Author Archives: arteq

1.1.e Explain TCP operations

i was actually asked this once in a phone interview. name four of the six flags in a tcp stream…

syn, ack, fin, right?

then radio silence. dammit.

one might argue this is almost trivia but that would be dismissive. of course he was reading from a cheat sheet while i was relying on my early onset alzhiemer’s. the cobwebs pile up.

and rust never sleeps. to review, thanks to the wonderful site:

http://www.firewall.cx/networking-topics/protocols/tcp/136-tcp-flag-options.html

Let’s take a look at the TCP flags field to begin our analysis:

tcp-analysis-section-4-1

You can see the 2 flags that are used during the 3-way handshake (SYN, ACK) and data transfers.

As with all flags, a value of ‘1’ means that a particular flag is ‘set’ or, if you like, is ‘on’. In this example, only the “SYN” flag is set, indicating that this is the first segment of a new TCP connection.

In addition to this, each flag is one bit long, and since there are 6 flags, this makes the Flags section 6 bits in total.

You would have to agree that the most popular flags are the “SYN”, “ACK” and “FIN”, used to establish connections, acknowledge successful segment transfers and, lastly, terminate connections. While the rest of the flags are not as well known, their role and purpose makes them, in some cases, equally important.

We will begin our analysis by examining all six flags, starting from the top, that is, the Urgent Pointer:

1st Flag – Urgent Pointer

The first flag is the Urgent Pointer flag, as shown in the previous screen shot. This flag is used to identify incoming data as ‘urgent’. Such incoming segments do not have to wait until the previous segments are consumed by the receiving end but are sent directly and processed immediately.

An Urgent Pointer could be used during a stream of data transfer where a host is sending data to an application running on a remote machine. If a problem appears, the host machine needs to abort the data transfer and stop the data processing on the other end. Under normal circumstances, the abort signal will be sent and queued at the remote machine until all previously sent data is processed, however, in this case, we need the abort signal to be processed immediately.

By setting the abort signal’s segment Urgent Pointer flag to ‘1’, the remote machine will not wait till all queued data is processed and then execute the abort. Instead, it will give that specific segment priority, processing it immediately and stopping all further data processing.

If you’re finding it hard to understand, consider this real-life example:

At your local post office, hundreds of trucks are unloading bags of letters from all over the world. Because the amount of trucks entering the post office building are abundant, they line up one behind the other, waiting for their turn to unload their bags.

As a result, the queue ends up being quite long. However, a truck with a big red flag suddenly joins the queue and the security officer, whose job it is to make sure no truck skips the queue, sees the red flag and knows it’s carrying very important letters that need to get to their destination urgently. By following the normal procedures, the security officer signals to the truck to skip the queue and go all the way up to the front, giving it priority over the other the trucks.

In this example, the trucks represent the segments that arrive at their destination and are queued in the buffer waiting to be processed, while the truck with the red flag is the segment with the Urgent Pointer flag set.

A further point to note is the existence of theUrgent Pointer field. This field is covered in section 5, but we can briefly mention that when the Urgent Pointer flag is set to ‘1’ (that’s the one we are analysing here), then the Urgent Pointer field specifies the position in the segment where urgent data ends.

2nd Flag – ACKnowledgement

The ACKnowledgement flag is used to acknowledge the successful receipt of packets.

If you run a packet sniffer while transferring data using the TCP, you will notice that, in most cases, for every packet you send or receive, an ACKnowledgement follows. So if you received a packet from a remote host, then your workstation will most probably send one back with the ACK field set to “1”.

In some cases where the sender requires one ACKnowledgement for every 3 packets sent, the receiving end will send the ACK expected once (the 3rd sequential packet is received). This is also called Windowing and is covered extensively in the pages that follow.

3rd Flag – PUSH

The Push flag, like the Urgent flag, exists to ensure that the data is given the priority (that it deserves) and is processed at the sending or receiving end. This particular flag is used quite frequently at the beginning and end of a data transfer, affecting the way the data is handled at both ends.

When developers create new applications, they must make sure they follow specific guidelines given by the RFC’s to ensure that their applications work properly and manage the flow of data in and out of the application layer of the OSI model flawlessly. When used, the Push bit makes sure the data segment is handled correctly and given the appropriate priority at both ends of a virtual connection.

When a host sends its data, it is temporarily queued in the TCP buffer, a special area in the memory, until the segment has reached a certain size and is then sent to the receiver. This design guarantees that the data transfer is as efficient as possible, without waisting time and bandwidth by creating multiple segments, but combining them into one or more larger ones.

When the segment arrives at the receiving end, it is placed in the TCP incoming buffer before it is passed onto the application layer. The data queued in the incoming buffer will remain there until the other segments arrive and, once this is complete, the data is passed to the application layer that’s waiting for it.

While this procedure works well in most cases, there are a lot of instances where this ‘queueing’ of data is undesirable because any delay during queuing can cause problems to the waiting application. A simple example would be a TCP stream, e.g real player, where data must be sent and processed (by the receiver) immediately to ensure a smooth stream without any cut offs.

A final point to mention here is that the Push flag is usually set on the last segment of a file to prevent buffer deadlocks. It is also seen when used to send HTTP or other types of requests through a proxy – ensuring the request is handled appropriately and effectively.

4th Flag – Reset (RST) Flag

The reset flag is used when a segment arrives that is not intended for the current connection. In other words, if you were to send a packet to a host in order to establish a connection, and there was no such service waiting to answer at the remote host, then the host would automatically reject your request and then send you a reply with the RST flag set. This indicates that the remote host has reset the connection.

While this might prove very simple and logical, the truth is that in most cases this ‘feature’ is used by most hackers in order to scan hosts for ‘open’ ports. All modern port scanners are able to detect ‘open’ or ‘listening’ ports thanks to the ‘reset’ function.

The method used to detect these ports is very simple: When attempting to scan a remote host, a valid TCP segment is constructed with the SYN flag set (1) and sent to the target host. If there is no service listening for incoming connections on the specific port, then the remote host will reply with ACK and RST flag set (1). If, on the other hand, there is a service listening on the port, the remote host will construct a TCP segment with the ACK flag set (1). This is, of course, part of the standard 3-way handshake we have covered.

Once the host scanning for open ports receives this segment, it will complete the 3-way handshake and then terminate it using the FIN (see below) flag, and mark the specific port as “active”.

5th Flag – SYNchronisation Flag

The fifth flag contained in the TCP Flag options is perhaps the most well know flag used in TCP communications. As you might be aware, the SYN flag is initialy sent when establishing the classical 3-way handshake between two hosts:

tcp-analysis-section-4-2

In the above diagram, Host A needs to download data from Host B using TCP as its transport protocol. The protocol requires the 3-way handshake to take place so a virtual connection can be established by both ends in order to exchange data.

During the 3-way handshake we are able to count a total of 2 SYN flags transmitted, one by each host. As files are exchanged and new connections created, we will see more SYN flags being sent and received.

6th Flag – FIN Flag

The final flag available is the FIN flag, standing for the word FINished. This flag is used to tear down the virtual connections created using the previous flag (SYN), so because of this reason, the FIN flag always appears when the last packets are exchanged between a connection.

It is important to note that when a host sends a FIN flag to close a connection, it may continue to receive data until the remote host has also closed the connection, although this occurs only under certain circumstances. Once the connection is teared down by both sides, the buffers set aside on each end for the connection are released.

EVE-NG on win vmware without win

i stopped liking windows a long time ago. In fact i detest it. This morning I realized I was wasting time accessing eve while being hobbled by winblows. With a little research I realized that this:

4.9.40-eve-ng-ukms-2+ GNU/Linux

is actually:

4.9.x LTS

which means it’s actually ubuntu 16.04, and i was happy.

i decided to roll the dice and slap ubuntu desktop on it.

for info on installing and configuring eve-ng, images, client-pack, etc, there is eve-ng.net, youtube, and younameit… this is about using winblows as a silent host to the eve vm. basically, getting it out of the picture.

installing the desktop gui takes quite a while. first i expanded the disk space in vmware for eve from 40 to 100G.

shut down the vm, go to vm–settings, select hard disk, click expand, get coffee.

install ubuntu desktop:

apt-get install-ubuntu-desktop, get coffee, have a smoke; this takes quite a while.

after apt-get, you will boot into the unity desktop. not for me. set up gnome flashback:

apt-get install gnome-session-flashback.

at some point you’ll want to run apt-get update and get more coffee.

reboot, select gnome at login and kiss unity goodbye.

by this time i was already accessing eve-ng from within ubuntu vm without using winblows, on firefox from gnome desktop.

you will need to install the linux-client pack from eve-ng.net to use terminal, telnet, etc.

so far the only downside here is that i’m a zoc user and zoc does not support nix.

first real problem i encountered was native terminal from the gnome gui would not launch. xterm and uxterm would, but not plain terminal with ctrl-alt-t or by clicking it from applications.

the terminal fix is:

$ dpkg-reconfigure locales

You’ll see a long list of locales, and you can navigate that list with the up/down arrow keys. Pressing the space bar toggles the locale under the cursor. Make sure to select at least one UTF-8 locale, for example en_US-UTF-8 is usually supported very well. (The first part of the locale name stands for the language, the second for the country or dialect, and the third for the character encoding).

In the next step you have the option to make one of the previously selected locales the default. Picking a default UTF-8 locale as default is usually a good idea.

next was resolution not holding up between reboots. vm auto-fit, auto size did not help. changing resolution in gnome from the default 800×600 and apply wouldn’t stick between reboots. bash script in startup-applications also did not work.

solution:

write a bash script and save it to an accessible folder:

#!/bin/sh
xrandr –output Virtual1 –mode 1360×768

a couple of key points

must contain #! (sha-bang)
filename must end in .sh
replace Virtual1 (the name gnome gave to my display) with your display name found with xrandr -q

$ xrandr -q
Screen 0: minimum 1 x 1, current 1360 x 768, maximum 4096 x 4096
Virtual1 connected primary 1360×768+0+0 (normal left inverted right x axis y axis) 0mm x 0mm
800×600 60.00 + 60.32
1360×768 60.02*
1280×800 59.81
1152×864 75.00
1280×768 59.87
1024×768 60.00
640×480 59.94

you can use xrandr to add a resolution not in the list but since 1360×768 was available, i didn’t bother. have fun with that.

be sure to chmod u+x to make it executable

you can execute the script from terminal and it will change the resolution but will revert across reboots.

solution:

http://xmodulo.com/how-to-automatically-run-script-when-logging-into-ubuntu-desktop.html

more later…

EVE-NG

i like it, i use it…

i use it with vmware workstation on win 7…

sets up very easily…

http://www.eve-ng.net/

eve-ng

for windows wireshark was tricky… download the eve-ng windows client pack. my experience is that since i had wirehark already installed it wouldn’t capture properly with eve… i uninstalled wireshark, rebooted, then reinstalled the client pack and capturing is now correct…

also with vpcs dhcp is a little funky with ip helper. i still haven’t found a workaround to the option 125 error when relaying off net. however dhcp works fine on a local subnet.

Pro Kabaddi 5: 12 Teams & More Than 130 Match will be Played

In the Pro-Kabaddi League season 5, 12 groups will be seen contending energetically. This time four new groups will be incorporated into the alliance. Beginning in July, this association will last around 13 weeks, with more than 130 rivalries. Up until now, 8 groups taken an interest in this association. In the last four seasons, the choice to spread the group has been chosen in perspective of the prevalence of this competition. The ace kabaddi group was begun in 2014.

The chose groups from UP, Gujarat, Tamil Nadu and Haryana will demonstrate their ability in season 5. In these states, groups have been welcomed in perspective of their over the top connection towards kabaddi. In Gujarat, the Kabaddi World Cup was sorted out a year ago. At introduce, this star kabaddi class incorporates groups of 8 urban areas Bengaluru, Hyderabad, Mumbai, Pune, Delhi, Kolkata, Jaipur and Patna. pkl season 5 matches

Worldwide Kabaddi Federation president Janardan Gehlot has said that this PKL class has given another personality to the customary amusement and now through this association numerous adolescents will get an opportunity to push ahead and demonstrate their ability. Uday Shankar, Chairman and CEO of Star India said that kabaddi is not energized, so it will be out of line to this diversion.

2wire Wireless Router

2wire Wireless Router with fabulous price tags. We are all hoping to spend less; we have got a large selection of 2wire Wireless Router from two of the greatest e-commerce sites on the web.

The Very best 2wire Wireless Router

The query of which 2wire Wireless Router is best is certainly one that is asked, particularly by those who find themselves thinking of going to acquire wireless router with regards to small business or perhaps personal use. It is far from usually a very easy dilemma to resolve, mainly because perfect means various things to different consumers, in a variety of cases.

As an example, the budget 2wire Wireless Router consumer, who due to insufficient cash, discovers they cannot look past selling price in their shopping for a wireless router. best routers for under $100 For the man or woman is this circumstance, the most effective wireless router is, of course, the ones that cost the smallest amount of. There is not any possibility to look beyond cost here.

Then we have the feature focused client, that is in search of the exact wireless router together with the greatest number of characteristics whether or not they are real features this individual require or not. This person is willing to pay just about any cost called for a feature packed wireless router, and for them, funds isn’t a concern. For him, the most effective wireless router are those that come with the majority of features.

And then we have the cost guided consumer, who is convinced high priced is the most suitable, purchasing everything like they will go shopping for prestige merchandise so this person is going consciously shopping for the most highly priced wireless router regardless of what value this delivers for you to justify the high price level. For him, the very best wireless routers are those that are most expensive.

Ultimately, we certainly have precisely what might be thought to be arguably by far the most advisable customer the value led client whose thought of a great 2wire Wireless Router is the one which shows the affordable proposition. What this person is going to do, while shopping for wireless routers, would be to first to do a little analysis, try and know what it truly is that will matter with wireless routers then obtain the router that provides the most of what matters, for the lowest possible rates.

There are some points that matter when getting a wireless router. Compatibility is a factor: in which the greatest wireless routers are those that give an individual versatility with regards to what types of systems you can use them with, what configuration settings you can utilize them in etc. Naturally, while you go shopping for network routers, you could have already known which setting you will make use of them in. The real truth of the subject is with all the rapid breakthroughs in technological know-how we have been witness to; you could see yourself employed in a very different setting only a couple of years down the road. Therefore you would like network devices which can be truly flexible.

Safety can also be a matter that matters in wireless routers. In this regard, the wireless routers that have the best security characteristics and that allow it to become easiest to be able to set up your tailor-made safety measures options will be rated as the ideal.

Cost may also matter when all has been said as well as done. In case you have enough cash for the project, the best 2wire Wireless Router probably would not be the lowest priced, however, neither might they be the most costly. Instead, the most effective wireless routers will be the ones that offer the most benefit for their selling price.