Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
FTP
FTP stands for File Transfer Protocol. It is used to send/receive file from the remote computer.
It is defined in RFC959. FTP establishes two connections between client system and server
system, one for control information and the other for data to be transfered. Control
information carry commands/response. Authentication need to be done initially by way of
validating username and password. Once it is done files can be transferred between two
systems. FTP handles both binary and text format files.
SMTP
SMTP stands for Simple Mail Transfer Protocol. SMTP provides a protocol for two computers to
exchange electronic mail usign a TCP connection. In other words, it is the protocol used by e-
mail servers to forward messages across the TCPIP network. The client computer which usually
initiates the e-mail message uses the SMTP to send the e-mail to the local server delivery. It is
defined in RFC821,RFC822 and RFC974.
As mentioned SMTP communicates with the network via TCPIP protocol stack. SMTP
communication occurs through TCP port 25 on SMTP server.
The communication between client and server in the SMTP process consists of about 4
character commands from client to the server and 3 digit response codes from the server to the
client as mentioned below in the table. SMTP server response codes are very important in case
there is some problem to debug it further from networking point of view.
As we know now that main difference between FTP and SMTP is that with FTP user can send
and receive file to and from the computer, While SMTP is used to deliver the mail to the user's
mail box configured in the e-mail server.
HTTPS
Hypertext Transfer Protocol Secure (HTTPS) is a combination of two different protocols. It is
more secure way to access the web. It is combination of Hypertext Transfer Protocol (HTTPS)
and SSL/TLS protocol. It is more secure way to sending request to server from a client, also the
communication is purely encrypted which means no one can know what you are looking for.
This kind of communication is used for accessing those websites where security is required.
Banking websites, payment gateway, emails (Gmail offers HTTPS by default in Chrome
browser), and corporate sector websites are some great examples where HTTPS protocols are
used.
For HTTPS connection, public key trusted and signed certificate is required for the server. These
certificate comes either free or it costs few dollars depends on the signing authority. There is
one other method for distributing certificates. Site admin creates certificates and loads in the
browser of users. Now when user requests information to the web server, his identity can be
verified easily.
HTTP HTTPS
URL begins with http:// URL begins with https://
It uses port 80 for communication It uses port 443 for communication
Unsecured Secured
Operates at Application Layer Operates at Transport Layer
No encryption Encryption is present
No certificates required Certificates required
FTP
Set up FTP on command line.
To filter FTP, we text ftp on Wiresharks Display Filter, which is showed below:
HTTP
To filter HTTP, we text http on Wiresharks Display Filter, which is showed below:
We see the GET request from the client (192.168.1.6) sent to the server
(204.79.197.203) requesting the web server query, according to the HTTP/1.1 protocol.
The first pictures line help us detect an error, Moved Permanently , when the client
requests, the server moved file to another location => error
We see a successful web query from the client. The client sends to the server requesting
GET HTTP/1.1 to query the site, and the server replies the 302 Found to the client.
ISP's DNS server is communicating the Server that contains Web to perform
authentication requests through certificates. And when successful verification (code 200
OK), the site is the server side sent via the ISP returned to the client browse.
Then the client and the server continuously exchange packets with each other, ensuring
that the web content is always fresh.
HTTPS
To filter HTTPS, we text ssl certificate on Wiresharks Display Filter, which is showed below:
Each of the SSL records begins with the same three fields (with possibly different
values). One of these fields is content type and has length of one byte. List all three
fields and their lengths.
Each hexadecimal digit (also called a "nibble") represents four binary digits (bits) so each
pair of hexadecimal digits equals 1 byte.
Destination mac adderess: IntelCor_de:ed:24 (d0:7e:35:de:ed:24) : 6 bytes
Source mac address : HuaweiTe_49:5e:91 (20:f1:7c:49:5e:91) : 6 bytes
Type: IPv4 (0x0800) : 2 bytes
ClientHello Records
Expand the ClientHello record. (If your trace contains multiple ClientHello records,
expand the frame that contains the first one.) What is the value of the content type?
hex: 16 (16+6=22) Handshake.
Does the ClientHello record advertise the cipher suites it supports? If so, in the first
listed suite, what are the public-key algorithm, the symmetric-key algorithm, and the
hash algorithm?
DES(Data Encryption Standard), 3-DES (Triple-DES), DSA (Digital Signature Algorithm),
KEA (Key Exchange Algorithm), MD5 (Message Digest algorithm), RSA, RSA key
exchange, RC2 and RC4, SHA-1 (Secure Hash Algorithm).
ServertHello Records
TCP
To filter TCP, we text tcp.port == 80 on Wiresharks Display Filter, which is showed below:
3 ways handshake
A three-way handshake is a method used in a TCP/IP network to create a connection between a
local host/client and server. It is a three-step method that requires both the client and server to
exchange SYN and ACK (acknowledgment) packets before actual data communication begins.
A three-way handshake is also known as a TCP handshake.
A three-way handshake is primarily used to create a TCP socket connection. It works when:
A client node sends a SYN data packet over an IP network to a server on the same or an
external network. The objective of this packet is to ask/infer if the server is open for new
connections.
The target server must have open ports that can accept and initiate new connections. When the
server receives the SYN packet from the client node, it responds and returns a confirmation
receipt the ACK packet or SYN/ACK packet.
The client node receives the SYN/ACK from the server and responds with an ACK packet.
Upon completion of this process, the connection is created and the host and server can
communicate.
UDP
UDP uses a simple transmission model without implicit hand-shaking dialogues for
guaranteeing reliability, ordering, or data integrity. Thus, UDP provides an unreliable service
and datagrams may arrive out of order, appear duplicated, or go missing without notice. UDP
assumes that error checking and correction is either not necessary or performed in the
application, avoiding the overhead of such processing at the network interface level. Unlike
TCP, UDP is compatible with packet broadcasts (sending to all on local network) and
multicasting (send to all subscribers).
To capture UDP traffic: