Securing Protocol Layers   «Prev  Next»

Lesson 8 TCP/IP packet construction
Objective OSI model and how packets are sent across Internet.

TCP-IP Packet Construction

We will now describe the OSI model and how packets are sent across the Internet. Information sent across the internet must be bundled into packets. The OSI model determines exactly how a network constructs packets to be sent across the Internet. This model also determines which portions of the TCP/IP model match which level of the operating system.

What is packet sniffing during data transmission

Packet sniffing[1], also known as network snooping or packet capture, is the process of intercepting and analyzing data packets that are transmitted over a network. This can be done using specialized software or hardware tools, such as packet sniffers.
During data transmission, packets of information are sent from one device to another over a network. Packet sniffing allows a person to intercept and read these packets of data, potentially exposing sensitive information such as login credentials, personal information, or financial data.Packet sniffing can be used for both malicious and legitimate purposes. For example, a network administrator may use a packet sniffer to troubleshoot network issues or to monitor network traffic for security purposes. On the other hand, a hacker could use a packet sniffer to intercept sensitive information and use it for identity theft or other malicious activities.
To avoid these kinds of activities it is recommended to use an encryption protocol like SSL/TLS, SSH or VPN when you transmit sensitive data over a network, as well as monitoring your network frequently and keep your system up to date.
Guide to Network Security


The fact that devices operate at different levels is especially important to remember when dealing with routers. A router is concerned only with directing packets from one computer to the appropriate location in a receiving computer. A router must understand the packet's structure only as far as the network layer is concerned.

IP datagrams

Because a router is restricted from other levels of the network, it is especially well suited for packet filtering. Packets are created using an encapsulation process, as shown in the SlideShow below.

IP Datagrams
The program request or response becomes the data section for a TCP or UDP packet. This entire packet, including the header information, in turn, becomes the data portion of an IP packet. Controlling this process through routers and firewalls yields a high degree of security and is important to both firewalls and Virtual Private Networks[2].

Hacker bypassing

The encapsulation process allows modification of specific layers of the TCP/IP protocol stack. For example, a hacker may route a virus through an unused router of your network directly bypassing a company's application gateways. The virus would reside in the stack's application layer and would not be detected by the router because the router looks only at the Internet layer.

Security for TCP/IP

In order to best protect a network, security issues should be individually addressed for all layers of the TCP/IP protocol stack.

[1]Packet sniffing: the activity in which a hacker can intercept and read datagram packets, is common.
[2](VPN) Virtual Private Network: An extended local area network (LAN) that enables an organization to conduct secure, real-time communication.