This is small notes on OSI-MODEL which goes through the fundamentals of networking and OSI model, before we begin.

why we need to understand the fundamentals of networking?

when we do network scanning most of the script kiddies skip understanding the fundamentals and straight up jump to Nmap with out understanding how these networks are working. i.e. we need to understand the OSI model.

What is the OSI model?

OPEN SYSTEM INTERCONNECTION

The OSI model is refernce mode for how applications can communicate over a network.

Why do we need to look at the OSI model ?

To understand Nmap we need to understand the flow of packets and how they are sent.

for hacking only focus on network layer and transport layer for further understanding go to depth of netoworking

What is network layer?

The Network layer is used for the transfer or flow of the packets across the network.

Protocols used in the Network layer

• IP (internet protocol) version IPv4 / IPv6 :: Specifies the format of packets and contains addressing information that enables packets to be routed.

• It provides only the functions that are necessary to deliver a packet from a source to a destination over an interconnected system and networks.

• Protocol version IPv4/IPv6

\==IPv4 Packet header==

The IPv4 protocol defines many different fields in the packet header. these fields contain binary values that the IPv4 reference as they forward packets across the network

IP Source Address - Packet source

IP Destination Address - Packet Destination

Time-to-Live (TTL) - An 8-bit value that indicates the remaining life of the Packet

Type-of-Service (ToS)- The Type-of-Serive field contains 8-bit binary vlaue that is used to determine the priority of each packet

Protocol- This 8-bit value indicates the data payload type that the packet is carrying

The Transport layer

What is transport layer

The Transport layer is used for the transffer of packets between 2 hosts for the application layer

Protocols used in transport layer

ICMP : Internet Control Message Protocol

UDP : User Datagram Protocol

TCP : Transmission Control Protocol

ICMP - Internet Control Message Protocol

It is an error reporting protocol and is used by routers, hosts, and network devices to generate error messages when there are problems delivering IP packets

• Its used to send messages

• Its used to perform network diagnostics

• ICMP is not a transport protocol that sends data between system

ICMP Headers

• The request and response pair ::

  • eg. echo request Timestamp Request

  • eg. echo response Timestamp response

UDP : User Datagram Protocol

It is used primarily for establishing low-latency connection between applications on the internet.

• It is an reliable - has no guarantee of delivery

• Its connection less - No Handshake Process

UDP Header

Source Port Selected from unused list of ports

Destination Port Selected from the static and well known ports Eg. Web server run on port 8080

TCP - transmission control protocol

TCP is a standard that defines how that defines how to establish and maintain network conversation via which application programs can exchange data.

It is very reliable and ordered

TCP headers

• source port

• Destination port

• Flags

\==Three way handshake==

What is the [[3 way handshake]] ?

a 3 way handshake is a method used in tcp/ip network to create a connection between a local-host/client and a server

TCP flag

The TCP flags are used to indicate the type of packet

• URG - urgetn

• ACK - Akcnowledge

• PSH - Push

• RST - Reset

• SYN - Synchronize

• FIN - Finish

lets look i t with diagram

1. Client initiates the connection by sending a packet to the server with the SYN flag tells the severer that the client is attempting to establish a connection

2. The server responds to client with a packet that has both ACK and SYN flags(the server acknowledges the connection)

3. The client receives the SYN , ACK flags and sends a packet with the ACK to the server( acknowledging the connection )

4. A TCP Socket connection is established