🐧
Hassan Saad
  • WHO AM I ?
  • Red Teaming
    • C2 Infrastructure
    • External Reconnaissance
    • Initial Compromise
      • Executable File (EXE)
      • HTML Application (HTA)
      • Visual Basic (VBA Macros)
      • Password Spraying
      • MITM Attack
      • Email Spoofing
    • Host Reconnaissance
      • Seatbelt
      • Screenshots & Keylogging
    • Host Persistence
      • Task Scheduler
      • Startup Folder
      • Registry AutoRun
      • COM Hijacking
    • Host Privilege Escalation
      • Automated Tools
      • Unquoted Service Path
      • Weak Service Permission
      • Weak Service Binary
      • Always Install Elevated
      • UAC Bypass
    • Domain Reconnaissance
      • PowerView
      • BloodHound
      • Linux Host
      • Internal Applications
    • Lateral Movement
      • PowerShell Remoting
      • PsExec
      • WMI
      • DCOM
    • Credentials Access
      • LogonPasswords
      • Security Account Manager (SAM)
      • Domain Cached Creds
      • Kerberos Tickets
      • DPAPI
      • User Impersonation
      • Pass The Hash
      • Over Pass The Hash
      • Internal Password Spraying
      • Sniffing
      • NTLM Relay
    • Pivoting & Forwarding
      • SOCKS Proxy
      • Reverse Port Forwards
      • Local Port Forwards
      • Session Passing
      • P2P Listeners
      • NTLM Relay
    • Kerberos
      • Authentication
      • Kerberoasting
      • ASREP-Roasting
      • Unconstrained Delegation
      • Constrained Delegation
      • Linux Credential Cache
    • Group Policy
      • Enumeration
      • RSAT (GPMC)
      • Sharp GPO Abuse
    • Access Control Lists (DACL)
      • GenericAll
      • WriteDacl
      • WriteOwner
    • MS SQL Servers
      • Enumeration
      • NetNTLM Capture
      • Command Execution
      • Lateral Movement
      • Privilege Escalation
    • Domain Dominance
      • DCSync Backdoor
      • AdminSDHolder
      • Remote Registry Backdoor
      • Skeleton Key
      • Silver Ticket
      • Golden Ticket
    • Forest & Domain Trusts
      • Parent/Child
      • One Way (Inbound)
      • One Way (Outbound)
    • Evasion Techniques
      • Obfuscation
      • Process Injection
      • LAPS
      • AppLocker
      • PowerShell Constrained Mode
      • AMSI
      • Antivirus Exclusion
  • Penetration Testing
    • Information Gathering
    • Scanning
    • Exploitation
    • Post Exploitation
    • Password Attacks
    • Web Attacks
    • Exploit Development
  • Technology Essentials
    • Linux
      • Basics
      • Tasks
    • Windows
      • Basics
      • Tasks
    • Network
      • Basics
      • Tasks
    • Programming
      • Basics
      • Tasks
  • Bug Hunting
    • XSS on Nokia
    • XSS on Wuzzuf
    • Business Logic Flaw on Souq (Amazon Company)
    • Rate Limit Bypass on LinkedIn
    • Sensitive Data Exposure on Google
  • Tools
    • Recon Hunter
    • Mail Hunter
    • Mobile Hunter
    • Chimera (Threat Hunter)
  • Extras
    • SQL Injection
    • Web Basics
    • Mobile Testing
      • Mobile Testing 1
      • Mobile Testing 2
      • Mobile Testing 3
Powered by GitBook
On this page
  • How Internet Works
  • From Ethernet To Google.com
  • Wireshark Filters
  1. Technology Essentials
  2. Network

Tasks

PreviousBasicsNextProgramming

Last updated 2 years ago

How Internet Works

Internal Network

  1. The packet goes from device 44:55:66 to the switch.

  2. The switch will extract from layer 2 the mac address.

  3. The switch will check its CAM table and forward the packet to Device dd:ee:ff.

External Network

  1. The packet goes from device 44:55:66 to the switch.

  2. The switch will extract from layer 2 the mac address.

  3. The switch will check its CAM table and forward the packet to the router.

  4. The router will extract from layer 3 the destination IP address.

  5. The router will check its routing table and forward the packet to the next node.

  6. The packet now has the source IP of the router's external IP.

  7. Now the routing process will take place until arrived at the final node before the destination.

  8. The final node will extract from layer 3 the destination IP address.

  9. The router will check its routing table and forward the packet to the final node (destination).

  10. The destination will receive the packet and extract from it the source IP and the data.

From Ethernet To Google.com

  1. DHCP Discover.

  2. DHCP Offer.

  3. DHCP Request.

  4. DHCP ACK.

  5. ARP broadcast looking for the default gateway.

  6. ARP unicast reply providing the MAC address of the gateway.

  7. DNS A (IPv4) forward lookup query for google.com

  8. DNS AAAA (IPv6) forward lookup query for google.com

  9. DNS A response received.

  10. DNS AAAA response received.

  11. A 3-way handshake with port 80 on google.com

  12. Initial protocol negotiation in HTTP, GET request sent.

Wireshark Filters

ip.addr == x.x.x.x
ip.src == x.x.x.x && ip.dst == x.x.x.x
http or dns
tcp.port == xxx
udp.port == xxx
tcp contains xx8x
tcp.stream eq X
http.request && tcp
!(arp or icmp or dns)
dns.resp.name
dns && !dns.resp.name
1KB
From-Ethernet-To-Google.rar
From Ethernet To Google.com (Password: hsaad.gitbook.io)