ifconfig on kali
ipconfig on windows
inet decimal (32 bits, 4.3 billions possible adresses)
inet6 hexadecimal (128 bits)
layer 3 protocols: routing
https://miro.medium.com/v2/resize:fit:734/1\*abP7qhSLHYJxA04VTxcXcw.png
192.168 is a private ip address (class c), 0 to 255 for the 3rd and fourth chunks, 254 possible hosts
10.0.0.0 class a, for big businesses, 16,6 million possible hosts
172.16 to 172.31 class b, 65k possible hosts
localhost 127.0.0.0
physical addresses
layer 2: switching
media access control
windows
command invit
ipconfig /all
84:4B:F5 -> foxconn
https://aruljohn.com/mac/844BF5
tcp: transmission control protocol
three-way handshake to connect to a port: syn > syn ack > ack
wireshark to monitor traffic
443 is a webpage
udp: user datagram protocol (streaming) https://en.wikipedia.org/wiki/User_Datagram_Protocol
tcp
- ftp 21
- ssh 22 (encripted login)
- telnet 23 (log remotely)
- smtp 25
- dns 53 (domain name system)
- http 80
- https 443
- pop3 110
- smb 139 + 445 (most common: file shares, WannaCry ransomware attack https://en.wikipedia.org/wiki/WannaCry_ransomware_attack)
- imap 143
udp
- dns 53
- dhcp 67, 68 (random/static ip address when you surf the internet)
- tftp 69 (trivial ftp)
- snmp 161
- Layer 1 - Please - Physical layer: data cables, cat6
- Layer 2 - Do - Data layer: switching, MAC addresses
- Layer 3 - Not - Network layer: IP addresses, routing
- Layer 4 - Throw - Transport layer: TCP/UDP
- Layer 5 - Sausage - Session layer: session management
- Layer 6 - Pizza - Presentation layer: jpgeg, mov
- Layer 7 - Away - Application layer: http, smtp
troubleshoot at helpdesk: always start from layer 1 down to 7 (is the cable pluged in?)
https://ipcisco.com/subnetting-cheat-sheet/
subnet number of possibilities of the bits to be flipped on
- 8: 255.0.0.0
- 16: 255.255.0.0
- 24: 255.255.255.0
subnet mask can be guessed according to the number of bits which are flipped on
pentestiing: knowing in advance how many devices you're possibly in front of
- /24 small businesses (254 possible hosts)
- /16 bigger companies
example:
- 192.168.1.0/24
- subnet: 255.255.255.0
- network ip: often the first address available 192.168.1.0
- broadcast is often the last one: 192.168.1.255
- range available to us is in between (254 hosts)
- 192.168.1.0/28
- subnet: 255.255.255.240
- network ip: often the first address available 192.168.1.0
- broadcast is often the last one: 192.168.1.15
- range available to us is in between (14 hosts)
- 192.168.1.16/28 (subnets for each type of devices within the company)
- subnet: 255.255.255.240
- network ip: often the first address available 192.168.1.16
- broadcast is often the last one: 192.168.1.31
- range available to us is in between (14 hosts)
- 192.168.1.0/23
- subnet: 255.255.254.0
- network ip: often the first address available 192.168.0.0
- broadcast is often the last one: 192.168.1.255
- 2 ranges available to us is in between (510 hosts)
- 192.168.0.0/22
- subnet: 255.255.252.0
- network ip: often the first address available 192.168.0.0
- broadcast is often the last one: 192.168.3.255
- 4 ranges available to us is in between (1022 hosts)
- 192.168.1.0/26
- subnet: 255.255.255.192
- network ip: often the first address available 192.168.1.0
- broadcast is often the last one: 192.168.1.63
- 2 ranges available to us is in between (62 hosts)
- 192.168.1.0/27
- subnet: 255.255.255.224
- network ip: often the first address available 192.168.1.0
- broadcast is often the last one: 192.168.1.31
- 2 ranges available to us is in between (30 hosts)
we could create a second subnet starting at 192.168.1.32/27 (8 different segments could be made)
remember: if the last number grows, you're dealing with less possible hosts
https://www.ipaddressguide.com/cidr, enter 192.168.1.0/23 to check the possible ranges