📚 Transport Layer Protocols

📚 SSH

Intro

Secure shell. Common ports: 22.

Structure

The Flow

- Wanna talk

- Ok. Let’s talk. Here is my public key. Here are the protocols that I support.

- Thanks Checks for known hosts locally. Here’s my password.

Ways to auth

1. /etc/passwd or /etc/shadow
2. RSA/DSA
3. Kerberos
4. Host-based auth (rhosts or /etc/hosts)

Attacks

Considering that malware often attempts to steal SSH keys and SSH is also susceptible to machine-in-the-middle attacks.

❓How?

📚 Syslog

Not sure yet wether it belongs to this section. It makes the most sense to put it here until I am sure.

Standard for message logging. Originated from BSD.

Router, switch, server etc generates a syslog message (originator). Puts the facility code and severity level, originator process ID, timestamp and IP/hostname. Facility codes are rudiments left from BSD and reflect the process that initiated this message. CISCO useses Local6/Local7.

Severity: 0 Emergency 1 Alert 2 Critical 3 Error 4 Warning 5 Notice 6 Informational 7 Debug

📚 TCP

This article collects the basics of TCP protocol. Its friend UDP (transport layer protocol as well) is faster but less reliable.

Segment structure

Intro

The desired prerequisite for this article is this. It’s also recommended to read about data structures. A very good book that I’ve accidenatlly stumbled upon is Brian Carrier’s File System Forensic Analysis [3]. I also strongly believe, that the best way to learn is to activate different parts of the brain. Simple reading is not enough, that’s why I’m trying to mix in pictures and emoji. Also, metaphors help and analogies which I also try to provide. But it would really help, if you installed some packet capture program (Wireshark is an example), opened some network interface and observed the stuff I’m talking about yourself.