Title: NIOC Maryland Advanced Computer Network Operations Course

Release Date: 2015-01-17

Document Date: 2012-04-18

Description: This April 2012 training presentation produced by Navy Information Operations Command Maryland states that “the next major conflict will start in cyberspace”: see the Der Spiegel article The Digital Arms Race: NSA Preps America for Future Battle, 17 January 2015.

Document: NIOC MARYLAND ADVANCED COMPUTER
NETWORK OPERATIONS COURSE

Coordinated by

-- NAVIOCOM Maryland

Center of Excellence for Non-Kinetic Options —

1

SECRET//REL TO USA, /

Title

• Content

-- NAVIOCOM Maryland

SECRET//REL TO USA, /

Center of Excellence for Non-Kinetic Options

lUS, CAN, GBR, NZL

SECRET//REL TO USA, AUS, CAN, GBR, NZL

,£RATjOty

WHY ARE WE TEACHING THIS?

• 5 Pillars of IO:

- OPSEC

- MILDEC

- MiSO

- EW

- CNO

• The next major conflict will start in cyberspace

- Whether we recognize the signs is another matter

- Recent conflicts have already shown the importance of CNO (Russia/Georgia)

- Think China will make a move on Taiwan without bringing down their communications
networks?

• As IW officers (or IDC) - we are expected to know and understand
CNO and communicate with decision makers

• Recently announced plans from Command in Chief and Pentagon
officials emphasize cyber space operations

• Basic 1810/IDC quals are a good foundation, but CO/XO want you to
know more about CNO

— NAVIOCOM Maryland ---- Center of Excellence for Non-Kinetic Options —

3

SECRET//REL TO USA, AUS, CAN, GBR, NZL

SECRET//REL TO USA, AUS, CAN, GBR, NZL

Course Overview

Wednesday, April 11th
Location: 0PS2B
2B4118-1

Time

0730-0900

0900-1000

1000-1100

1100-1200

1200-1300

1300-1400

1430-1500

Topic

CNO Intro/ TAO Overview

Analysis

EAO

Lunch

lOD/Scanning

DNT

TAO Brief/Tour

Briefer

— NAVIOCOM Maryland ---- Center of Excellence for Non-Kinetic Options —

4

SECRET//REL TO USA, AUS, CAN, GBR, NZL

SECRET//REL TO USA, AUS, CAN, GBR, NZL

Course Overview

Thursday, April 12th
Location: 0PS2B 2B4118-
3

Time

0800-0900

0900-1000

1000-1030

1030-1100

1100-1130

1130-1300

— MAWOOMM Maryland
1400-1530

Topic

CND Intro/Threat Brief

Red Team Brief

Blue Team Brief

JCMA Brief

Hunt Brief
Lunch

Briefer

CTN2

Tutelage Brief

Center of Excellence

SECF E T/mnitSfAVEIiaSi A US. CAN, GBR, NZL

SECRET//REL TO USA, AUS, CAN, GBR, NZL

Course Overview

Friday, April 13 th
Location: 0PS2B
2B4118-3

Time Topic
0800-0900 POD
0900-1000 OCO
1000-1100 Legal Authorities
1100-1200 Lunch
1200-1400 PKC/PKI (Asymmetric Encryption)
1400-1430 Debrief/Discussion

Briefer

NAVIOCOM Maryland

Center of Excellence for Non-Kinetic Options —

SECRET//REL TO USA, AUS, CAN, GBR, NZL

6

Class I

USCYBERCOM LOO

CND

CNA

CNE

Human-enabled

-Proximal Access
-Physical Interdiction
-Multi-Staged

FLTCYBERCOM/C10F

U.S. FLEET CYBER COMMAND/U.S. TENTH FLEET +**

DoD Global Information Grid Operations (DGO)

Pillars of Information Assurance
Confidentiality
Integrity
Availability
Non-Repudiation
Authentication

FLTCYBERCOM /C10F

* + + U.S. FLEET CYBER COMMAND/U.S. TENTH FLEET +**

Defensive Cyberspace Operations

Direct and synchronize actions to detect, analyze, counter and
mitigate cyber threats and vulnerabilities

Protect critical missions, enable freedom of action in cyberspace

Flexible response, incorporating Title 10 and Title 50 authorities,
to defend the GIG

Responsible Organizations:

----FLTCYBERCOM /C10F-----------

+ *+ U.S. FLEET CYBER COMMAND/U.S. TENTH FLEET * + +

Who:

Offensive Cyberspace Operations (O

Enabling and attack effects in cyberspace

Support national and CCDRs’ objectives via cyber actions
Remote Operations Center, civilians and military personnel
Enables active defense against cyber actors/adversaries

ROC Relationships:

FLTCYBERCOM /C10F

+ + * U.S. FLEET CYBER COMMAND/U.S. TENTH FLEET +* +

10 Department

NIOC Maryland

Computer Network Operations

-- NAVIOCOM Maryland

mission

infrastructure

T E C H N O L O G J E 5

Center of Excellence for Non-Kinetic Options —

11

I

A, AUS, CAN, GBR, NZL

Dir^or^t^^TD)

• TAO Overview

- Mission Aligned Cells (MAC)

• Manning / Placement

• Department Operations

- Summary

- Examples: Russia & Lebanon

- Joint Cyber Attack Team

- NCAT Vision

- Afloat CNO

• Discussion Topics

Remote

Operations

Center

Conduct On-net
ops (exploit,
collect, geo-
locate)

Data

Network

Technologie

s

Develop
operational
concepts and
software
implants to
exploit
computer
networks

Telecommuni

cations

Network

Technologies

Develop
operational
concepts and
software implants
to exploit phone
switches
Develop network
warfare

•ana»«

Network shaping■

Access
Technologie
s &

Operations

Conduct
physical access
(off-net)
operations
Conduct
expeditionary
CNO
Develop

'f(rrnvY-are=
implant^ to

Mission

Infrastructu

re

Technologie

s

Design,
development
and delivery of
the end-to end
infrastructure
that supports
GENIE

—opérations--

or. complex,
neiyyprks,-

A, FVEY

Concept:

• TAO recently completed a major effort to align resources from
R&T, ROC, DNT and MIT into mission focused teams.

• Mission Aligned Cells

- Teams composed of operators, analysts and developers working together to focus on
a specific target set.

• Allows TAO to efficiently resources on high-priority projects and
targets.

Current MAC’S:

• China/North Korea (NSAW, NS AH)

• Iran (NSAW, NSAG)

• Russia (NSAW, NS AH)

• Cyber Counterintelligence (CCI) (NSAW, NSAG, NSAT, NSAH)

• Counterterrorism (CT) (NSAW, NSAG)

• Target Service Provider (TSP) (NSAW, NSAT)

• Regional Targets (RT) (NSAW, NSAT)

TOP SECRET//SI//REL TO USA, AUS, CAN, GBR, NZL

____Diüectora

TAO - Front

Requirements & Remote Data Network II Telecommunications Access Mission
Targeting Operations Center Technologies |l Network 1 Technologies & Technologies Operations Infrastructure Technologies

S32:

Staff (2/2/0)

Leadership Positions:

• Deputy Chief; TAO

CAPT^^^M

• TAO Cyber Operations Integrated
Lead (COIL)

• Principle advisor to TAO leadership
for operational cyber issues

[Billet Description (BA/COB/Deptoyed)]



^ . Direct

Requirements <

NZL

TAO



Requirements & Targeting Mission
Center Technologies Technologies & Operations Infrastructure Technologies

S327:

R&T Influence (8/6/0)

Endpoint Exploitation (57/35/0)

Leadership Positions:

• D/Chief, CT & Afghanistan

• In training - slated for Hard Targets Division, DPRK
Branch

• CNO Coordinator - China/DPRK Branch

[Billet Description (BA/COB/Deployed)]

NZL

■■■

S321:

ROC Influence (9/9/0)

Lead (3/3/0)

Interactive Operator (49/26/0)
Production Operator (25/14/0)

Leadership Positions:

• Deputy Chief, ROC

• D-Chief, STO

• Chief; Iran MAC (IMAC)

CTNCS

• ROC SER

• Chief, Cyber Operations Branch

• Tech Lead, Cyber Operations Branch

a

[Billet Description (BA/COB/Deployed)]



quirements & Data Network Telecomnunications Access Mission
Targeting Operations Technologies Network Technologies & Infrastructure
Technologies Operations Technologies

Leadership Positions:

• Chief, Cyber Technologies Branch

• Chief, Engineering Services Division

S323:

Development (Officer) (2/2/0)
Development (Enlisted) (16/6/0)

[Billet Description (BA/COB/Deployed)]

TOP SECRET//SI//REL TO USA, AUS, CAN, GBR, NZL

AUS, CAN, GBR, NZL

u*rm££äS£™* Directorat

Access Technologie

^TAO

Leadershiß Positions:

Requirements &
Targeting

Remote Data Network Telecomminications Access Mission W -
Operations Technologies Network Technologies & Infrastructure LT^1
Center Technologies Operations Technologies

• D-Chief, EAO

S328:

ATO (Officer) (4/4/0)
ATO (Enlisted) (23/15/1)

[Billet Description (BA/COB/Deployed)]

TOP SECRET//SI//REL TO USA, AUS, CAN, GBR, NZL

SA, AUS, CAN, GBR, NZL

/ftHwMJitavt r+cruMMfï

* . . Directorat

Remaining Person

S325 - Mission Infrastructure Technologies:

Infrastructure (Enlisted) (7/1/0)

S352 - Global Access Operations:

Global Access (Officer) (0/1/0)

Global Access (Enlisted) (1/1/1)

10 Dept Summary:

Officers**

• 28 BA / 26 COB = 93%

Enlisted

• 182 BA/101 COB =55%

**2/9 CS P-coded officer billets filled; need M.S.
Computer Science personnel

[Billet Description (BA/COB/Deployed)]

TOP SECRET//SI//REL TO USA, AUS, CAN, GBR, NZL

_ Directorate (ITD)

Operations Sumn?

Weekly Interactive CNE
operations

ALL
Operators Ops Conducted
All 208 100.00% 2588 100.00%
CIV 70 33.65% 1059 40.92%
NAVY 52 25.00% 674 26.04%
AF 44 21.15% 343 13.25%
ARMY 29 13.94% 376 14.53%
USMC 11 5.29% 108 4.17%
USCG 2 0.96% 28 1.08%

NAVY
Operators Ops Conducted
NAVY 52 100.00% 674 100.00%
NIOC-M 28 53.85% 292 43.32%
NIOC-T 10 19.23% 133 19.73%
NIOC-G 8 15.38% 107 15.88%
NIOC-H 6 11.54% 142 21.07%

Target Sets - R&T
Analysts

China

Russia

Iran

Afghanistan

Pakistan

India

Iraq

Counterterrorism

Cyber

Counterintelligence (CCI)

Supporting Roles

ROC Senior Watch
Officers

Development

CAN, GBR, NZL

- MAC: Mission Aligned Cell - puts analysts and operators together to increase target familiarity and
efficiency of operations

• Current TAO Targets

- Political

• leadership to include Ministry of

Interior, Parliament Members, and
Presidential Palace

- Military

• Former Commander of \
Force

Common Border

IT Directorate
Medical Commanc
(affiliation unknown)

- Instructor, Army Staff

and Command College

• Lt. Col.l

\- Defense Ministry

• Recent Reporting

- Armed Forces Reviewed

Personnel Issues Regarding Retirement,
Communications, and Health Care

TOP SECRET//COMINT//REL TO USA, AUS, CAN, GBR, NZL

I111U1 111 cl LIU 11 X

cLiiiiuii/g^y

CTU 1060.1.1 - NROC

—™

FLEET FOCUS

Framework and
support for Navy
requirements



Provides structure to
develop holistic Navy
capability



r

Support five (5) Combined Task Elements

CTE

1060.1.1.1

CTE

1060.1.1.2

CTE

1060.1.1.3

CTE

1060.1.1.4

CTE

1060.1.1.5

JOINT FOCUS

Navy support to joint
priorities

A

Structure supports
manning requirements
levied on Navy

CND-RA

1020.6.1

N

CTE Manning

Unix and Windows Operators:

Exploiter Qualified
(Minimum Requirement)

Router and Firewall Operators:

May shift between CTE's depending on
operator specialty and mission requirement

Mission Alignment

NCAT

Service-led JCAT
JCAT Support
ServiceCNE Support



■ . A _ Directorati

Joint Cyber Attac

JCAT Concept of
Operations:

• Assembled for Title 10
execution support

• Mission Commanders and
Operators provide full-
time support to CNE
operations outside of
JCAT

Requirements:

• CAUI Support

• 1 Mission Commander

• 2 CNA Operators

• TASKORD 11-0335

• 3 Mission Commanders

• 7 D r'lKIA Dnc*r?)1~nrc:

Current Navy Participation:

• Mission Commanders:

• LTJG

• Qualification based on JQS administered
by the Cyber Operations Branch

• Five (5) additional officers in training

• Operators:

• Working to certify all qualified
Interactive Operators for JCAT

• Requires LOAC/ROE Briefing and Tool
Training

TOP SECRET//SI//REL TO USA, AUS, CAN, GBR, NZL

Information Technology

Directorate (ITD] ^ ¿gf

Afloat Computer Network Operations

______

Ptrectofst*

AUTEC testing with USS Annapolis. 18 NOV2011

• Interactive Operations

- Connection via:
NEPTUNETHUNDER,

BLINDDA TE/HA PP YHO UR

- Successful exploits at 4, 6,
and 8 NM with 4 watt
Access Point (AP).

- Predict max connection
distance to standard 100
mwAP to be 4 NM.

• Man On the Side
Operations

- Inject using:
BLINDDATE/NITESTAND

- Successful inject at 4 NM to
100 mw client computer.

CYPHER TEXT

ACTIVE SEGMENT
WIRELESS
ADAPTOR

GW:

NETMASK;

VLAN:

ENCRYPTED NETWORK
UNENCRYPTED NETWORK
RECEIVE ONLY
TRANSMIT AND RECEIVE

NOCE- âëCREï TITLE:

NAVY BUNDDATE SYSTEM

TOP SECRET//SI//REL TO USA, AUS, CAN, GBR, NZL

TOP SECRET//SI//REL TO USA, AUS, CAN, GBR, NZL

— NAVIOCOM Maryland ----------------------------- Center of Excellence for Non-Kinetic Options —

28

TOP SECRET//SI//REL TO USA, AUS, CAN, GBR, NZL

SECRET//REL TO USA, AUS, CAN, GBR, NZL

Network Operations - Overview

Overall classification of this brief is:

meyi /rccM i co L
i/Lffvlu rfunir (ï^n/LJJiw x drived Declassi fpj&i/fdi ê9§ë9é9 ' f

SECRET//REL TO USA, AUS, CAN, GBR, NZL

Networking Fundamentals

• Describe the following network component/terms:

- Proxy Server:

• An intermediary computer that completes application network requests on behalf of a

- Router

• A layer 3 device used to route traffic between networks

- File Server

• A server dedicated to the hosting and sharing of files.

- Perimeter Network

• The network segment located between LAN and Internet, used to place Internet facing
services like Web and Mail Servers.

- Internet

• The aggregate of publicly connected networks implementing the IP addresses

host.

NAVIOCOM Maryland

Center of Excellence for Non-Kinetic Options —

30

SECRET//REL TO USA, AUS, CAN, GBR, NZL

SECRET//REL TO USA, AUS, CAN, GBR, NZL

Networking Fundamentals

• Describe the following network component/terms:

- Intranet

• A private network not normally accessible through the internet.

- Firewall

• A mechanism to filter network traffic using rules based on attributes like source,
destination, packet type, port, and session status.

- IDS (Intrusion Detection System):

• Network traffic analyzer that uses patterns to detect malicious activity.

- TACACS (Terminal Access Controller Access Control System).

• Provides authentication, authorization, and accounting control to network devices via
central server.

- RADIUS (Remote Authentication Dial In User Service)

• Authentication protocol for remote users to access network resources via network
access methods like Dial-in, VPN, DSL, and WAP.

— NAVIOCOM Maryland ---- Center of Excellence for Non-Kinetic Options —

31

SECRET//REL TO USA, AUS, CAN, GBR, NZL

SECRET//REL TO USA, AUS, CAN, GBR, NZL

Networking Fundamentals

• Define the following cross domain solutions:

- High Assurance Guards

• Connects networks operating within different security domains. Filters traffic like a
firewall but operates on all levels of the TCP/IP stack.

- SABI (Secret and Below Interoperability)

• Connection of Secret Security Domain to Security Domains of lesser classification
levels.

- TSABI (Top Secret and Below Interoperability)

• Connection of Top Secret Security Domain to domains of lesser classification levels.

- Bastion Host

• A host on an internal network that is also publicly exposed to the Internet or another
public network. Usually used for service hosting (web, email, etc) or as part of a
firewall solution.

— NAVIOCOM Maryland ---- Center of Excellence for Non-Kinetic Options —

32

SECRET//REL TO USA, AUS, CAN, GBR, NZL

SECRET//REL TO USA, AUS, CAN, GBR, NZL

Networking Fundamentals

• Describe the location of the following components in a simple networked
environment:

a. Proxy Server

b. Router

c. Firewall

d. Workstation

e. DMZ

f. Switch

— NAVIOCOM Maryland ---- Center of Excellence for Non-Kinetic Options —

33

SECRET//REL TO USA, AUS, CAN, GBR, NZL

SECRET//REL TO USA, AUS, CAN, GBR, NZL

Wireless Networking

• Define wireless networking to include the following aspects:

- Wireless Access Point

• Wired to Wireless bridging.

- 802.11 Protocols

• The set of layer 1 & 2 protocols defining the RF physical layer and media access
control.

STANDARD Frequency Range Modulation Method Bit Rate .

802.11a 5.0 GHz OFDM 54 Mbps
802.11b 2.4 GHz DSSS 11 Mbps
802.11g 2.4 GHz OFDM 54 Mbps
802.1In 2.4 or 5 GHz SDM 600 Mbps

• Other wireless technologies in the 2.4 GHz range include Bluetooth (802.15), cordless
phones, microwaves, baby monitors, etc...

- MAC Filtering

• Only defined hardware addresses can connect to network

NAVIOCOM Maryland

Center of Excellence for Non-Kinetic Options —

SECRET//REL TO USA, AUS, CAN, GBR, NZL

34

Networking Fundamentals

• Define the following application protocols/services and identify their port
numbers:

- Telnet: TCP 23

- NTP (Network Time Protocol): TCP/UDP123

- NetBEUI (NetBIOS Extended User Interface): Non routable transport protocol used in pre-
WinXP LAN’s.

- Net BIOS (Network Basic Input/Output System): TCP/UDP 139

- FTP (File Transfer Protocol): TCP 21

- POP3 (Post Office Protocol 3): TCP 110

- RPC (Remote Procedure Call):

• SUN/UNIX: TCP 111, 32771

• WIN: TCP/UDP 135

- HTTP (Hypertext Transfer Protocol): TCP 80

— NAVIOCOM Maryland ---- Center of Excellence for Non-Kinetic Options —

35

SECRET//REL TO USA, AUS, CAN, GBR, NZL

SECRET//REL TO USA, AUS, CAN, GBR, NZL

Networking Fundamentals

• Define the following application protocols/services and identify their port
numbers (continued...):

- SMTP (Simple Mail Transfer Protocol): TCP 25

- DNS (Domain Name System): TCP/UDP 53

- SNMP (Simple Network Management Protocol): UDP161

- SSL (Secure Socket Layer): Presentation Layer protocol for use by applications to secure
communications

- SSH (Secure Shell): TCP 22

- TFTP (Trivial FTP): UDP 69

- HTTPS (HTTP Secure): TCP 443

- FTPS ():

- DHCP (Dynamic Host Configuration Protocol): UDP 67

— NAVIOCOM Maryland ----- Center of Excellence for Non-Kinetic Options —

36

SECRET//REL TO USA, AUS, CAN, GBR, NZL

SECRET//REL TO USA, AUS, CAN, GBR, NZL

Network Layer Protocols

• Define the following network layer protocols to include their relationship to
TCP/IP:

- ip

• Layer 3 (Network) used for network addressing and routing

- TCP

• Layer 4 (Transport) used for application session and reliable delivery

- UDP

• Layer 4 (Transport) used for application communication.

- ARP

• Layer 2 (Link) used for Mapping IP addresses to MAC Addresses

- RARP

• Layer 2 (Link) used for Mapping MAC addressees to IP Addresses

- ICMP

• Layer 3 (Network) used for Network Diagnostics

— NAVIOCOM Maryland ---- Center of Excellence for Non-Kinetic Options —

37

SECRET//REL TO USA, AUS, CAN, GBR, NZL

List and describe the 7 layers of the OSI Model:

u

Encapsulation

TCP Head-er Data
1
_ 1
IP Hç^ripr CWa

Lavor Plame

Application

FTrrssinUilirin

hi I! !ï!Ih ! II

Laver No.

Function

: I c
1 LLC Heeder Data PCS ■ I ill 1 it



WAC Header Data FC5

ttmtotcmüiD

Phyakal



Layer 7 UEor IntarfacB

Layer fi Encryption and Other Processing

Layer 5 Man iiii-i: Mtdti plf Jlunp-licnlIrthi

Layer J

Provide Reliable on-S Unroiebie
Lkdivr'iy ;niij Erfnr Cmrcriliori

Switches

Cabling

Ekfi nip Ice.

Telna

HTTP

■| Providee Logical AdEinesEinu
Uaad by Ri il .1 .r: a

rl- 2 Encfppints with MAO WîÆ

Aihjress Error DatscHon Ccwratticn HDLC

1 5pi3c.iiics y/i]|1ii nn. Wins Spend. P.1A.TEA ?J2
v and Pin-Out CabJaa V.3S

U

Re-Encapsulation

-nûcnoîcn îûia

NAVIOCOM Maryland

Center of Excellence for Non-Kinetic Options —

SECRET//REL TO USA, AUS, CAN, GBR, NZL

SECRET//REL TO USA, AUS, CAN, GBR, NZL

,£RATjOty

TCP/IP Model

• List and describe the 4 layers of the TCP/IP Model to include how they
relate to the OSI Model:

- The TCP/IP model combines
the Session and Presentation
layers with the Application
layer. It is assumed if a
program has need of layer 5 or
6 functionality, then the
program will have to provide it.

TCP/IP OSI
APPLICATIONS Application Layer
Presentation Layer

Session Layer
Transport Layer TCP and UDP Transport Layer
Network Layer IP Network Layer
Data Link Layer Data Link Layer
Physica Layer Physical Layer

7

6

5

4

3

2

1

— NAVIOCOM Maryland ----- Center of Excellence for Non-Kinetic Options —

39

SECRET//REL TO USA, AUS, CAN, GBR, NZL

SECRET//REL TO USA, AUS, CAN, GBR, NZL

TCP 3-Way Handshake

• Define and illustrate the TCP 3-Way Handshake

- The 3-Way handshake is the method
that all TCP sessions use to initialize
connections and session parameters. It
follows the sequence SYN, SYN-ACK,
ACK. Application data can begin sending
with the final ACK packet.

— NAVIOCOM Maryland ---- Center of Excellence for Non-Kinetic Options —

40

A

Computer A sends £
synchronize message
to B containing a
setquariCti Timber;

sen=1Dii.

Computer E
acknowledges
that it received
ihu message by
incrgmunhug
ihe sequence
number (celled
an "ACK"i It also
sends Its own

seqimnue;
ack=1Dl. svn=3DG.

Compute-* A receives
the Ack ¡t expects and
me connection is now
ustabiisfiGd.
All cinrirrujiikidlion wit
row send incremented
sync and acks to ensure
a good connection;
syi-102, ack-jQl

■>

SECRET//REL TO USA, AUS, CAN, GBR, NZL

TCP Flags

• Define and briefly describe the use of the following TCP flags:

- SYN: Used to initialize the TCP by setting the packet sequence number

- ACK: Used to acknowledge receipt of all package sequences up the number indicated

- PSH: Indicates that that all data already received should be given to the application as soon
as possible. Flushes the buffer.

- URG: Urgent Data. Commonly used for interrupts.

- FIN: Indicates there is no more data to send from that end of the connection. Session
closes after both ends acknowledge FINs

- RST: Immediate termination of connection. Commonly used to indicate unavailable

service.

NAVIOCOM Maryland

Center of Excellence for Non-Kinetic Options —

41

SECRET//REL TO USA, AUS, CAN, GBR, NZL

SECRET//REL TO USA, AUS, CAN, GBR, NZL

Protocol Headers

Define and describe the structure of the following protocol headers:

- IP 0

15 16

ili^an.llLon IP ■fldflC'eSSi

/

options (if Any)

31

4-bit verskxï 4-bit hffllet lengib 6-bit type of ser'ice (TOS) 16-bil tolal length fin bytes)
16-bit uit/ntifitiLCkin II 13-bil frajjjnenl offset
6-bit time lu Live (TTL) ¿■bit protocol 1-G-bit hea Je r checksum
32-bit hukk IP addles#

20by!e$

/


data /

— NAVIOCOM Maryland ---- Center of Excellence for Non-Kinetic Options —

42

SECRET//REL TO USA, AUS, CAN, GBR, NZL

SECRET//REL TO USA, AUS, CAN, GBR, NZL

Protocol Headers

Define and describe the structure of the following protocol headers:

- TCP

15 16

16-bit source port number

I[v-bi t destination port number

32‘bit sequence number

32-bit acknowledgment number

4-blt tmdn
length

iescri'itl
(6 bits)

u A ia R S P
K C S 5 Y [ 16-bit ■window sjae
t; K H T N N

lb-bit TCP checksum

Ifrblt urgent pointer



options (if Any)

31

2Ù bytes

/


/ dAtJ (ifany) |

NAVIOCOM Maryland

Center of Excellence for Non-Kinetic Options —

SECRET//REL TO USA, AUS, CAN, GBR, NZL

SECRET//REL TO USA, AUS, CAN, GBR, NZL

Protocol Headers

Define and describe the structure of the following protocol headers:

- UDP

0

15 16

Si

lfr-bil source port number 16 b¡1 destitution port number
Ifr-bi! urtp length UDP ctwckiurtl

& bytes
1

7

did
Z

NAVIOCOM Maryland

Center of Excellence for Non-Kinetic Options —

SECRET//REL TO USA, AUS, CAN, GBR, NZL

SECRET//REL TO USA, AUS, CAN, GBR, NZL

MAC Addressing

• Discuss the following as it pertains to MAC Addressing:

- LENGTH OF MAC ADDRESS IN BITS: 48

- DISPLA Y OF MAC ADDRESS: Hexadecimal Format 00:8e:f0:59:31:ae

- LOCATION OF MAC ADDRESS: First 48 bits in message

- MANUFACTURER SPECIFIC BITS: First 3 Octets

- HOST SPECIFIC BITS: Last 3 Octets

LUII

1st octet 2nd octet 3rd octet 4 ih octet ociet 6th oc tel

1011111 1 - 01110101 nooin orioinn 01003101 01111010
C./l tflffiip/liifliuifliBl) hJ

Gfl (global-local) bit

— NAVIOCOM Maryland ----- Center of Excellence for Non-Kinetic Options —

45

SECRET//REL TO USA, AUS, CAN, GBR, NZL

SECRET//REL TO USA, AUS, CAN, GBR, NZL

,£RATjOty

• Discuss the following as it pertains to ARP:

- ADDRESS RESOLUTION:

• ARP (Address Resolution Protocol) facilitates the mapping between hardware
addresses (MAC Address) and logical network addresses (IP Addresses). This
mapping can be stored in a file or can determined through ARP broadcast requests on
a local network.

— NAVIOCOM Maryland ----- Center of Excellence for Non-Kinetic Options —

46

SECRET//REL TO USA, AUS, CAN, GBR, NZL

ICMP

• Discuss the following as it pertains to ICMP:

- ICMP is a protocol that defines a collection of message types commonly used for network
diagnostics.

• Layer of the OSI model: ICMP (usually) consists of Layer 3 (Network) messages
transported by IP.

• Ping: Message Type 8 (request) and 0 (reply). Used to determine if a device is active
on the network.

• Traceroute: Uses a combination of the IP time-to-live (TTL) field and the ICMP
messages 11 (time exceeded) and 3.3 (port unreachable) to determine the route a
packet takes through the network.

NAVIOCOM Maryland

Center of Excellence for Non-Kinetic Options —

47

SECRET//REL TO USA, AUS, CAN, GBR, NZL

Routing Table

• Discuss the routing table as it pertains to the router:

- The Routing Table Stores what networks are reachable through each interface along with
metadata about that route.

10.1.0.0 10.2.0.0 1Q.3.Q.0 10,4.0.0

E0? A PSO 7 SQI B PS1 7—^ C W EO

Routing Table
10.3.0.0 SO 0
10.4.0.0 EO 0
10.2.0.0 SO 1
10.1.0.0 SO 2

Routing Table
10.2.0.0 SO 0
10.3.0.0 S1 0
10.4.0.0 S1 1
10.1.0.0 SO 1

Routing Table
10.1.0.0 EO 0
10.2.0.0 SO 0
10.3.0.0 SO 1
10.4.0.0 SO 2

— NAVIOCOM Maryland ----- Center of Excellence for Non-Kinetic Options —

48

SECRET//REL TO USA, AUS, CAN, GBR, NZL

SECRET//REL TO USA, AUS, CAN, GBR, NZL

IP Addressing

• Discuss the following as it pertains to ranges of IP addressing:

Classful networks were the original method of
distributing address groups to organizations.

• Class A: First 8 bits for Network ID and the last
24 bits for Host ID.

• 126 Networks : 16,277,214 Hosts/net

• Class B: First 16 bits for Network ID and the last
16 bits for Host ID.

• 16,384 Networks : 65,534 Hosts/net

• Class C: First 24 bits for Network ID and the last
8 bits for the Host ID.

• 2,097,152 Networks : 254 Hosts/net

NAVIOCOM Maryland

Center of Excellence for Non-Kinetic Options —

SECRET//REL TO USA, AUS, CAN, GBR, NZL

49

SECRET//REL TO USA, AUS, CAN, GBR, NZL

,£RATjOty

- Number of bits in an IP address: 32

- Number of octets contained in an IP address: 4

0 3 16 24 32

L____________________I_________I__________t

(} Nfttwrirl( IT; [bill 2 10 i| Homo 1 bfcj |


Ctas* A Addles*

Herf.'jk ID
|b ¡Is- 3 Id I4j

*-■011 ID
Q4

Cb ss \i Addrun

Hitwik ID Hmi:0
1 u [kH d 24) \i bit)

CFasi C Address

Mulrjousl Giajp fldcrcsj
¡3b bil:.)

Cbsi D Address

1 1 1 ? Addm* ip |bils 5 to J2|


Ctass E Address

• IPv6 has 128 bits, roughly a 300 trillion 300 trillion more

- 90,000,000,000,000,000,000,000,000,000 times the space of IPv4

— NAVIOCOM Maryland ---- Center of Excellence for Non-Kinetic Options —

50

SECRET//REL TO USA, AUS, CAN, GBR, NZL

SECRET//REL TO USA, AUS, CAN, GBR, NZL

Networking Fundamentals

• Discuss the following as it pertains to the following protocols:

- TCP

- UDP

— NAVIOCOM Maryland ---- Center of Excellence for Non-Kinetic Options —

51

SECRET//REL TO USA, AUS, CAN, GBR, NZL

SECRET//REL TO USA, AUS, CAN, GBR, NZL

IP Subnets

• Discuss the following as it pertains to IP Subnets:

- Number of bits used in a subnet mask.

- How the subnet mask identifies the network portion of the of the IP address.

- Borrowing bits from the host portion of the address.

- Benefits of subnetting.

o

a

I A

200

I 3

9-d

24

-L-

32

HW1 iP
|B LJfiJ

1 3 0 0 0 0 0 0 0 0 01 0 0 0 0 0 0 0 0 0 0
25^ 255 255

joooooono

o

0 0 0 HI 0 0 0 0 10 0 01 0 0 0 0 0 0 0 0 0 0 0
. 255 255 255

□ O □ O O □ D

tza

CIom G
200 1 3&4JQ

O Subr cl |[J bill

B haal ID bill-

| I !z.jLiiKjr.

254 Hodi|

E iiuhn cl ir> Bit
? hrril 111 RHi
\7

12*5 Mfesat lioch]

— NAVIOCOM Maryland ---- Center of Excellence for Non-Kinetic Options —

52

SECRET//REL TO USA, AUS, CAN, GBR, NZL

SECRET//REL TO USA, AUS, CAN, GBR, NZL

TELNET

Discuss the following as it pertains to TELNET.

- Use: Create a Network Virtual Terminal session on

- Type of connection: TELNET uses TCP as the

- Default port number: 23

s



-- NAVIOCOM Maryland

Center of Excellence for Non-Kinetic Options —

SECRET//REL TO USA, AUS, CAN, GBR, NZL

SECRET//REL TO USA, AUS, CAN, GBR, NZL

References

1. Authorized Self-Study Guide Interconnecting Cisco Network Devices, Part 2
(ICND2): (CCNA Exam 640-802 and ICND Exam 640-816) by Steve
McQuerry. Publisher: Cisco Press. Pub Date: February 13, 2008. Print
ISBN-10:1-58705-463-9.

2. Cisco Networking Simplified, Second Edition by

a. Publisher: Cisco Press.

Pub Date: December 18, 2007. Print ISBN-10:1-58720-199-2.

3. TCP/IP Guide, 1st Edition by Charles M. Kozierok. Publisher: No Starch
Press. Pub Date: October 4, 2005. Print ISBN-13: 978-1-593-27047-6.

4. TCP/IP Illustrated, Volume 1: The Protocols by W. Richard Stevens.
Publisher: Addison-Wesley Professional. Pub Date: December 31, 1993.
Print ISBN-10: 0-201-63346-9.

5. Building Internet Firewalls, 2nd Edition by Elizabeth D. Zwick);

; Brent Chapmai . Publisher: O'Reilly Media, Inc. Pub
Date: 2000/06/26.

6. Intelipedia Articles.

7. NSA Wiki Articles.

NAVIOCOM Maryland

Center of Excellence for Non-Kinetic Options —

SECRET//REL TO USA, AUS, CAN, GBR, NZL

54

SECRET//REL TO USA, AUS, CAN, GBR, NZL

Questions

• Questions?

— NAVIOCOM Maryland ----- Center of Excellence for Non-Kinetic Options —

55

SECRET//REL TO USA, AUS, CAN, GBR, NZL

e-Highlighter

Click to send permalink to address bar, or right-click to copy permalink.

Un-highlight all Un-highlight selectionu Highlight selectionh