Chapter 1 Introduction
The protocols of the TCP/IP protocol suite enable analysts to send and receive data over computer networks. There are billions of IP devices on the Internet, and they all use the TCP/IP protocol suite.
The TCP/IP protocol suite is not perfect. In fact, TCP/IP has several security flaws inherent in the protocol designs and implementations. Many have been patched, and various work-arounds have been implemented, but some remain. Attackers can exploit these security flaws to perform various network attacks. Therefore, a security analyst must understand how TCP/IP was designed to work in order to recognize these threats and to detect malicious behavior. A common task for a security analyst is performing packet-level analysis of IP traffic to detect abnormal behaviors.
To fully understand the TCP/IP protocol suite and associated terminology that is used in the IT industry, the security analyst must understand both the TCP/IP Model and the OSI Model. These models are useful for describing how data is transmitted over a network. In this section, you will learn about both of those models. You will also learn the roles of several important protocols in the TCP/IP suite and how they work together to provide network communications. You will first learn the roles and operation of TCP and IP, the two primary protocols used in network communications. Next, you will learn about the two protocols ARP and DHCP, which are extremely important in mapping addresses in multiaccess networks. You will even learn about the basics of DNS and the essential mapping service that it provides to facilitate network communications. In addition, you’ll learn how to use ICMP to test network connectivity. After gaining an understanding of these important TCP/IP protocols, you’ll be ready to start learning how to use tools to view and analyze TCP/IP traffic. This section provides an introduction to two such tools, tcpdump and Wireshark.