Re: Nmap questions concering my router
From: Moe Trin (ibuprofin_at_painkiller.example.tld)
Date: 08/17/05
- Next message: Frankster: "Re: Defeating Firewalls: Sneaking Into Office Computers From Home"
- Previous message: Glen McLean: "Re: Version 6"
- In reply to: Nicky: "Re: Nmap questions concering my router"
- Next in thread: Walter Roberson: "Re: Nmap questions concering my router"
- Reply: Walter Roberson: "Re: Nmap questions concering my router"
- Reply: Nicky: "Re: Nmap questions concering my router"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 16 Aug 2005 19:35:20 -0500
In the Usenet newsgroup comp.security.firewalls, in article
<1124196720.507846.239210@f14g2000cwb.googlegroups.com>, Nicky wrote:
>my computer's ip address is now 10.0.0.1
>But what does this really mean?
>Can computers have ip addresses? I think not.
No, but it is difficult for people to separate the concept. If a computer
has only one interface (rare), the discussion is not important. The problem
occurs when the computer has two (or more) interfaces. The interface has
the address, not the computer.
>a) What i do think is that the ip address 10.0.0.1 is a number actually
>assigned to my ethernet interface and not the computer itself. is this
>correct?
Correct. Computers have hostnames (which almost always translates to an
IP address) but those with more than one interface have more than one name.
Is your computer "localhost.localdomain"? Yes - that's true of all
computers. This computer (compton) has a second interface on the ethernet,
and to avoid confusion, that unique name is what the computer thinks of
itself as others would think of it. But in it's heart, it knows it is
really called 'localhost.localdomain' but only uses that name when it is
talking to itself.
>But as you said whatever comes to that ip address is then deliverd to
>the "network stack"(i dont really kno what this is) and then finally
>reach the desired application and port. I hope i understand it right.
Your computer can have many applications - even multiple copies of the same
applications running at the same time. These applications can be thought of
as having a chunk of space in the computer much like a hotel room. When
you want to get something from outside (the library, or the food store),
you give a request to the bell-boy, or chambermaid - who takes the request
to the front desk, where it gets sent by messenger to that library, or food
store. The "message" might be to send this book, or that fruit to Nicky...
who is in the Metropole Hotel, in room 1234. Now, the messenger that the
hotel had sent has disappeared, so the library or food store hands the book
or fruit to another messenger with instructions to "take this to the Metropole
Hotel". When it reaches there, the staff look in the package and see that
the book or fruit inside has 'room 1234' on the label), so they give it to
a bell boy or chambermaid to take to room 1234 and deliver it.
>But then i am still getting confused with having so many ip addreses
>and interfaces.
>Ill give an example.
>
>Lets assume that my pc has 3 ethernet interfaces(3 ethernet cards this
>is) directly connected to my router, which i dont set up a NAT yet.
OK - one hotel, but with three doors to the street, one at address 121, one
at address 135, and a third at address 178. Don't forget that this is a
large hotels, with 65536 guest rooms.
>Now lets suppose thats someone sends data to my my routers, meaning my
>router is receiving an incoming http connection request from a remote
>host.
What address does the package have? Is it addressed to the router? But
no one lives or works there. Send a message to who ever sent the package
that their package could not be delivered, because the address is wrong.
(ICMP Type 3, Code 3 "Port Unreachable")
Is the package addressed to the Hotel? Which street address?
>b) Where will the router send this request to? eth0, eth1 or eth2
Which IP address is the packet addressed to?
>and why?
The router does not know that the three addresses reach the same hotel. It
only knows to deliver the packet to the interface address.
>Does it send them to all interfaces(cards) simultaneously because he is
>directly connected to them?
No, it only goes to the interface that matches the address. The router does
not know (or care) what computer is hiding behind the address.
>If this is the case what happens then? All the cards puts the same info
>on the motherboards data bus? So when my web server is receiving them
>it gets 3 imes the same http connection request?
Was the package addressed to 'Nicky" or "Nikos" or "Nickos"? They might
be the same person or computer, but they are different names - only the
one that matches will get the package.
>c) Another question is why does the router has to have 2 interfaces and
>not just 1 the external that we pay for?
To separate the traffic. Mainly for security reasons, but also because a
given network segment (the wire itself) can only have so many systems
connected before there are to many people talking (trying to talk) on the
same telephone at the same time.
>I beleive that its the routers job to interconnect 2 networks,
Yes
>so when some data from my localhost wants to reach a remote host, my eth0
>(10.0.0.1) should first reach the routers internal ip address(10.0.0.138)
Yes, BUT the packet does not get _addressed_ to the router. The address
10.0.0.138 never appears in/on the packet, because that is not the final
destination. Your computer needs to send a packet to the Dai-ichi Hotel
in Tokyo. It looks at the routing table, and finds that it knows how to
send packets to itself, perhaps other computers on the local LAN (and that
includes the router), and another address called a 'default route'. The
idea of a default route is that if you don't know where to send a packet,
you hand the packet to this gateway (in this case, the router), and hope
that it knows what to do with it. But this is the network stack concept -
the packet is addressed to "Dai-ichi.Hotel.Tokyo" with the correct IP
address and all that. But your computer knows the HARDWARE address of the
router (or uses the ARP protocol to find it), and the addresses of the
packet ON THE WIRE are the hardware address of the destination (the router),
and the MAC address of the interface that is sending it. When this packet
reaches the router, these addresses are thrown away because they are now of
no further use. The router looks at the destination IP address, and
discovers it is "Dai-ichi.Hotel.Tokyo". But it can't reach "Tokyo", so it
looks at it's own routing table, and finds the default route is to send it
to the Hellinikon airport at Athens. So it creates a new wrapper around the
IP packet with a destination address of the HARDWARE address of the Hellinikon
Airport, and a source address of the interface that it has that is on the
same road as the airport. When the packet reaches the airport, this wrapper
is thrown away, and someone there looks at the destination IP address - it's
going to "Tokyo", and they put it on the plane going to (perhaps) Singapore.
The people there look at the destination address, and put it on the plane
to Tokyo Narita, and ...
Notice - all along this route, the IP packet was addressed to the
"Dai-ichi.Hotel.Tokyo". It just got put into a basket (a packet on the
wire), and carried from "here" to some intermediate stop along the way. When
it got "there", the basket was thrown away, and the packet put into a new
basket (on another "wire" going some where else), and carried to the next
stop. At no point was your packet ever addressed to this or that airport,
because that was not the final destination. The slaves who were carrying
this packet - they don't care where it is going to end up, as their job is
only to deliver it to the other end of the wire, or street, or plane ride.
>and then the router's internal will forward the data to the external one
>to get to the internet and finally reach the remote host. assuming that
>the destination ip address of the tcp packet is an ip address out of my
>local lan.
Yes
>If the router sees, by checking the packet's header, that the dest ip is
>a pc insdie the local lan for example 10.0.0.2 then the data packer will
>never reach the routers external interface but will be forwarded from the
>internal ip address of the router to 10.0.0.2
Yes. Your router MAY ALSO look at the packet and think "Why is this idiot
sending a packet from 10.0.0.1 to 10.0.0.2 and giving it to _me_ to deliver?"
It knows that to talk to 10.0.0.1 or 10.0.0.2, it uses the same interface on
the router, and that means that the two are on the same wire and you _should_
have sent the packet directly, rather than bothering the router. The router
should send the packet to 10.0.0.2, AND MAYBE send an error message (ICMP
Type 5 Code 1) back to 10.0.0.1 telling it to fix it's routing table. This
type of message has been abused so much (Denial Of Service attack) that most
operating systems ignore the message, but it may get into the logs, telling
you that you have an error in your setup.
>Did i got it right or am i mistaken?!
Right idea.
>Sorry for my too many question but i jsut want to make sure that i have
>understand those concepts cause they are crucial.
You should try to download a copy of the "Linux Network Administrator's
Guide" from the Linux Documentation Project.
http://tldp.org/guides.html
http://ibiblio.org/pub/linux/docs/linux-doc-project/
The one you are looking for is the 'nag2' which is the Second Edition. There
is also a "network-guide" which is the older First Edition.
Old guy
- Next message: Frankster: "Re: Defeating Firewalls: Sneaking Into Office Computers From Home"
- Previous message: Glen McLean: "Re: Version 6"
- In reply to: Nicky: "Re: Nmap questions concering my router"
- Next in thread: Walter Roberson: "Re: Nmap questions concering my router"
- Reply: Walter Roberson: "Re: Nmap questions concering my router"
- Reply: Nicky: "Re: Nmap questions concering my router"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
