TCP Protocol introduction - bin 0x1A

LiveOverflow · Beginner ·🔐 Cybersecurity ·9y ago

Key Takeaways

The video introduces the TCP protocol using netcat and Wireshark, covering packet transmission, connection setup, and data exchange. It demonstrates the use of netcat and Wireshark to analyze and understand the TCP protocol.

Full Transcript

last episode we did our first networking challenge where we first reverse engineered how the server is listening on a port and then we connected to it with netkit this video we want to go one layer deeper and have a look at the TCP protocol this will be the first time that we have a look at what it means to send a packet over the [Music] network we have used netkit now multiple times we've used it in ctfs and last video to connect to challenges and in the web security series we used it to talk to a real web server so you know that netcat is a very handy tool to send TCP packets over the network so I suggest we download wire shark to analyze packets we sent with netcat when we open wire shock we select the network interface we want to capture packets in this case our traffic doesn't leave the machine do we can select the loop interface Loop is more like a virtual network interface it's not a real physical Network card stuck in your PC through this interface will go all our traffic that we sent around on our local machine and as you may know the own machine is always identified as local host or IP 12701 now let's use two terminal windows and in one window we start netcat in listening mode and a port in the other window we can then execute net like in the last video and we can list all processes that are currently listening on a port and here is our net cat process you know what let's execute our netcat server with estray so we can see all the sus calls that netcat uses to establish a server so it will first create a socket set some options then bind the port 1 2 3 4 and it's now listening on that port and it's waiting for a connection to be established with accept it's basically exactly what we reverse engineered in last video we can also quickly check wire shark and we don't see any packet being sent over the network yet okay okay now let's use the second window to connect to this netcat server you can see on the server that accept now returned because a client connected to the port and now we see three entries in wi shark we see a sun sunak and a packet let's quickly have a look at those as you can see in the lowest window a packet is just some binary data and that binary data has meaning which wies shck can parse and display us nicely so above we can see the decoded packet and it's divided by layers because this packet didn't leave our machine the ethernet layer is just all zeros usually you would find here your Mac address and the MAC address from your switch or router so that layer is only used between two direct connections besides the MAC address this layer also contains a type and the type is set to hex 800 which indicates that the next layer is an ipv4 layer wi shark sees that and knows how to decode the next next bytes when you click on the next layer wire Shar will highlight which bytes of the packet belong to that layer and you can see how it decides that it is an ipv4 version four layer because the first four bits of this bite here is four you can also see here the source and destination IP which in this case is the same so while the ethernet layer with Mach addresses was about direct connections the IP layer can contain an address very far away on the internet and the switches will make sure that this packet is forwarded until you reach the correct machine this layer also contains information about the layer afterwards and that is the protocol identifier in this case it's six which means the content of this IP layer is a TCP header IP and TCP are usually always together it's very common thus you have probably heard of TCP IP before which just says that there is a TCP layer over an IP layer so the ethernet layer helped to get from machine to machine the AP layer helped to identify which machine is the real destination of this and the TCP layer will now help identify which program or process on this machine should handle this packet and that is identified with the port number you can see here that the destination Port is set to 1 2 3 4 you can also see here a source Port which is required so you can receive answers from the server so when the server responds with a packet it will use this port so that the client machine knows which process gets this response and that's usually a random High port number anyhow now we understand how a full TCP packet is constructed now let's have a look at the protocol a protocol just refers to a set of rules on how to talk to another computer if a client and server agree on how to send data back and forth it will work so what we will see now is just what somebody came up with in an order to create a data connection just remember at the moment we have not sent any data with netcat so far we only establish a connection okay so we see that three packets were exchanged first the client sent a so-called Sun packet a synchronized packet and the server responded with a sunak packet meaning I acknowledge that I received it this is important because maybe the initial packet didn't arrive so when you as a client get a response you know that the server got message this means the client knows now that the connection works but from the perspective of the server the server doesn't know yet if the sending the packet was successful maybe the server can only receive but not send packets that's a client will respond to the sunac packet with an act packet acknowledging it so the server gets an answer and both parties are sure yes I successfully exchanged packet with this other machine now we can talk data and this is all done transparently you didn't have to construct these packets yourself you simply opened a socket and waited for a connection okay now let's send some data from the client to the server you can see that immediately the Ser was able to read the line you sent how does it look in W shark we see two new packets a PS packet for the client to the server and an act packet back the packet from the client also now has an additional data layer and that data layer is just contains the raw bytes we send and the serve responds with an act to confirm the client that the packet was successfully received now let's send the response from the server you see the server simply wrote the text to the file descriptor for which is the file descriptor that accept returned as you can see an application simply writes to that pseudo file that socket and the magic below sent that over the network now now let's have a look what it did it also just sent a push packet and the client acknowledged the arrival with an act packet back one more thing obviously the size of a packet is limited so what happens when you send a lot of data let's say you upload a huge file somewhere how will that work let's just copy a bunch of characters and send them ah see now there are more than just two packets you don't see it when you develop an application but somewhere in the kernel Network card or driver I don't really know it got split up you can also see that the second packet was not sent along with the first one the second packing was only sent out once the server acknowledges the first one let's see what happens when you kill the client even though we just control C netkit we can see in wies shck that fin packet was sent out to indicate we are done with this channel you can free up resources and you don't have to expect more packets from this connection and like during setup there are are three packets exchanged the server acknowledges the fin by the client now the client knows that the server knows that it's done but the server doesn't know yet if the client knows that it knows it's done so it also responds with neck now both know it's over now this whole exchange is referred to as a TCP stream we established a connection and then exchange data back and forth and then quit the connection and wi shck allows us to investigate the Stream for example with follow TCP stream here only the data is visible and color coded who sent what and now you should watch my HTTP protocol video from the web security series because you will understand now much better what it means to have a server and client and that HTTP is just data sent over TCP exactly how we send these messages a browser and a web server are just special programs that do special things with special messages over TCP [Music]

Original Description

Before we continue with the network challenges, let's first introduce the TCP protocol properly. Using netcat and wireshark to understand it. HTTP Protocol episode: https://www.youtube.com/watch?v=C_gZb-rNcVQ -=[ 🔴 Stuff I use ]=- → Microphone:* https://geni.us/ntg3b → Graphics tablet:* https://geni.us/wacom-intuos → Camera#1 for streaming:* https://geni.us/sony-camera → Lens for streaming:* https://geni.us/sony-lense → Connect Camera#1 to PC:* https://geni.us/cam-link → Keyboard:* https://geni.us/mech-keyboard → Old Microphone:* https://geni.us/mic-at2020usb US Store Front:* https://www.amazon.com/shop/liveoverflow -=[ ❤️ Support ]=- → per Video: https://www.patreon.com/join/liveoverflow → per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join -=[ 🐕 Social ]=- → Twitter: https://twitter.com/LiveOverflow/ → Website: https://liveoverflow.com/ → Subreddit: https://www.reddit.com/r/LiveOverflow/ → Facebook: https://www.facebook.com/LiveOverflow/ -=[ 📄 P.S. ]=- All links with "*" are affiliate links. LiveOverflow / Security Flag GmbH is part of the Amazon Affiliate Partner Programm. #NetworkSecurity
Watch on YouTube ↗ (saves to browser)
Sign in to unlock AI tutor explanation · ⚡30

Playlist

Uploads from LiveOverflow · LiveOverflow · 53 of 60

1 LiveOverflow - Trailer
LiveOverflow - Trailer
LiveOverflow
2 Introduction to Linux - Installation and the Terminal - bin 0x01
Introduction to Linux - Installation and the Terminal - bin 0x01
LiveOverflow
3 Writing a simple Program in C
Writing a simple Program in C
LiveOverflow
4 Writing a simple Program in Python - bin 0x03
Writing a simple Program in Python - bin 0x03
LiveOverflow
5 Live Hacking - Twitch Recording overthewire.org - Vortex 0x01-0x03 (3h)
Live Hacking - Twitch Recording overthewire.org - Vortex 0x01-0x03 (3h)
LiveOverflow
6 Reversing and Cracking first simple Program - bin 0x05
Reversing and Cracking first simple Program - bin 0x05
LiveOverflow
7 Abusing the exception handler to leak flag - 32C3CTF readme (pwnable 200)
Abusing the exception handler to leak flag - 32C3CTF readme (pwnable 200)
LiveOverflow
8 ROP with a very small stack - 32C3CTF teufel (pwnable 200)
ROP with a very small stack - 32C3CTF teufel (pwnable 200)
LiveOverflow
9 Uncrackable Programs? Key validation with Algorithm and creating a Keygen - Part 1/2 - bin 0x07
Uncrackable Programs? Key validation with Algorithm and creating a Keygen - Part 1/2 - bin 0x07
LiveOverflow
10 Uncrackable Program? Finding a Parser Differential in loading ELF - Part 2/2 - bin 0x08
Uncrackable Program? Finding a Parser Differential in loading ELF - Part 2/2 - bin 0x08
LiveOverflow
11 Syscalls, Kernel vs. User Mode and Linux Kernel Source Code - bin 0x09
Syscalls, Kernel vs. User Mode and Linux Kernel Source Code - bin 0x09
LiveOverflow
12 Smashing the Stack for Fun and Profit - setuid, ssh and exploit.education - bin 0x0B
Smashing the Stack for Fun and Profit - setuid, ssh and exploit.education - bin 0x0B
LiveOverflow
13 Live Hacking - EFF-CTF 2016 - Level 0-4 (Enigma Conference)
Live Hacking - EFF-CTF 2016 - Level 0-4 (Enigma Conference)
LiveOverflow
14 First Stack Buffer Overflow to modify Variable - bin 0x0C
First Stack Buffer Overflow to modify Variable - bin 0x0C
LiveOverflow
15 First Exploit! Buffer Overflow with Shellcode - bin 0x0E
First Exploit! Buffer Overflow with Shellcode - bin 0x0E
LiveOverflow
16 Buffer Overflows can Redirect Program Execution - bin 0x0D
Buffer Overflows can Redirect Program Execution - bin 0x0D
LiveOverflow
17 Doing ret2libc with a Buffer Overflow because of restricted return pointer - bin 0x0F
Doing ret2libc with a Buffer Overflow because of restricted return pointer - bin 0x0F
LiveOverflow
18 Reverse engineering C programs (64bit vs 32bit) - bin 0x10
Reverse engineering C programs (64bit vs 32bit) - bin 0x10
LiveOverflow
19 pwnable.kr - Levels: fd, collision, bof, flag
pwnable.kr - Levels: fd, collision, bof, flag
LiveOverflow
20 Reverse Engineering and identifying Bugs - BKPCTF cookbook (pwn 6) part 1
Reverse Engineering and identifying Bugs - BKPCTF cookbook (pwn 6) part 1
LiveOverflow
21 Leaking Heap and Libc address - BKPCTF cookbook (pwn 6) part 2
Leaking Heap and Libc address - BKPCTF cookbook (pwn 6) part 2
LiveOverflow
22 Arbitrary write with House of Force (heap exploit) - BKPCTF cookbook (pwn 6) part 3
Arbitrary write with House of Force (heap exploit) - BKPCTF cookbook (pwn 6) part 3
LiveOverflow
23 Live Hacking - Internetwache CTF 2016 - web50, web60, web80
Live Hacking - Internetwache CTF 2016 - web50, web60, web80
LiveOverflow
24 Live Hacking - Internetwache CTF 2016 - crypto60, crypto70, crypto90
Live Hacking - Internetwache CTF 2016 - crypto60, crypto70, crypto90
LiveOverflow
25 A simple Format String exploit example - bin 0x11
A simple Format String exploit example - bin 0x11
LiveOverflow
26 NEW VIDEOS ARE COMING - loopback 0x00
NEW VIDEOS ARE COMING - loopback 0x00
LiveOverflow
27 HTML + CSS + JavaScript introduction - web 0x00
HTML + CSS + JavaScript introduction - web 0x00
LiveOverflow
28 The HTTP Protocol: GET /test.html - web 0x01
The HTTP Protocol: GET /test.html - web 0x01
LiveOverflow
29 Building Poor Man's Logic Analyzer with an Arduino - Reverse Engineering A/C Remote part 1
Building Poor Man's Logic Analyzer with an Arduino - Reverse Engineering A/C Remote part 1
LiveOverflow
30 What is PHP and why is XSS so common there? - web 0x02
What is PHP and why is XSS so common there? - web 0x02
LiveOverflow
31 Introducing the AngularJS Javascript Framework - XSS with AngularJS 0x00
Introducing the AngularJS Javascript Framework - XSS with AngularJS 0x00
LiveOverflow
32 Sandbox Bypass in Version 1.0.8 - XSS with AngularJS 0x1
Sandbox Bypass in Version 1.0.8 - XSS with AngularJS 0x1
LiveOverflow
33 Capturing & Analyzing Packets with Saleae Logic Pro 8 - Reverse Engineering A/C Remote part 2
Capturing & Analyzing Packets with Saleae Logic Pro 8 - Reverse Engineering A/C Remote part 2
LiveOverflow
34 XSS Contexts and some Chrome XSS Auditor tricks - web 0x03
XSS Contexts and some Chrome XSS Auditor tricks - web 0x03
LiveOverflow
35 Previous Bypass is now fixed in version 1.4.7 - XSS with AngularJS 0x2
Previous Bypass is now fixed in version 1.4.7 - XSS with AngularJS 0x2
LiveOverflow
36 New Sandbox Bypass in 1.4.7 - XSS with AngularJS 0x3
New Sandbox Bypass in 1.4.7 - XSS with AngularJS 0x3
LiveOverflow
37 The Heap: what does malloc() do? - bin 0x14
The Heap: what does malloc() do? - bin 0x14
LiveOverflow
38 The Heap: How to exploit a Heap Overflow - bin 0x15
The Heap: How to exploit a Heap Overflow - bin 0x15
LiveOverflow
39 Reverse Engineering with Binary Ninja and gdb a key checking algorithm - TUMCTF 2016 Zwiebel part 1
Reverse Engineering with Binary Ninja and gdb a key checking algorithm - TUMCTF 2016 Zwiebel part 1
LiveOverflow
40 Scripting radare2 with python for dynamic analysis - TUMCTF 2016 Zwiebel part 2
Scripting radare2 with python for dynamic analysis - TUMCTF 2016 Zwiebel part 2
LiveOverflow
41 Live Hacking - Internetwache CTF 2016 - exp50, exp70, exp80
Live Hacking - Internetwache CTF 2016 - exp50, exp70, exp80
LiveOverflow
42 Sandbox bypass for the latest AngularJS version 1.5.8 - XSS with AngularJS 0x4
Sandbox bypass for the latest AngularJS version 1.5.8 - XSS with AngularJS 0x4
LiveOverflow
43 Channel is growing and Riscure hardware CTF starting soon - loopback 0x01
Channel is growing and Riscure hardware CTF starting soon - loopback 0x01
LiveOverflow
44 Explaining Dirty COW local root exploit - CVE-2016-5195
Explaining Dirty COW local root exploit - CVE-2016-5195
LiveOverflow
45 What is CTF? An introduction to security Capture The Flag competitions
What is CTF? An introduction to security Capture The Flag competitions
LiveOverflow
46 The Heap: How do use-after-free exploits work? - bin 0x16
The Heap: How do use-after-free exploits work? - bin 0x16
LiveOverflow
47 The Browser is a very Confused Deputy - web 0x05
The Browser is a very Confused Deputy - web 0x05
LiveOverflow
48 The Heap: Once upon a free() - bin 0x17
The Heap: Once upon a free() - bin 0x17
LiveOverflow
49 Simple reversing challenge and gaming the system - BruCON CTF part 1
Simple reversing challenge and gaming the system - BruCON CTF part 1
LiveOverflow
50 int0x80 from DualCore lent me his lockpicking set and I'm a horse - BruCON CTF part 2
int0x80 from DualCore lent me his lockpicking set and I'm a horse - BruCON CTF part 2
LiveOverflow
51 The Heap: dlmalloc unlink() exploit - bin 0x18
The Heap: dlmalloc unlink() exploit - bin 0x18
LiveOverflow
52 MD5 Length Extension and Blind SQL Injection - BruCON CTF part 3
MD5 Length Extension and Blind SQL Injection - BruCON CTF part 3
LiveOverflow
TCP Protocol introduction - bin 0x1A
TCP Protocol introduction - bin 0x1A
LiveOverflow
54 Socket programming in python and Integer Overflow - bin 0x1B
Socket programming in python and Integer Overflow - bin 0x1B
LiveOverflow
55 Linux signals and core dumps - bin 0x1C
Linux signals and core dumps - bin 0x1C
LiveOverflow
56 [Live] Remote oldschool dlmalloc Heap exploit - bin 0x1F
[Live] Remote oldschool dlmalloc Heap exploit - bin 0x1F
LiveOverflow
57 Riscure Embedded Hardware CTF setup and introduction - rhme2 Soldering
Riscure Embedded Hardware CTF setup and introduction - rhme2 Soldering
LiveOverflow
58 Rooting a CTF server to get all the flags with Dirty COW - CVE-2016-5195
Rooting a CTF server to get all the flags with Dirty COW - CVE-2016-5195
LiveOverflow
59 How to learn hacking? ft. Rubber Ducky
How to learn hacking? ft. Rubber Ducky
LiveOverflow
60 Format String to dump binary and gain RCE - 33c3ctf ESPR (pwn 150)
Format String to dump binary and gain RCE - 33c3ctf ESPR (pwn 150)
LiveOverflow

This video introduces the TCP protocol and demonstrates how to use netcat and Wireshark to analyze and understand it. The TCP protocol is a fundamental concept in networking and cybersecurity, and this video provides a comprehensive overview of its basics.

Key Takeaways
  1. Start netcat in listening mode
  2. Connect to the netcat server with nc
  3. Use strace to see system calls used to establish a server
  4. Capture and decode packets with Wireshark
  5. Establish a connection with netcat
  6. Send data from the client to the server
  7. Read data from the server with netcat
  8. Close the connection with a FIN packet
💡 The TCP protocol is a crucial component of network communication, and understanding its basics is essential for cybersecurity and networking professionals.

Related Reads

📰
AWS Networking for IR — VPCs, Flow Logs, and the Load Balancer Blind Spot
Learn how to navigate AWS networking for incident response, including VPCs, flow logs, and load balancer blind spots
Medium · Cybersecurity
📰
The 5 RLS holes that quietly leak data in AI-built Supabase apps
Discover the 5 common RLS holes that can quietly leak data in AI-built Supabase apps and learn how to fix them
Dev.to · Tori TIC
📰
Checksums in Browser Uploads: What They Prove and What They Do Not
Learn how checksums work in browser uploads and their limitations in ensuring security
Dev.to · Gathmo
📰
I Ignored the Lab Instructions and Solved It My Own Way -Here’s What I Learned
Learn how ignoring lab instructions and solving problems independently can improve cybersecurity skills and promote creative thinking
Medium · Cybersecurity
Up next
Best VPN For China 2026 — Which One Actually Works?
Tutorial Stack
Watch →