The Art of Capturing TCP Handshake


As a information security geek, leaning wireshark is the key to perform day to day operations in today's world. Wireshark allows to analyze a protocol or debug a network. What we learn in the theory, it has the capability to verify by seeing the actual traffic being transmitted in the wire.

Today, in this tutorial, we will not just learn what is a TCP handshake but we will be capturing a TCP handshake via Wireshark.

So What is TCP?

TCP stands for transmission control protocol which is used for sending data over the internet.

And what is a TCP handshake?

 
As you can see in the image, there are two hosts, Tim and Lee. So TCP handshake works in a way that if Tim wants to talk to Lee, Tim will first send a SYN(hello) packet to LEE, if LEE is interested in talking back, LEE will return a SYN ACK packet to TIM. TIM will finally return a ACK (acknowledgment) packet, meaning a conversation can be started after a successful TCP handshake has occurred.

We learnt what is TCP handshake, now how to see it via Wireshark?

1- Open wireshark and select a interface from where all your traffic is flowing.

2-You will see that there is humongous amount of packets coming in and from your interface. You will need to filter out some protocols in order to minimize the impact of the packets. To do this, we use !(quic) in the header. You may add other protocols also

3- After this you need to find the handshake. I noticed that tcp [syn,ack] packets were greyed out. As a information security geek, leaning wireshark is the key to perform day to day operations in today's world. Wireshark allows to analyze a protocol or debug a network. What we learn in the theory, it has the capability to verify by seeing the actual traffic being transmitted in the wire.



 
Right click on the selected packet, click follow and tcp stream. Bang, you will now able to see the whole encrypted conversation after the tcp handshake.



As I told earlier that the actual conversation will start after the third ACK packet and you can clearly see that.

There are some more useful Wireshark filters which i would love to share it with you.

1- ip.addr == 10.0.0.1

Sets a filter for any packet with 10.0.0.1, as either the source or dest

2. ip.addr==10.0.0.1 && ip.addr==10.0.0.2
sets a conversation filter between the two defined IP addresses

3. http or dns
 
sets a filter to display all http and dns
4. tcp.port==4000
 
sets a filter for any TCP packet with 4000 as a source or dest port
5. tcp.flags.reset==1
 
displays all TCP resets
6. http.request
 
displays all HTTP GET requests
7. tcp contains traffic 
displays all TCP packets that contain the word ‘traffic’. Excellent when searching on a specific string or user ID
8. !(arp or icmp or dns)
 
Masks out arp, icmp, dns, or whatever other protocols may be background noise. Allowing you to focus on the traffic of interest
9. udp contains 33:27:58
sets a filter for the HEX values of 0x33 0x27 0x58 at any offset

10. tcp.analysis.retransmission
 
displays all retransmissions in the trace. Helps when tracking down slow application performance and packet loss.

This Article is being published with the help of DevOps Engineer "Sameed Shoaib"




Creating an Automated Bot Using Python and Telegram (Part 2)

In Part-1, We learn from very beginning that how to create a bot using Telegram and python-telegram-bot,

In this tutorial, we will code a simple bot that will reply with the same message that you will send to the bot. we can simply name it as a "auto-reply" bot.


 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
#!/usr/bin/env python
import telegram
from telegram.error import NetworkError, Unauthorized
from time import sleep

update_id = None

def main():
    global update_id
    bot = telegram.Bot('TOKEN')
    echo(bot)

def echo(bot):

    global update_id
    for update in bot.get_updates(offset=update_id, timeout=10):
        update_id = update.update_id + 1

        if update.message:  # your bot can receive updates without messages
            # Reply to the message
            update.message.reply_text(update.message.text)

if __name__ == '__main__':
main() 

Some Other Techniques for Making Interesting Bot
  • Like you can use any API that is taking some parameters and returning you the specific response, get the response make as you want and you can use it with a telegram bot. 



  • What i have done is that i have explored an API that takes mathematical sums and returns the answer, i create a simple telegram bot named as MathsMagic Bot, after then i take input from the user through that bot, passes the input to that API and show the response to the user. Same approach can be applied to Cryptocurrency rates and other useful things.
  • Another idea was to create an Image Analytics Bot, that takes an image from the user, pass that image to API or tool that will perform analysis on it and gives back the result, Post the result as output to that bot.
This is how you can use Telegram bot with multiple APIs and tools and create your own interesting Bot. Go for it and wait for the third tutorial in which we will explore the Telegram Bot further and see its other features also like creating a menu inside your bot and creating a group based Bot and manymore.


Docker Containers All Around

Well, when we talk about Operating System level virtualization, we refer to it as containerization. A feature in OS Kernel which allows user to create multiple independent instances termed as containers. Docker is an open-source computer program that performs operating-system-level virtualization also known as containerization.

Docker Official Logo

Container and VMs

Build, Ship and execute distributed applications on every platform using Dockers is now becoming an essential part for Developers, Sys-Admins and DevOps. It is different from Virtual Machine, because rather than creating a separate whole virtual operating system, it allows applications to utilize the same Linux kernel as the system that they’re running on and it just needs applications be shipped with things not already running on the host computer.

Docker Container vs VM

Containers to the rescue

Multiple features of containers make it easy to use and understand
Light-Weight and Fast: Docker containers consumes fewer resources. They are very lightweight and fast. One create and run a Docker container in few seconds, compared to VMs which takes longer because they have to boot up a full virtual operating system every time.
DockerHub: It is a cloud-based registry service which allows you to link to code repositories, build your images and test them, stores manually pushed images, and links to Docker Cloud so you can deploy images to your hosts.
Easy to use: Evolution of dockers make it very easy for the developers and sysadmins to build their code, execute it in multiple environments with few things to setup. Furthermore it is also helping QA persons to test their builds using multiple containers.

Wide Area of Applications


Docker Applications

Docker can be used and merged with multiple CI/CD tools like Jenkins, Circle CI. it can also be used for making server stress tester, load testing on certain server with certain number of requests.
Wide application of docker in increasing and it becoming a necessary tool for developers, sysadmins and QA professionals.


Follow:

Blogger Templates Created by CodeYour