The world of computer forensics is a fascinating one. Before writing Wings of Mayhem (releases 5/18/16) I took several courses on how to hack.
For those who don’t know, the main character in Wings of Mayhem, Shawnee Daniels, is a hacker turned computer forensic specialist who moonlights as a cat burglar. My usual process is to learn everything I can about my characters’ professions so I can slip into their skin. Many things never make it into the book.
For new followers of this blog, my mission has always been to share what I learn here. If I can save you research time in the future, then I consider it a win.
There are three types of hackers:
Black hats: people who use their skill for evil.
White hats: people who use their skill for good.
Gray hats: somewhere in between the two. Shawnee is a gray hat, but don’t judge her too harshly. She’s loyal and loving under all her snarkiness.
These days we all use what’s called Transmission Control Protocal/Internet Protocal or TCP/IP. TCP is how your computer or devise communicates. IP is how it connects to the internet.
I sense your eyes glassing over, but stay with me. If you use a computer on a regular basis, which I assume you do or you wouldn’t be here, by the end of this post you won’t ever look at them in the same way.
Windowing is the process of one computer communicating with another. To be clear, when I say computer I’m referring to any electronic devise that connects to the Internet.
Information is broken down into “packets,” strings of 1s and 0s (called binary numbers) that make up everything we send. It’s with these strings of 1s and 0s that programmers write code. By manipulating or rewriting code is how hackers cause chaos. They also use skip kiddies, patches, and other “tricks,” but they all stem from writing code (using binary numbers). I’m sticking with the basics here so it doesn’t get too confusing.
How Windowing Works
Let’s say Computer 1 sends Computer 2 a Word.doc. Rather than sending the entire file, Computer 1 will send 1 packet, a string of 1s and 0s (binary numbers) that when combined with the other packets, make up the entire file. Computer 2 acknowledges receipt of that 1 packet. Once Computer 1 gets the acknowledgment it will send 2 packets, double the first communication. The cycle continues, with Computer 1 doubling the packets with each communication and Computer 2 acknowledging receipt of each packet. So if Computer 1 sends 10 packets, Computer 2 will respond by saying, “Received 10 packets.”
But what happens if Computer 2 doesn’t confirm receipt? Let’s say Computer 1 sends 200 packets—mind you, Computer 1 is still only forwarding the Word.doc; there could be 1000s of packets, depending on the size of the file. Computer 2 notices a problem and sends a message that says, “Received 10 packets out of 200.”
Hearing this, Computer 1 will immediately start over, by sending 1 packet and waiting for acknowledgment that Computer 2 received it. When Computer 1 gets the green light, it’ll send 2 packets…just like before…each time doubling the payload.
This is especially important in today’s world with instant communication. When you type a private message on Facebook, or send a text on your iPhone, all this back-and-forth is happening behind the scenes.
Still with me?
Your IP Address tells your devise the computer and network. I’m sure you’re familiar with an IP address. For home computers they look like this: 192.168.10.1. Each one of the four sections—called “octets”— are made up of 1s and 0s (binary numbers). Remember, your devise only recognizes 1s and 0s, so it cannot recognize the IP address as 192.168.10.1.
Okay. *rubs palms together* Roll up your sleeves. This is where everything becomes clear.
We know each IP Address has four Octets. 192 (1st octet).168 (2nd octet). 10 (3rd octet). 1 (fourth octet). Each Octet is made up of bits, strings of 1s and 0s (binary numbers). A value is assigned to each octet using decimal numbers. From left to right each decimal looks like this: 128 64 32 16 8 4 2 1. Notice anything about these numbers? If we look at them from right to left, we can see that each value doubles…exactly how a computer sends packets.
Binary numbers are assigned to each decimal number using 1 = on 0 = off
Remember our IP Address? 192.168.10.1
The first Octet = 192
Second Octet = 168
Third Octet = 10
The fourth Octet = 1
It would look like this: 0 0 0 0 0 0 0 1
Each IP Address tells you the computer and network. If we added all the (top) decimals, we get 255. And this is where the Subnet comes in. A Subnet (short for “subnetwork”) is an identifiably separate part of an organization’s network. Typically, a Subnet represents all the computers (devises) at one location, in one building, or on the same Local Area Network (LAN). Having an organization’s network divided into subnets allows for multiple devices to connect to the Internet with a single shared network address.
Without subnets, an organization would have to have multiple connections to the Internet, one for each computer. The Subnet tells you what portion of the IP is computer and what is network. Subnets are broken down by class.
Class B Subnet: 255.255.0.0
It would look like this in binary code: 1 1 1 1 1 1 1 1/1 1 1 1 1 1 1 1/0 0 0 0 0 0 0 0 /0 0 0 0 0 0 0 0
Class A Subnet: 255.0.0.0
Binary code: 1 1 1 1 1 1 1 1/0 0 0 0 0 0 0 0/0 0 0 0 0 0 0 0/0 0 0 0 0 0 0 0
Class C Subnet: 255.255.255.0
Binary code: 1 1 1 1 1 1 1 1/1 1 1 1 1 1 1 1/1 1 1 1 1 1 1 1/0 0 0 0 0 0 0 0
The last IP number in our address (a home network) is the Broadcast IP. The Broadcast IP sends information to each computer in the network. Using our IP Address: 192.168.10.1, our Broadcast IP is 1.
So how do hackers target an entire network? They take the IP address and Subnet and convert to binary code to find the Broadcast IP. Then they send packets to the Broadcast IP to infect the entire network.
*If you enjoyed this post, please share it on your favorite social media site.