Lecture Review: RF Waves

Disclaimer:

These lecture review posts are a personal study tool. Because they are written from memory (usually) to re-enforce what I’ve learned, often at a fast speed, these posts don’t represent my true formatting/writing skill.

Radio Waves

These are electromagnetic waves. They contain a magnetic wave and an electric wave at 90 degree angles. They travel at speed of light and in all directions.

Several ways to describe waves:
1. Amplitude
2. Frequency
3. Wavelength
4. Phase (sorta)

Amplitude is the ‘height’ of the wave’s peaks.
Frequency is how many times a wave completes an up-and-down movement, returning to baseline, in a given amount of time.Wavelength is how long or short the waves are. Wavelength and amplitude have an inverse relationship.

Radio waves have to be ‘keyed’ or ‘modulated’ in order to carry data. A radio wave that has been keyed or modulated is called a carrier wave.

Radio waves can be analog or digital. Analog waves are continuous waves whereas digital waves can start and stop. Analog waves are modulated whereas digital waves are keyed.

Three modulations:
1. Phase Modulation
2. Amplitude Modulation
3. Frequency modulation

Phase Modulation changes starting point of waves where one position represents 1 and another represents 0.
Amplitude Modulation changes the height of the peaks where one height is 0 and another represents 1.
Frequency Modulation changes the wave’s frequency where a higher frequency represents 1 and a lower frequency represents 0.

FSPL stands for Free Space Path Loss. This is the natural attenuation (loss of signal) the radio wave naturally experiences as it travels.

Multipathing occurs when the same wave is bounced and reflected, creating copies, each reaching the receiver at the same time. This COULD be used to increase.

Rules of 10s and 3s.
-3dB means halve the watt value
+3dB means double the watt value-10dB means watt value becomes 1/10th of its value
+10dB means increase watt value by ten (multiply)

DON’T USE RSSI TO MEASURE SIGNAL STRENGTH!!!! It was never meant to do that! Only for internal use by the components. Further, each manufacturer can implement it differently.

Lecture Review: TCP, UDP, and ICMP

Hello people! One of the uses I have for my site is to post a recap of my school lectures here. I’m playing around with different study methods and wanted to see how well this works out. At the very least, it’ll serve as a good personal reference.

That being said, the information contained in these posts may or may not represent knowledge I already know. I.e., if we went over something basic (like OSI model), I’m still going to include it despite my familiarity with it.

Further, because I’m writing these posts from memory (as a practice to reinforce it), I am less concerned with grammar, punctuation, and formatting than with other posts.

TCP

TCP is

  • Connection-oriented
  • Unicast
  • Higher overhead
  • Corrective

It’s connection-oriented by way of the three-way handshake (SYN, SYN ACK, ACK). A connection is established first, then the data is exchanged. Delivery is ensured thanks to that connection and being able to keep track of what and how many packets were sent, and to resend what wasn’t acknowledged. All of which requires higher overhead.

You can close TCP connections with FIN or RESET (rude!).

TCP will always be in a certain state as defined in… RFC (forgot which number- doing these notes from memory).

UDP

Pretty much the exact opposite of TCP. Very little overhead. Is multicast. Used for video streaming (among others!). Fire-and-forget.

tcpdump, Datagrams, Fragmenting

The flow of data in tcpdump is denoted with > and <.

There are 0-1023 common ports. These are usually used by servers for common services. Clients can open any port, typically 1024 or above, when requesting services. The ports can be re-used and change after each connection. I.e., client-1 might open ephemeral port 31XXX when connecting to server-1:25. After that connection closes, that same 31XXX port could be opened again for a connection on server-3:22.

When viewing connections on tcpdump, especially TCP and its three-way handshake, you’ll actually see two connections in the output: client-to-server and server-to-client.

If the datagram being sent is larger than the recipient’s network’s MTU size (max is 1500 for Ethernet), datagrams have to be fragmented. In this case, each fragment gets a fragment ID so the recipient can keep everything in order. To ensure the order of the fragments, an offset counter is used after the fragment ID. Only the first fragment will have the protocol header, whereas all fragments will have the ~20byte IP header.

Teardrop attack uses mismatching offsets.

ICMP

ICMP can be helpful in troubleshooting things as well as reconnaissance.

Firewalls should be blocking incoming ICMP requests from the outside. And probably from internally, too.

Depending on what type of ICMP response you receive, that can indicate what’s going on at the target. For example, if a request comes back with host unreachable, time to move on. However if you get admin denied (thanks to ACL) or port unreachable, then that does tell you something’ sthere.

You can also use TTL to find how many hops you’re dealing with.