En este laboratorio se usó WireShark 3.2.8 para capturar los paquetes dirigidos hacia el host que estoy usando y verificarlo con la descarga desde un servidor de una página web.
1 - Captura de datos desde la interface Wifi.
2 - Identificamos la petición de la página en el browser.
Hay que tener en cuenta que es una conexión segura
3 - Identificamos la petición desde wireshark
Cuestionario:
Listemos 5.
- TCP
- HTTP
- SSDP
- TLSv1
- IGMPv2
- 0.155 ms
Cuál es la dirección de su computador?
- 128.119.245.12
- 192.168.100.55
4) Imprimir los paquetes HTTP GET and HTTP OK
Debido a que el documento es de 2005 se trabajaba solamente con el protocolo HTTP ahora por los problemas de seguridad y para evitar la inyección de scripts la página tiene conexión segura HTTPS
por lo que los paquetes HTTP GET y HTTP OK no aparecen cuando se filtran por HTTP
El número de paquete de petición comunicado exitosamente para la sincronización es el # 1892
Y si filtramos por HTTP y buscamos el número de ID de paquete tenemos que no se encuentra sino la comunicación con el servidor local de donde se encuentra @medellín, la cual lastimosamente aún tiene esta vulnerabilidad.
Por tanto solo voy a mostrar los paquetes de la primer comunicación.
Frame 1892: 66 bytes on wire (528 bits), 66 bytes captured (528 bits)
Encapsulation type: Ethernet (1)
Arrival Time: Nov 7, 2020 14:03:59.369472000 SA Pacific Standard Time
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1604775839.369472000 seconds
[Time delta from previous captured frame: 0.000816000 seconds]
[Time delta from previous displayed frame: 0.000000000 seconds]
[Time since reference or first frame: 25.112062000 seconds]
Frame Number: 1892
Frame Length: 66 bytes (528 bits)
Capture Length: 66 bytes (528 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ethertype:ip:tcp]
[Coloring Rule Name: TCP SYN/FIN]
[Coloring Rule String: tcp.flags & 0x02 || tcp.flags.fin == 1]
Ethernet II, Src: Tp-LinkT_1c:1a:19 (18:d6:c7:1c:1a:19), Dst: sky.teste (a8:d3:f7:1a:3d:24)
Destination: sky.teste (a8:d3:f7:1a:3d:24)
Address: sky.teste (a8:d3:f7:1a:3d:24)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Source: Tp-LinkT_1c:1a:19 (18:d6:c7:1c:1a:19)
Address: Tp-LinkT_1c:1a:19 (18:d6:c7:1c:1a:19)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 192.168.100.55 (192.168.100.55), Dst: gaia.cs.umass.edu (128.119.245.12)
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
Total Length: 52
Identification: 0x5224 (21028)
Flags: 0x4000, Don't fragment
Fragment offset: 0
Time to live: 128
Protocol: TCP (6)
Header checksum: 0x0e3c [validation disabled]
[Header checksum status: Unverified]
Source: 192.168.100.55 (192.168.100.55)
Destination: gaia.cs.umass.edu (128.119.245.12)
Transmission Control Protocol, Src Port: 53184 (53184), Dst Port: https (443), Seq: 0, Len: 0
Source Port: 53184 (53184)
Destination Port: https (443)
[Stream index: 33]
[TCP Segment Len: 0]
Sequence number: 0 (relative sequence number)
Sequence number (raw): 1320628599
[Next sequence number: 1 (relative sequence number)]
Acknowledgment number: 0
Acknowledgment number (raw): 0
1000 .... = Header Length: 32 bytes (8)
Flags: 0x002 (SYN)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...0 .... = Acknowledgment: Not set
.... .... 0... = Push: Not set
.... .... .0.. = Reset: Not set
.... .... ..1. = Syn: Set
.... .... ...0 = Fin: Not set
[TCP Flags: ··········S·]
Window size value: 64240
[Calculated window size: 64240]
Checksum: 0x8811 [unverified]
[Checksum Status: Unverified]
Urgent pointer: 0
Options: (12 bytes), Maximum segment size, No-Operation (NOP), Window scale, No-Operation (NOP), No-Operation (NOP), SACK permitted
TCP Option - Maximum segment size: 1460 bytes
TCP Option - No-Operation (NOP)
TCP Option - Window scale: 8 (multiply by 256)
TCP Option - No-Operation (NOP)
TCP Option - No-Operation (NOP)
TCP Option - SACK permitted
[Timestamps]
[Time since first frame in this TCP stream: 0.000000000 seconds]
[Time since previous frame in this TCP stream: 0.000000000 seconds]
Frame 1910: 66 bytes on wire (528 bits), 66 bytes captured (528 bits)
Encapsulation type: Ethernet (1)
Arrival Time: Nov 7, 2020 14:03:59.524973000 SA Pacific Standard Time
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1604775839.524973000 seconds
[Time delta from previous captured frame: 0.007967000 seconds]
[Time delta from previous displayed frame: 0.155501000 seconds]
[Time since reference or first frame: 25.267563000 seconds]
Frame Number: 1910
Frame Length: 66 bytes (528 bits)
Capture Length: 66 bytes (528 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ethertype:ip:tcp]
[Coloring Rule Name: TCP SYN/FIN]
[Coloring Rule String: tcp.flags & 0x02 || tcp.flags.fin == 1]
Ethernet II, Src: sky.teste (a8:d3:f7:1a:3d:24), Dst: Tp-LinkT_1c:1a:19 (18:d6:c7:1c:1a:19)
Destination: Tp-LinkT_1c:1a:19 (18:d6:c7:1c:1a:19)
Address: Tp-LinkT_1c:1a:19 (18:d6:c7:1c:1a:19)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Source: sky.teste (a8:d3:f7:1a:3d:24)
Address: sky.teste (a8:d3:f7:1a:3d:24)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: gaia.cs.umass.edu (128.119.245.12), Dst: 192.168.100.55 (192.168.100.55)
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
Total Length: 52
Identification: 0x0000 (0)
Flags: 0x4000, Don't fragment
Fragment offset: 0
Time to live: 43
Protocol: TCP (6)
Header checksum: 0xb560 [validation disabled]
[Header checksum status: Unverified]
Source: gaia.cs.umass.edu (128.119.245.12)
Destination: 192.168.100.55 (192.168.100.55)
Transmission Control Protocol, Src Port: https (443), Dst Port: 53184 (53184), Seq: 0, Ack: 1, Len: 0
Source Port: https (443)
Destination Port: 53184 (53184)
[Stream index: 33]
[TCP Segment Len: 0]
Sequence number: 0 (relative sequence number)
Sequence number (raw): 3956274693
[Next sequence number: 1 (relative sequence number)]
Acknowledgment number: 1 (relative ack number)
Acknowledgment number (raw): 1320628600
1000 .... = Header Length: 32 bytes (8)
Flags: 0x012 (SYN, ACK)
000. .... .... = Reserved: Not set
...0 .... .... = Nonce: Not set
.... 0... .... = Congestion Window Reduced (CWR): Not set
.... .0.. .... = ECN-Echo: Not set
.... ..0. .... = Urgent: Not set
.... ...1 .... = Acknowledgment: Set
.... .... 0... = Push: Not set
.... .... .0.. = Reset: Not set
.... .... ..1. = Syn: Set
.... .... ...0 = Fin: Not set
[TCP Flags: ·······A··S·]
Window size value: 29200
[Calculated window size: 29200]
Checksum: 0x2f58 [unverified]
[Checksum Status: Unverified]
Urgent pointer: 0
Options: (12 bytes), Maximum segment size, No-Operation (NOP), No-Operation (NOP), SACK permitted, No-Operation (NOP), Window scale
TCP Option - Maximum segment size: 1384 bytes
TCP Option - No-Operation (NOP)
TCP Option - No-Operation (NOP)
TCP Option - SACK permitted
TCP Option - No-Operation (NOP)
TCP Option - Window scale: 7 (multiply by 128)
[SEQ/ACK analysis]
[This is an ACK to the segment in frame: 1892]
[The RTT to ACK the segment was: 0.155501000 seconds]
[iRTT: 0.155712000 seconds]
[Timestamps]
[Time since first frame in this TCP stream: 0.155501000 seconds]
[Time since previous frame in this TCP stream: 0.155501000 seconds]
Traceroute para el servidor gaia.cs.umass.edu (128.119.245.12)
No hay comentarios.:
Publicar un comentario