Archive for November, 2008
Finally… me and a couple of friends got together to do a bike trip for a few days. Somehow the idea of being able to ride bikes from dawn to dusk is irresistible. We packed up tents and a few supplies and took off. On the way down we stopped at lake Okeechobee and the Everglades.
I have to admit that camping is a lot of fun.. but when you have to put up a tent every evening and fold it up every morning, you get a slightly different perspective. A longer trip will require staying at hotels more often than not. Why am I saying this? Well, because an East Coast – West Coast journey seems to be the next step in a logical progression.
I have to admit that the majority of the IT professionals I have met have a little or no idea of basic networking. And sadly some of those are sys admins, site admins, programmers and in the extreme cases even WAN and Network admins and Security “experts”. In the above mentioned group, only the programmers can actually be “excused” . Being a programmer myself, I know that you do not have to be aware of what a Level 4 device is in order to write good code. But it helps… especially in troubleshooting scenarios- for example when your program cannot connect to the database due to network or firewall misconfiguration.
I am a visual person and most of the time a picture speaks a lot more to me than a bunch of words, so here is a simple diagram that explains the basics of a TCP/IP network packet:
A little more detailed version of this diagram I drew up in my notebook when I was taking a networking class in college. I still find myself drawing it on a white board when someone asks me a network question.
The “Level” labels above refer to the different layers of the OSI model. It is helpful to think about a network packet as a present, wrapped in multiple boxes. The outermost box corresponds to level 2 in the OSI model (Data Link layer) and it is the one containing the physical addresses of the source and the destination machines. A typical level 2 device is a network switch.
Inside this big box is the level 3 (Network layer) box that contains the IP address of the computer sending the packet and the one that it is directed to. An example of a level 3 device is a router.
The next box is the one that identifies what port the packet originated from and the number of the port that the destination computer should receive the data on. The port number ultimately determines what application is responsible for processing the data. For example, a packet coming on port 21 means that it is an ftp request and that the ftp daemon on the machine should process it. This box corresponds to level 4 on the OSI model – the Transport layer. A PIX firewall is a typical level 4 network device.
And the innermost box of the packet is the “present” itself – the data. This is what was needed to be delivered from one computer to another on the first place and the rest of the boxes were just the means to accomplish this.
The different network devices and computers open the different boxes and read the information they carry as needed. For example, it is helpful to remember that routers strip the Data Link layer to find out the destination (the IP) address of the packet. Then they reconstruct that layer with a new destination physical address – the MAC address of the next hop on the network and with their own MAC address as the source address. This process repeats until the packet reaches its destination.
I have been asked many times by web programmers how to find out the MAC address of the machine that made the original request . As you can see now- this is impossible. The TCP/IP packet that reaches the web server will only contain the MAC address of the last router that processed the frame.
Of course there is a lot more to network packets and protocols than this. But the simple diagram above is good enough to give you a basic idea and to get someone started in the field of networking.
I kept postponing the issue of getting a new laptop for quite some time. I would do some research, open a few sites and message boards to see what new is out there, but I was not able to make the final step. I guess I was waiting either for my old one to die or someone to take me by the hand and lead me to the store. Finally, several days ago I came into terms with the fact that neither of these two things would ever happen and I actively started looking.
I did some serious going around some stores and booting different notebooks from my USB thumb-drive with BT3 on it in order to find what I was looking for. It turned out that Acer Aspire 4720-4538 for a little under $500 was ideal for my needs. It has an Intel Dual Core 1.7GHz, 2 GB of RAM, an Atheros wireless chipset and it is light and relatively small.
I recommend it to anyone who is looking for a linux laptop. It comes with Vista, but I blew it out within 5 min. of laying my hands on it. You have to be careful when buying it if you prefer to have a wireless chipset that is supported by the madwifi drivers. Apparently some of these machines come with the Atheros chipset and some don’t. I learned this the hard way. The display model had it, but the one they gave me in the box did not and I had to return it. Both of them had exaclty the same model number. I have no idea why the manufacturer would do something like that.
I am done with buying expensive laptops like I did before. I have a desktop where I can do gaming and CPU/RAM/IO intensive computing, so I do not need a “desktop replacement” laptop. For a $500 price tag I can afford to get a new notebook a lot more oftern if I need to. Come to think of it, if I get a new cheap laptop 18 months from now, at that time it will be faster than almost any expensive laptop I buy now. So, what is the point of spending a lot for a laptop and keeping it for periods of 3 years and longer?
Yesterday I stumbled upon a new wireless card with an Atheros chipset and as we know the majority of the them are supported by madwifi. That indeed was the case with this one.
The next step was to put it in my laptop and get out on the porch to have some fun. It is always exciting to crack WEP no matter how many times you had done it. With two wireless NICs in my notebook this time it looked like things were going faster. I used one to capture the packets and the other one to associate with the target and inject ARP requests.
The result is pictured above. I have blurred out some of the information for apparent reasons. I let it go for too long- almost two and a half hours, which was not necessary. With the PTW WEP-cracking method we only need a few thousand IVs to be successful. With the rate that I was capturing data packets (more than a 1000 a minute), it meant that I only needed 10 to 20 min. But since I wanted to use the FMS/Korek method on the same target as well, I let it gather a lot more packets. The later method requires quite a bit more IVs. Depending on the size of the key you might need over a million data packets.
So… do not use WEP encryption… you will be owned in minutes!
- Olivier on Dynamic Port Forwarding with SOCKS over SSH
- Ld7 on How to connect your Android phone to Ubuntu to do development, testing, installations or tethering
- get more Info on How to get Picasa images using the Image Picker on Android devices running any OS version
- Casper on How to detect a user pan/touch/drag on Android Map v2
- Install SSH as socks proxy for dynamic port forwarding | Steve Constine on Dynamic Port Forwarding with SOCKS over SSH
- April 2013 (1)
- November 2012 (2)
- August 2012 (1)
- May 2012 (1)
- March 2012 (1)
- November 2011 (1)
- August 2011 (1)
- April 2011 (1)
- January 2011 (2)
- September 2010 (1)
- August 2010 (2)
- July 2010 (2)
- June 2010 (2)
- May 2010 (1)
- January 2010 (2)
- December 2009 (2)
- November 2009 (3)
- October 2009 (1)
- September 2009 (3)
- July 2009 (1)
- May 2009 (1)
- March 2009 (1)
- February 2009 (2)
- January 2009 (2)
- December 2008 (1)
- November 2008 (4)
- October 2008 (5)