ICMP is commonly used with tools like Ping and Traceroute, and it can also facilitate time synchronization between network devices through ICMP Timestamp requests. Attackers often perform a Ping Sweep to identify active systems on a network by sending ping requests, although many devices block these requests by default, making this method less effective.
Tracerouting helps identify the routers that a packet passes through from one system to another, providing insights into network pathways and potential vulnerabilities. Routers function like road signs at intersections, directing packets to their destination, while traceroute measures the time each router takes in milliseconds (ms).
Both the IPv4 TTL and IPv6 Hop Limit decrease by 1 at each router; if the value reaches 0, the router discards the packet and sends an ICMP Time Exceeded message back to the sender.
To perform a traceroute on Windows:
| tracert google.com |
To conduct a traceroute on Linux (which may not be installed by default):
| traceroute google.com |
The traceroute process using these tools is straightforward:
This cycle continues, incrementing the TTL until the destination is reached.
DNS translates application names into IP addresses, allowing browsers to connect to websites like http://google.com by querying a DNS server for the corresponding IP.
Systems typically have a primary and secondary DNS server, either set manually or provided by a DHCP server. The DNS server first checks its cache for the answer, storing responses temporarily based on a TTL (Time To Live), usually around 10 minutes. If the answer isn’t cached, the server uses a recursive process to query a hierarchy of name servers until it reaches the Authoritative Name Server for resolution.
The IP address for w3schools.com appears in the “ANSWER SECTION,” showing it as 66.29.212.110 at the time of capture. The Authoritative Name Server provides the definitive answer to DNS queries, such as the IP address for google.com, which can be identified by querying the appropriate server.
To find the authoritative name server on Windows:
| nslookup -type=SOA google.com |
To find the authoritative name server on Linux:
| dig -t SOA google.com |
The DHCP protocol enables any device on a network to contact a server and obtain configuration details, such as an IP address, network range, default gateway, and DNS servers.
This simplifies the management of devices that join or leave the network. To check if you’re currently using DHCP on a Windows system, run ipconfig /all and look for “DHCP Enabled: Yes” in the output, noting that your computer may have multiple network interfaces.
A VPN is a system that allows two devices to create encrypted connections for secure communication, ensuring that network traffic is encrypted during transit. Most VPNs operate on a client-to-server architecture, enabling clients to access various services behind the VPN. Workplace-hosted VPNs often provide access to resources that are only available from within the internal network.
Some VPN services focus on user privacy and encrypt data in transit, allowing users to send network data through the VPN and effectively masking their IP addresses while browsing the Internet. While using a VPN is generally a good practice for securing network communications, caution is necessary when selecting a VPN service. Free VPN services may be harmful, as they can inspect, read, and store sensitive user data.
