Post Exploitation: Basics of Networking

Course:  Joe Perry on “Post Exploitation Hacking” at Cybrary
​
I. Ethernet Header:
•Src: Vmware_22:dd:ce (00:0c:29:22:dd:ce), Dst: Vmware_ff:1f:72 (00:50:56:ff:1f:72)
•Destination: Vmware_ff:1f:72 (00:50:56:ff:1f:72)
•Address: Vmware_ff:1f:72 (00:50:56:ff:1f:72)
•        …. ..0. …. …. …. …. = LG bit: Globally unique address (factory default)
•        …. …0 …. …. …. …. = IG bit: Individual address (unicast)

II. IP Header
•Internet Protocol Version 4, Src: 192.168.129.128 (192.168.129.128), Dst: 31.13.71.128 (31.13.71.128)
•    Version: 4    Header length: 20 bytes   
•Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
•        0000 00.. = Differentiated Services Codepoint: Default (0x00)
•        …. ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
•    Total Length: 40    Identification: 0x0364 (868)
•    Flags: 0x02 (Don’t Fragment)
•        0… …. = Reserved bit: Not set
•        .1.. …. = Don’t fragment: Set
•        ..0. …. = More fragments: Not set
•    Fragment offset: 0    Time to live: 64    Protocol: TCP (6)
•    Header checksum: 0x8eb6 [validation disabled]
•        [Good: False]
•        [Bad: False]
•    Source: 192.168.129.128 (192.168.129.128)    Destination: 31.13.71.128 (31.13.71.128)
•    [Source GeoIP: Unknown]    [Destination GeoIP: Unknown]

III. TCP header
•Transmission Control Protocol, Src Port: 44277 (44277), Dst Port: https (443), Seq: 2537, Ack: 19459, Len: 0
•Source port: 44277 (44277)    Destination port: https (443)
•Sequence number: 2537    (relative sequence number)    Acknowledgment number: 19459    (relative ack number)
•    Header length: 20 bytes
•    Flags: 0x010 (ACK)
•        000. …. …. = Reserved: Not set
•        …0 …. …. = Nonce: Not set
•        …. 0… …. = Congestion Window Reduced (CWR): Not set
•        …. .0.. …. = ECN-Echo: Not set
•        …. ..0. …. = Urgent: Not set
•        …. …1 …. = Acknowledgment: Set
•        …. …. 0… = Push: Not set
•        …. …. .0.. = Reset: Not set
•        …. …. ..0. = Syn: Not set
•        …. …. …0 = Fin: Not set
•    Window size value: 65160
•Checksum: 0xa8d0 [validation disabled]

​IV. UDP Header
•User Datagram Protocol, Src Port: db-lsp-disc (17500), Dst Port: db-lsp-disc (17500)
•    Source port: db-lsp-disc (17500)
•    Destination port: db-lsp-disc (17500)
•    Length: 122
•    Checksum: 0x5b02 [validation disabled]
•        [Good Checksum: False]
•        [Bad Checksum: False]