Principles of Cybersecurity, 1st Edition page 267

Copyright Goodheart-Willcox Co., Inc. Chapter 8 Overview of Network Security and Network Threats 267 Quick Look 8.1.4 Continued 9. With the fi lter still set, look at the status bar in the lower right-hand corner of the Wireshark screen. The Packets: label shows the total number of packets in the capture. The Displayed: label shows how many packets are available with the current fi lter. 10. To save the capture, click File Save As… to display a standard save-type dialog box. Name the fi le TestCapture, and save it in your working folder for this class. 11. Close Wireshark. Three-Way Handshake An important concept with TCP transmissions is what is known as the three- way handshake. In the three-way handshake, the sending host and receiving cli- ent complete a three-step process to verify the successful transmission of a data exchange. This process is important. It helps prevent man-in-the-middle (MITM) attacks and spoofi ng attacks. This is because the packets must know some of the information exchanged in this three-way process. The three steps in the process are as follows. 1. SYN connection (from Host A to Host B) 2. SYN/ACK connection (from Host B to Host A) 3. ACK connection (from Host A to Host B) Step 1 SYN Connection Host A wants to set up a connection with Host B. The sending host (A) will transmit a request to the receiving host (B) to establish the connection. The initial sequence number will be randomly generated. The initial sequence number (ISN) is used as part of the transmission process to manage packets within a transmis- sion session. It is a random number between 0 and 4,294,967,295. For simplicity, Wireshark displays a relative number, usually a small value. In the example in Figure 8-18, the relevant portion is shown. In this transmis- sion, the initial sequence number is 0. This is the fi rst transmission in the process, so no acknowledgements have been given. The receiving client will expect to see this sequence number. The SYN fl ag is turned on. Step 2 SYN/ACK Connection In the second step, the receiving host needs to acknowledge the SYN from the sending host. Host B sends an acknowledgement of the SYN to Host A. The acknowledgment value increases by 1. Both the SYN and ACK fl ags are turned on, as shown in Figure 8-19. Goodheart-Willcox Publisher Figure 8-18. Header information for step 1 in the three-way handshake. Source Port Destination Port Sequence Number 0 Acknowledgement 0 Header Length Reserved URG ACK 0 PSH RST SYN 1 FIN Sliding window size Checksum Urgent Pointer Options Padding Data

Previous Page Next Page

Principles of Cybersecurity, 1st Edition Page 267 (279 of 634)

Resources and Downloads

Help