netgo

How to use AWS workspace?

Recently, I have some chance to do simple test for AWS workspace. Deploy is not difficult. However, there are some necessary factor to do best architecture.

1. Pre-requsite.

The AD system should be necessary, For this post, I will use AWS managed Microsoft AD service. I write a post which explain how to configure it. In directories, I can see the "Registered" directory.

2. Install and Configure for AWS workspace.

Launch Workspace at first.

Select the directory which I have create already. This directory offer user management service.

Select the user which I want to use. In my case, I will use AWS managed AD service. I have already created "crenetadmin" user in AD. Please note that, User information required First, Last name and E-mail address. (Please note a user can be assigned for single workspace only. I need other user for secondary worksapce.)

Select the OS type. In my case, I will select "Standard with WIndows 10".

Select "Running Mode", I will select "AutoStop" mode., which make the instance stopped when no usage is happend.

Review and Launch it.

3. Login and Run the AWS workspace.

In the detail after launching, I can see the client link "https://clients.amazonworkspaces.com/". From this, I can download client program. Also, weblogin is possible.

I have to remember the "Registration Code". Click "Web Access Login", and then I can see the Registration page.

On this page, I will insert Registration code.

If I meet this error message, I need client downloaded.

After download and Installation of AWS workspace client, I can see the I-con over desktop and I run it.

At the beginning, I can see the field to insert "Registration code". However, aT the left corner of the top, there are configuration button. Under this button, I can see "Manage Registrations". After Registration, I can see the login step.

With the username and password which are registered on AWS managed AD service. I can pass the next step. Select what I want.

Now, I can use workspace.

4. Troubleshooting and Deep-dive for AWS workspace.

However, this is so strange. I have not defined any network and security information. Look at the network interface information. 

This is other case. In this case, 11.5.80.110 is assigned.

There are 2 interface. "11.5.64.253" is the one of VPC network and "198.19.113.72" is new network which I have not known. 

And I try to send ICMP packets, one is for internet connection and the other is for internal connection. I will explain why this kinds of situation is happened. During the creation of the AWS managed Microsoft AD from this post, I selected 2 subnets. At this time, I selected subnets which is not possible for outbund traffic. Thus IP address for this workspace is assigned by this subnets. "11.5.64.253" is the one of IP address which the directory service have. "198.19.113.72" is the secondary IP address, which make connection from the user with client and weblogin. Therefore, I need to consider this properties to architecture for this service.

5. Security and Service Port

If you are use the internet network to access this workspace, it does not matter. However, if you are inside of the company, sometimes you need to open the firewall security policy for this service. you make huge trouble. It is not easy. Please refer this link https://docs.aws.amazon.com/ko_kr/workspaces/latest/adminguide/workspaces-port-requirements.html

Reference 

[ 1 ] http://createnetech.tistory.com/27

[ 2 ] https://docs.aws.amazon.com/ko_kr/workspaces/latest/adminguide/workspaces-port-requirements.html

How SSL/TLS handshake can be done?

In this post, I will analysis the SSL/TLS packet. In fact, I have some chance to see RDP packets. Look at the below. This is RDP packet captures. 

I wrote "How to calculate the sequence number" in this post. In this post, I will only handle how SSL/TLS handshake can be done. Before SSL/TLS handshake, TCP handshake should be established.

1. Client Hello

At first, Client send the "Client Hello" packet. In this packet, there are three important information. Random number, Session ID and Cipher suites. 

Random number is used to generate "pre-master key" with another random number from server. This "pre-master key" will be used to generate "master key" which encrypt and decrypt the packets.

Cipher suites is the list which the client can support. Thus, the server will select one of this lists.

2. Server Hello.

After receive the client hello, server send the "Server Hello" packet to client. In this packet, there are three important information. Random number, Cipher suite and Certificate with Public key.

Random number is used to generate "pre-master key" with another random number from client.

Cipher suite is the selected item which is one of list from client.

Certificates is the very important parameters. In this values, "Public Key" is included. This "Public Key" is used to encrypt the "pre-master key" before transfer to server.

3. Client Key Exchange

In this step, Client know both random values of client and server. Therefore, client generate the "Pre-master key". Also, client can know public key because of the received certificates. So, client sent the packet which "Pre-master key" is included in. It is encrypted by public key.

4. Server Response.

Finally, the server knows "pre-master key", after decrypting received packet. The server and client will be generate "master key" each by some algorithm. This "master key" is used for encrypt and decrypt the data packet.

5. Data Packet with Encryption.

So, the Data packets are encrypted by this master key. I can see the SSL layer in the packets like below. Data will be encrypted.

Reference

[ 1 ] https://opentutorials.org/course/228/4894

[ 2 ] http://createnetech.tistory.com/25

How to calculate sequence number of the TCP/IP packets?

I am the network engineer. Recently, I have some change to remember the sequence number of the TCP/IP packets. Someone include me think that this is not easy. 

1. General Packet Structure.

IP header and TCP header have generally 20 Byte size of the packets. Data payloads can be maximum 1460 Byte size of the packets. 

MSS is the data size, which determine how much can be send at one time. MTU is sum of TCP, IP and MSS (Data). 

MSS = Maximum TCP Segment Size in one Packet – usually it is 1460 + 20 (TCP Header) + 20 (IP Header) = MTU =1500 + 18 (DLC Header) and you have a full frame of 1518 bytes.

2. IP header Structure

I have told "IP header is 20 Byte". However, IP header is not fixable. It can be increased by optional values up to 60 Byte.  In this header, there are three point which I need to focus on.

Length field shows how much size of IP header. Identification field is one of mark. This is the unique value which is not changed from source to destination.  In this link, I can see more detail of the Protocol field.

3. TCP header structure.

TCP header is also not fixable. It can be max 60 Byte. In TCP header, there are sequence number, acknowledge number and window size value.

Windows size value is determined by server environment, such as allocated memory of operating system. It can be increased or decreased. If I suffer from "Zero Window" issue, I have to check the buffer size of host.

4. DLC header structure.

This header shows MAC address generally. In Ethernet field, 0x0800 means IPv4 and 0x08dd means IPv6.

5. Packet sequence analysis for SYN and FIN

For SYN-ACK / FIN-ACK handshake, it is important to add +1 value, even if length of data is zero. Client sent packet with sequence number 0. Therefore, the expect ACK number should 1. Server will send the packet with sequence number 0 and ACK number is 1. For this packet, the expect ACK number should also is 1. Finally, client send last ACK packet with sequence number 1 and ACK number 1.

6. Packet sequence analysis for Data 

For Data, It is little bit different with above. It add only length of data. Look at the below. Fist, sequence number 380 + data length 213 is Expect ACK with number 593.

Second, sequence number 1306 + data length 373 is 1679 with ACK 593 which come from above.

Final, sequence number 593 which equals with ACK number will transfer with ACK 1679.

7. Optional ,SACK (Selective ACK) 

For effective transmission, the selective ACK mechanism is existed. Look at the below. 172.18.0.74 is sender. This sender send the packet with sequence number, 5943, 7403, 8863, 10323, 11784, 13243, and 14703. The data length is 1460. Thus, there is no loss to transfer.

However, Loot at the below. At this time, ACK number is important value. "ACK=10323, SLE=13243, SRE=14703" message means 11783 packet does not exist in the receiver. 

In the last, re-transmission for sequence 11783 is happen. The ACK number with 11783 is shown.

Reference

[ 1 ] https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml

[ 3 ] https://www.networkcomputing.com/network-security/network-troubleshooting-tcp-sack-analysis/2073731643