WIFI - Part 5, OSI and TCP/IP Models
WIFI - Part 5, OSI and TCP/IP Models
WIFI – Part 5, OSI and TCP/IP Models
This tutorial is going to go over some of the most important fundamentals that deal with network communications as a whole. It is going to be all about the OSI model and the TCP/IP model. I started to write the Airodump-ng tutorial, and found myself including far to much information that didn’t really pertain to the Airodump-ng tool, so I decided to write this tutorial first. Next is Airodump-ng.
What is a Packet? A packet is pretty much just a unit of data, often a portion of a larger piece of data. I say pretty much because it also contains information pertaining to the delivery of that packet, including the source IP, destination IP, error detection codes, and sequencing information. A packet is sometimes referred to as the data that is broken up by TCP, where a datagram is the data broken up by UDP; other then the protocol that is is utilizing to transport the data, they are pretty much the same thing. The only main difference is that a TCP packet contains much more control information then a UDP datagram; things like the acknowledgement number and what not.
What is a PDU? A PDU is a protocol delivery unit. As data goes down the layers on the various models, each layer in that model adds something to the data that is used for a specific purpose, which is called encapsulation. Everything that is added is pertaining to getting the data to the right machine, and having the machine use the right service to be able to access the data.
What is the OSI model? The OSI model is basically a model that describes the process that data must go through for it to be transferred anywhere on any network. Each layer is fundamental to successfully complete this; however, throughout this tutorial we will mainly be dealing with the first three layers. This model is very general, and numerous different protocols could be used to complete the process on any of the layers. It is important to note that this model does not specifically mention any protocols, it just mandates what the job and the outcome of each of the layers should be. For all you programmers out there, this model is pretty much an interface.
OSI MODEL Layer 1: Physical Layer PDU: Bits Summary: The physical layer is the hardware, and mainly in charge of sending raw bit streams over a media. A media is whatever is connecting hosts, wires, wireless, etc.
Layer 2: Data Link Layer PDU: Frames Summary: The data link layer is in charge of physically passing data from one node to another. This layer also is in charge of flow control and error detection. This is also the layer that deals with the physical addresses, MAC addresses.
Layer 3: Network Layer PDU: Packets Summary: The network layer is the layer that performs addressing and routing. It is the layer that deals with the logical addressing, IP addresses.
Layer 4: Transport Layer PDU: Segments Summary: The transport layer is kind of the middle man between the higher layers and the lower layers. It is mostly concerned with end-to-end communications in a reliable manner.
Layer 5: Session Layer PDU: Data Summary: The session layer controls the communications between applications on hosts. This layer is responsible for establishing and maintaining communication channels.
Layer 6: Presentation Layer PDU: Encoded User Data Summary: The presentation layer performs the last minute details prior to the user seeing the data. This could be encryption, compression, formatting etc. It is in charge of all the data transformations.
Layer 7: Application Layer PDU: User Data Summary: The application layer is the layer most users are familiar with. It is the programs or services that are currently running, that has access to the raw data, and initiates the whole process.
OSI Model Encapsulation Picture http://www.davestechsupport.com/blog/images/osi7.gif
What is the TCP/IP model? The TCP/IP model is basically the same things. The fundamental difference is that this model is nowhere near as general as the OSI model. This model explicitly mandates which protocols do what, when, and what the outcome should be. This model is used for Internet traffic, and is kind of loosely based of the OSI model. The final outcomes to both models are the same, and the same protocols COULD be used to achieve this; but different protocols could also be used in the OSI model. Layer 1: Network Access Layer PDU: Bits Protocols: NFS, DNS, FTP, HTTP, Telnet, IRC, SNMP, SMTP, POP, IMAP, etc.
Layer 2: Internet Layer PDU: Packets Protocols: TCP and UDP
Layer 3: Transport Layer PDU: Segments Protocols: IP
Layer 4: Application Layer PDU: Data Protocols: PPP and SLIP
TCP/IP Model Encapsulation Picture http://www.tcpipguide.com/free/diagrams/ipencap.png
TCP/IP vs OSI model Although they are two separate models, and both serve purposes in different places, there is a direct correlation between the two models. The TCP/IP layers take on more responsibilities then their counterparts in the OSI model. Below is a diagram that shows the TCP/IP layers, and which layers in the OSI model is represents:
Application Layer -Application Layer -Presentation Layer -Session Layer Transport Layer -Transport Layer Internet Layer -Network Layer Network Access Layer -Data Link Layer -Physical Layer
TCP/IP compared to OSI Model Picture http://1.bp.blogspot.com/-JyGl2ocXmEo/UI69wm4JMxI/AAAAAAAAA4M/El99ORXKM3g/s1600/1_TCPIP_and_OSI_models.jpg
What is an IV? An IV is kind of difficult to explain without first discussing encryption attacks in a pretty thorough manner. I am not going to go over encryption until later, so for now, I will just tell you that an IV is the initialization vector of a WEP packet. It is a 24 bit field, which is sent in the clear text portion of the packet, and it is fundamental to many WEP based attacks.
What is a Netmask? A netmask is very similar to a subnet mask, but rather then defining ranges of IP addresses, it defines classes of them. It is just a 32 bit mask that is used to divide up an IP address into subnets for various purposes.
What is a BSSID? BSSID stands for basic service set identification, I have also heard of it standing for broadcast service set identification. I don’t know which it actually what it stands for, but it doesn’t really matter. It is just a fancy word that is used in place of saying the MAC address of a wireless router. It is displayed like 00:11:22:33:44:55; and it is used in the options the same way, with the ‘:’ separating every two numbers.
What is a SSID? SSID stands for service set identifier. It is the name of a wireless network. It is set by the user on the wireless router, and is a maximum of 32 characters in length. There is a tactic known as network cloaking, where the SSID is not broadcasted. Instead a computer looking to connect must specify the name of the SSID. Network cloaking is tthought to be some kind of wireless security mechanism, but it can be quickly overcome, as I will show in later tutorials.
I think that might sum up the topics I wished to cover prior to diving into Airodump-ng. Understanding these fundamentals will help you through the rest of these tutorials. By the way, I pretty much have the Airodump-ng tutorial written, it will be two parts; options and display. I should be able to release it within the next day or two.
TuX out