical TCP packet contains the following six information fields along with
actual data:

  • Synchronize Sequence Numbers (SYN). This field is valid only during
    the three steps involving the handshake. The sequence number is read by
    the receiving host and is stored as the client computer’s first sequence
    number. TCP sequence numbers are 32-bit numbers, ranging from 0 to
    4,294,967,295(2 ^ 32). Every packet of data that is exchanged between
    two computers using a TCP connection is sequenced.
  • Acknowledgement (ACK). This field is generally set. The acknowledge-
    ment number field in the TCP header contains the assumed value of the
    next sequence number. This field is also an acknowledgement of the data
    received in the previous packet.
  • Reset (RST). This field informs the other computer that the connection
    has been dropped and all memory structures have been flushed.
  • Urgent (URG). This field informs the other computer to process data on
    a priority basis.
  • Push (PSH). This field informs the other computer to pass the data to
    the concerned application as soon as possible instead of putting the data
    in the queue. This flag is generally set in interactive connections, such as
    Telnet, rlogin, and some chat applications.
  • Finish (FIN). This field informs the other computer that the transmis-
    sion of data is complete, but the host is still open to accepting data.

User Datagram Protocol (UDP)

The US Department of Defense (DoD) developed UDP for use with IP. Unlike
TCP, which first tries to establish a reliable connection with the server, UDP
works on the concept of “best-effort mechanism.” However, UDP is an unreliable
protocol for communication because of the following reasons:

1. No error is generated for lost data packets.
2. No error is generated for duplicate packets.
3. No assurance is provided that a packet has reached the destination safely.

In simpler terms, UDP is a one-way protocol—what is sent from the client
is gone for good. The client will never hear any further information about this
Although some reliability is provided in UDP, the end recipients reject packets
that are corrupted during transit. It’s the responsibility of the upper layer applica-
tion to check such loss. In addition, because no packet acknowledgement is
required in UDP, the network load is reduced to a certain extent.

Structure of a UDP packet.



The UDP header consists of four fields, each two bytes in length:

  • Source Port
  • Destination Port
  • UDP Data Length
  • UDP Checksum

UDP is unsuitable for many applications, although the simplicity of the protocol
gives performance advantage to those applications that do not require much reli-
ability. An example of such an application is one that pertains to streaming video
and audio content.


What Are Ports?

Port is a term that is used often in networking. Regardless of whether your computer is online or offline, your computer has a number of open channels to which various programs or other computers can connect. These channels are known as ports. Obviously, if your computer isn’t connected to a network, only the local program will be able to access these ports. Once a computer is online, however, anyone on the network can execute a client program on their remote computer to connect to these ports. Ports are channels created between two computers for the exchange of information. A computer can have many open ports for receiving connection requests. For example, a server that has SSH, HTTP, SMTP, POP, FTP, and Telnet services can have five open ports. The default port numbers of SSH, HTTP, SMTP, POP, FTP, and Telnet are 22, 80, 25, 110, 21, and 23, respectively. These ports are not hardware components, but are like virtual stations within your computer’s memory. All computers have them, including the server you dial to access the Internet. When a computer is turned on, a number of ports are virtually created. These remain open and search for programs that are running on remote or local computers. This process is known as listening. If another computer wishes to connect to a port on your computer, it can do this in two ways: by being offered a port address to connect to, or by scanning available open ports. Sometimes, your computer willingly gives a port number to another computer to make a connection. At other times, the other computer might just guess or try one of the universally known port numbers. However, hackers might also choose to run a port scan through your computer from a remote location. A port scanner is software that allows a user to search all ports that a server is listening to. When such a program is used, the user simply has to type the IP address of the desired computer, and the scanner presents a complete report of all ports that are being listened to by the host computer.

Session Layer and Presentation Layer

The session layer is the fifth layer in the OSI model, and it offers a channel to ses-
sion-based services, such as:

  • Telnet. Telnet is a protocol that can be used to perform remote logins
    and operate a remote computer from a virtual terminal.
  • FTP. FTP is used for transferring files between two connected

Both these protocols maintain user sessions from the time they log on to the time
they log out. The session layer supports a feature that helps in structuring response
dialogues between computers. This feature allows two-way simultaneous or alter-
native cross-network operations.
The presentation layer supports a common syntax and provides conversion facili-
ties from one type of network to another. This layer also permits computers to be
referenced by their names, rather than by their difficult-to-remember addresses.
The presentation layer defines how applications should use a network. An exam-
ple of a component that operates in this layer is the SMB protocol. The SMB pro-
tocol provides naming facilities and file sharing features in Windows and
UNIX-based networks, using appropriate servers.

Application Layer

The application layer is the uppermost layer in the OSI model. This layer is used
directly by applications. Data belonging to this layer cannot generally travel in a
network on its own and requires encapsulation by another layer to reach the destination.
The application layer can be considered the cause of the existence of all other layers of the OSI model. The other layers in the OSI model carry the application
layer data. All services in a server send application layer data packets. Similarly, all client programs exchange data using this protocol. This layer does all the actual work and is supported by the other layers. Some programs that operate in this layer are

  • E-mail servers and clients, such as sendmail
  • Web servers and clients, such as Apache
  • DNS servers, such as Bind


You learned about the different layers of the OSI model and their
roles in a network. I discussed the data link, network, transport,
session, presentation, and application layers of the OSI reference model.
UrFix knows you will find these basic fundamentals in all networking technologies that use
the Internet.



Facebook Profile Picture Hack Tutorial In Linux With GIMP

There are a lot of changes in Facebook lately, small and large which you can read about in great detail at TechCrunch.

Here are a few:

  • A stream of your recent tagged photos appears at the top of the screen, and there are more pictures of your friends on the page. This is because the main problem with Facebook is that there weren’t enough opportunities to see pictures of people.
  • Now there’s a field on your page called “philosophy,” which folds in your religious, political views and favorite quote. Plus a brand new field: “People Who Inspire You.” (If you put Mark Zuckerberg you should be able to get access to a special Super Facebook.)
  • All your vital stats are squished up under your name in a list now. It actually looks pretty good, like you’re a character in a Role Playing Game or something!
  • There is also a field for sports, if you can somehow fit physical activity in between checking your Facebook profile
  • Tabs bring up different sections of your profile. Tabs: So hot right now.

I’m going to show you how to create the “Famous New Profile Hack” using GIMP

Let’s begin

Start by picking the picture you would like to use.

Take a screen-shot of your Facebook profile

open your new profile screen-shot inside of GIMP

Paste the first picture you chose to use in step one as a new layer

Now grab the GIMP side ruler and drag two guide 200 width and 600 height

now grab the select tool and copy in between the new guides

and select Edit-> Paste as new image.

save that new image as profile.jpg

now create a guide for each small picture in the profile

zoom in if you have to.

I decreased the opacity of the original picture just to see if it will align properly

Now with the select tool grab the first box


and paste it as new image

copy each box and paste as new image for the rest of the boxes.

Now we should have 5 small pictures and the long profile picture

Go to Facebook, Create a album and make sure “EVERYONE” is selected

Upload the picture labeled profile.jpg and make this your profile picture

We are almost done

now start tagging your photos

start from last to first

Select the last pic and tag as yourself

hit previous and tag the next one and so forth

You are done. Wasn’t that easy

Step Up As A Developer To Help Support Linux On Ps3

PS3 CD builds stopped for Natty

Official Statement

Of course, Sony offered the option to not update your PS3 console if you still wanted to have a Linux operating system installed on it (or to back up your data from the Linux partition), but, on the other hand, you will no longer have access to various important features, such as signing into the PlayStation Network!

The new update release notes said very clear that it would remove the “Other OS” function!

If you have a good reason why we should keep building PS3 CD images for
Natty, and are willing to step up as a developer to help support them,
then please reply to ubuntu-devel at

See What People are Browsing in Real Time


urlsnarf [-n] [-i interface | -p pcapfile] [[-v] pattern [expression]]

I want to talk about a set of tools that have given me the creeps, not only because of it’s power, but because of its simplicity in carrying sniffing techniques. This is the dsniff suite, a wonderful set of tools designed by Dug Song to audit your own network, but in the hands of ‘others’ becomes the “bastards kit”.

There are a few reasons why you would want to use this tool
1) You host a web server and want to monitor websites viewed and were they referred from (in real-time)
2) You offer linux proxy shells and want to see websites your guest are viewing
3) Sniff websites visited on lan
4) Spy on your users

Installing this tool is easy and simple:

apt-get install dsniff

The suite consists of the following tools:

* dsniff -> Password Sniffer
* filesnarf -> Capture and save files via NFS past
* mailsnarf -> Capture POP3 and SMTP traffic, save the output in mailbox format
* msgsnarf -> Logs messages instant messaging sessions msn type.
* webspy -> View real-time web traffic to the victim by injecting traffic into the browser.
* arpspoof -> poisons the ARP cache
* dnspoof -> Fake DNS Responses
* macof -> floods the network with fake MAC addresses causing DoS
* sshow -> Analyze traffic in SSH version 1 and 2
* tcpkill – Kill established connections
* tcpnice -> Slows down connections.

Simple URL Capture

urlsnarf -i eth0

Cleaning up. Using the default urlsnarf mode also gives you a lot of crap to deal with using

urlsnarf -i eth0 |cut -d\" -f4

only displays the site visited.


The first attack we’re going to see is to how make a classic MITM, we will then shuttle to other attacks.
For this we will use arpspoof. Suppose we have the following scenario:

Vict ( <—> Rout ( )<—> Atac (

To get the MITM we have to make the connection between the victim and the router pass before us, and also to reverse the connection between the router and the victim will also pass by us, leaving the scene as follows:

=============== ============== Router Attacker Victim

To do this open a terminal in root console and do:

arpspoof -i eth0 -t

then in another terminal at root, we cover the second channel of communication:

arpspoof -i eth0 -t

Notice that we are forwarding to act as a router and send packets to its rightful owner.

echo 1 > /proc/sys/net/ipv4/ip_forward

if we do this, the traffic is cut to the victim and your connection is lost, and you might be discovered.

Now we can check if the attack is underway by a arp -a, we know because the MAC address of the router will coincide with ours. We have poisoned the ARP cache of the victim and the IP packets the router will be sent to our MAC address. We can also detect if we are victims of this attack if our MAC’s ARP table contains duplicate.

Important! Do not close any windows console which is running arpspoof, since it would stop the attack!
We have now launched the MITM.

Stealing FTP passwords

I know it is no myth that the of FTP is not secure, but to illustrate how it works dsniff will suffice;)
Once the MITM attack has been placed on the machine we listen via dsniff with:

dsniff -i eth0

Now go to the victim machine and open an FTP session with any provider …
Seems like dsniff has something for us!

Spy Messenger Conversations

It is also possible to spy on conversations using msgsnarf tool.
Having previously made the MITM we do:

msgsnarf -i eth0

Now the whole msn conversation will be displayed on your screen.

Capture emails

Activating mailsnarf:

mailsnarf -i eth0

We are able to capture all emails sent via Outlook, Thunderbird … etc from our victim. If you also activate, dsniff probably captured the password to the email account.  With mailsnarf we will get the body of the message sent.

WARNING!! Do not do this on any networks that you do not own. Unless you are a PAID administrator or it is your own network I highly advice against any of these techniques.