Before you can engage in any ethical hacking, you need to understand the basics of network communication between devices. This post gives you an quick overview how devices talk to each other.

This post is part of a series called “Ethical Hacking”.

OSI Layers

The Open Systems Interconnection model (OSI model) is a conceptual model that characterizes and standardizes the communication functions of a telecommunication or computing system without regard to its underlying internal structure and technology. Its goal is the interoperability of diverse communication systems with standard protocols. The model partitions a communication system into abstraction layers. The original version of the model defined seven layers.

1. Physical
   • Hubs, NIC, Cable
     Send data on the physical wire.
2. Data Link
   • Switches
     Reads the MAC address from the data packet.
3. Network
   • Routers, Layer 3 Switches
     Reads the IP address from the packet.
4. Transport
   • TCP, UDP, IPSec etc.
     Reponsible for the transport protocol and error handling.
5. Session
   • NetBIOS, PPTP etc.
     Establishes/ends connections between two hosts.
6. Presentation
   • JPG, GIF, HTTPS, SSL, TLS etc.
     Formats the data so that it can be viewed by the user, encryption also takes place here.
7. Application
   • SMTP, IMAP etc.
     Services that are used with end user applications.

TCP

The Transmission Control Protocol (TCP) is one of the main protocols of the Internet protocol suite. It originated in the initial network implementation in which it complemented the Internet Protocol (IP). Therefore, the entire suite is commonly referred to as TCP/IP. TCP provides reliable, ordered, and error-checked delivery of a stream of octets (bytes) between applications running on hosts communicating via an IP network. Major Internet applications such as the World Wide Web, email, remote administration, and file transfer rely on TCP.

TCP Flags

TCP flags are used within TCP packet transfers to indicate a particular connection state or provide additional information. Therefore, they can be used for troubleshooting purposes or to control how a particular connection is handled.

• SYN (Synchronize)
  • Synchronize is used during session setup to agree on initial sequence numbers. Sequence number are random.
• ACK (Acknowledgment)
  • The receiver will send an ACK that equals the senders number plus the Len, or amount of data, at the TCP layer.
• RST (Reset)
  • Reset is an instantaneous abort in both directions (abnormal session disconnection)
• FIN (Finish)
  • Finish is used during a graceful session to close that the sender has no more data to send.
• PSH (Push)
  • Push forces data delivery without waiting for buffers to fill. This is used for interative traffic. The data wil also be delivered to the application on the receiving end without buffering.
• URG (Urgent)
  • Data is sent out of band.

TCP Handshake

TCP Termination