Network interface cards or NIC’s are what connect computers to networks. If you haven’t heard about it yet, the OSI Model is the concept that all computers use to communicate with each other. There are seven layers the begin with the physical layer which go all the way up to the application layer. In layman terms, the OSI Model begins with connecting a network cable to your NIC, the data is is manipulated at each layer of the OSI Model and uses protocols at each layer arrives at the application made the request for information, for example Google Chrome. Each layer of the OSI model contains a protocol that is responsible for the movement and interpretation of data, for example a layer 1 technology would be Ethernet 1000BASE-TX this commonly referred to as Gigabit Ethernet. Its commonly seen in use with Ethernet ports in today’s home routers such as the ASUS RT-AC68U. An layer 7 application layer protocol would be something like HTTP which web browsers interpret and thus provide a graphical output to the end user.
The NIC resides at the physical layer and “somewhat” in the data link layer. The actual interface or port that the ethernet cable connects to is responsible for taking the electronic signal that travels the ethernet cable into computer useable data and vice versa, the process of encoding data or packaging data and placing it on a cable to be sent is called modulation.
The next layer that the NIC interfaces with is the data link layer, and this is where the packet MAC addresses are assigned or analyzed depending on the direction of the packet.
If you look at at the Wireshark capture below you’ll see the frame/ethernet header is where the NIC is interfacing with the packet. This is layer two.
In the case of wireless, the physical layer would be the wireless airwaves that the antenna on the NIC capture, basically ethernet cable = wifi radio signals. All NIC’s have antennas regardless if you see them or not, some are embedded within the device itself and some are external.
The short version of it is network cards are responsible for taking bits off of the wire or airwaves, packaging them up and sending them up the next layer of the OSI model for processing.
When looking at network cards you’ll see something like “Speed 10/100/1000Mbps”. Or you’ll see Fast-Ethernet (100 MBps) or Gigabit-Ethernet (1 Gbps). This is called Bandwidth and it is the amount of data that can be passed by the device or cabling during a given time.
When you hear the term network adapter chipset it will often be accompanied with Realtek, Intel, and Broadcom. These are just the names of companies that build the component or circuit that are responsible for managing data within the Network Adapter. This is important for two reasons. One is reliability and quality, some people would argue that one company products a better product than the other. The other is usually related to wireless injection because you need to make sure your chipset supports packet injection. Aircrack-ng lists chipsets that have been tested to work with their software during wireless cracking.
Your media access controller address or MAC address is unique and hard coded into to each network adapter device and is used to identify a device when connected to a LAN. A mac address can be also identify the manufacturer of the device chipset.
Application in Hacking
So why is this knowledge important when discussing hacking? First and foremost the basic knowledge of what a network card is and how it relates to the OSI module is important to understand for basic computer networking principles. These principles are the foundation of how your data gets from one computer to the other and without that knowledge it doesn’t matter what tool you use or how good your exploit is, if it can’t get to where it needs to go it simply won’t work. Additionally, when looking at intrusion detection systems or firewall logs its possible to pick out network packets that have been constructed by humans and not by machine. Attackers with strong networking abilities are usually much harder to detect than those without because they can craft packets that will avoid detection by typical methods.
It may seem arbitrary to discuss network cards, and its application in hacking may be a bit of a stretch. As a hacker or security professional its important to understand the inner workings of our tools and environment so that we can best leverage them against our opponents.