NetSec Learning: Network Protocol Analysis

For folks who have been working from home all or most of the time now during the coronavirus pandemic, I believe you might receive or have gotten a couple of cybersecurity training on how to protect yourself and your company from cyberattacks, phishing emails/ calls, network security best practices, etc. During the COVID-19 pandemic, I found cybersecurity fascinating, yet not having a deep understanding of how it works. Recently, I pick up a cybersecurity term, called “Network Protocol Analysis”.

Before learning about network protocol analysis, let’s go through some basic knowledge of networking, TCP/IP, OSI, and internet communication.

Fundamentals

• Network Protocol: A system of rules that determine how data is transmitted between different devices in the same network so that the connected devices can communicate with each other.

Common Network Protocols

• Address Resolution Protocol (ARP): A communication protocol to map IP addresses to MAC addresses. It is represented in hexadecimal (12 hex digits).
• Network Architecture Model: A communication model (in stacked layers format) that provides a set of instructions for communicating data across the networks. They are just standards. There are two types of network architecture models:
  1. Transmission Control Protocol/ Internet Protocol (TCP/IP): This is a model that we use today. This architecture is made up of communication protocols at each layer and uses those protocols to establish connections for data transmission across the network.
  2. Open Systems Interconnection (OSI): It is an old theoretical model and a proven concept used in data communication protocols.

• Client Server Communication:
  1. Clients use port numbers above 1023. These ports are either semi-reserved or dynamic.
  2. Servers use port numbers below 1023 (also known as system ports). These ports are registered and allocated for servers by the Internet Assigned Numbers Authority (IANA).
• IP Address: A unique address that identifies a device on the internet or a local network.

• Domain Name Server: A device to translate a naming system into the associated IP Address (also known as the phonebook of the Internet)

What is Network Protocol Analysis?

It is an analysis and understanding of network packets (in binary format) information and transfer. Imagine you are unpacking the transmitted network data packets and identify the type of network protocol or packet content. (To me, this sounds like an anatomy of a data packet 👩‍⚕️)

How do we run a Network Protocol Analysis?

There are a few open-source network protocol analyzers, such as Wireshark, Tcpdump, and Snort. These tools are used by security and IT teams to observe, capture, and perform analysis on network data as they travel across communication channels. Those software applications help detect any potential network threats, breaches, anomalies, or malicious activity.

In the upcoming blog, we’ll talk about using one of the packet analyzers to inspect network packets 🔍