Computer Forensics: Investigating Network Intrusions and Cybercrime, 2nd Edition. Chapter 2 Investigating Network Traffic
|
|
- Roland Gallagher
- 5 years ago
- Views:
Transcription
1 Computer Forensics: Investigating Network Intrusions and Cybercrime, 2nd Edition Chapter 2 Investigating Network Traffic
2 Objectives After completing this chapter, you should be able to: Understand network protocols Understand the physical and data link layers of the OSI model Understand the network and transport layers of the OSI model Describe types of network attacks Understand the reasons for investigating network traffic 2
3 Objectives After completing this chapter, you should be able to (cont d): Perform evidence gathering via sniffing Describe the tools used in investigating network traffic Document the evidence gathered on a network Reconstruct evidence for an investigation 3
4 Introduction to Investigating Network This chapter: Traffic Begins by explaining some basic networking concepts Discusses ways that an intruder can attack a network Covers how an investigator can gather evidence from different parts of the network and what tools an investigator can use to gather evidence 4
5 Network Addressing Scheme Two methods of network addressing: LAN addressing Internetwork addressing 5
6 LAN Addressing Local area network (LAN) Set of hosts in a relatively contiguous area, allowing for data transfer among hosts on the same network Each node in the LAN has a unique MAC (media access control) address assigned to the NIC MAC address: a unique 48-bit serial number assigned to each NIC, providing a physical address to the host machine Network interface card (NIC) Piece of hardware used to provide an interface between a host machine and a computer network 6
7 LAN Addressing Types of MAC addresses: Static Configurable Dynamic Packets are either addressed to one node or, in the case of broadcasting, to all the nodes in the LAN Broadcasting is often used to discover the services or devices on the network 7
8 Internetwork Addressing Used in a network where a number of LANs or other networks are connected with the help of routers Each network in this Internetwork has a unique network ID or network address known as the host address or node ID Routers use these addresses when data packets are transmitted from a source to its target Internetwork address is a combination of both a network address and host address 8
9 OSI Reference Model OSI model consists of seven layers The OSI reference model is based on the following principles: Every layer has a fully defined function The boundaries of the layers have been designed to reduce the flow of information in the interface When an additional level of abstraction is required, then a layer is created Each layer contains the functions of the international standardized protocol 9
10 OSI Reference Model Figure 2-1 The OSI protocol stack consists of seven layers 10
11 Overview of Network Protocols In the seven layers of the OSI model, protocols exist in only six layers The physical layer contains no network protocols 11
12 Data Link Layer Main protocols include: Point-to-Point Protocol (PPP) Serial Line Internet Protocol (SLIP) Address Resolution Protocol (ARP) 12
13 Network Layer Main protocols include: RARP (Reverse Address Resolution Protocol) ICMP (Internet Control Message Protocol) IGMP (Internet Group Management Protocol) IP (Internet Protocol) 13
14 Transport Layer Main protocols include: UDP (User Datagram Protocol) TCP (Transmission Control Protocol) 14
15 Session Layer, Presentation Layer, and Application Layer Main protocols include: HTTP (Hypertext Transfer Protocol) SMTP (Simple Mail Transfer Protocol) NNTP (Network News Transfer Protocol) Telnet FTP (File Transfer Protocol) SNMP (Simple Network Management Protocol) TFTP (Trivial File Transfer Protocol) 15
16 Session Layer, Presentation Layer, and Application Layer Figure 2-2 Different protocols are used in different layers in the TCP/IP model 16
17 Overview of Physical and Data Link Physical layer Layers of the OSI Model Transmits raw bits over a communication channel Design must ensure that when one side sends a 1 bit, the other side should receive that bit as a 1 bit Deals with the mechanical, electrical, and procedural interfaces, and the physical transmission medium Data link layer Breaks the raw transmission bits into data frames Sequentially broadcasts the frames Creates and recognizes frame boundaries 17
18 Overview of Network and Transport Network layer Layers of the OSI Model Takes care of the delivery of data packets from the source to the destination Provides the logical address of the sender and receiver in the header of the data packet Checks the integrity of the transferred data Transport layer Takes care of the entire message that is transferred from the source to the destination Takes care of error correction and flow control of the message 18
19 Types of Network Attacks Main categories of attacks launched against networks: IP spoofing Router attacks Eavesdropping Denial of service Man-in-the-middle attack Sniffing Data modification 19
20 Why Investigate Network Traffic? Reasons investigators analyze network traffic include: Locate suspicious network traffic Know which network is generating the troublesome traffic and where the traffic is being transmitted to or received from Identify network problems 20
21 Evidence Gathering at the Physical Layer A computer connected to a LAN has two addresses: MAC address IP address Two basic types of Ethernet environments: Shared Ethernet Switched Ethernet 21
22 Shared Ethernet Every machine receives packets that are meant for one machine Sniffer ignores this rule and accepts all frames by putting the NIC into promiscuous mode Promiscuous mode Mode of a network interface card in which the card passes all network traffic it receives to the host computer, rather than only the traffic specifically addressed to it Passive sniffing is possible in a shared Ethernet environment, but it is difficult to detect 22
23 Switched Ethernet Hosts are connected to a switch Switch does not broadcast to all computers Sends the packets to the appropriate destination Sniffing by putting the NIC into promiscuous mode does not work in this type of environment SPAN (Switched Port Analyzer) port Port that is configured to receive all the packets sent by any source port Special switches are available that can be configured to allow sniffing at the switch that can even capture local traffic 23
24 DNS Poisoning Techniques DNS (Domain Name Service) Service that translates domain names into IP addresses DNS poisoning Process in which an attacker provides fake data to a DNS server for the purpose of misdirecting users Types of DNS poisoning: Intranet DNS spoofing (local network) Internet DNS spoofing (remote network) Proxy server DNS poisoning DNS cache poisoning 24
25 Intranet DNS Spoofing (Local Network) Figure 2-3 An attacker must be connected to the LAN to perform intranet DNS spoofing 25
26 Internet DNS Spoofing (Remote Network) Figure 2-4 An attacker uses a Trojan to perform Internet DNS spoofing 26
27 Proxy Server DNS Poisoning Figure 2-5 An attacker uses a Trojan to change the proxy server settings on a machine during a proxy server DNS poisoning attack 27
28 DNS Cache Poisoning Attacker exploits a flaw in the DNS server software that can make it accept incorrect information If the server does not correctly validate DNS responses to ensure that they have come from an authoritative source Server will end up caching the incorrect entries locally and serve them to users that make the same request 28
29 Evidence Gathering from ARP Table Figure 2-6 The arp -a command displays the ARP table in Windows 29
30 Evidence Gathering at the Data Link Layer: DHCP Database DHCP database provides a means of determining the MAC address associated with the computer in custody Database helps DHCP conclude the MAC address in case DHCP is unable to maintain a permanent log of requests DHCP server maintains a list of recent queries along with the MAC address and IP address Database can be queried by giving the time duration during which the given IP address accessed the server 30
31 Gathering Evidence from an IDS Administrator can configure an intrusion detection system (IDS) to capture network traffic when an alert is generated This data is not a sufficient source of evidence because there is no way to perform integrity checks on the log files Preserving digital evidence is difficult Investigators can record examination results from networking through a serial cable and software Such as the Windows HyperTerminal program or a script on UNIX 31
32 Tool: Tcpdump Powerful tool that extracts network packets and performs statistical analysis on those dumps Operates by putting the network card into promiscuous mode Tcpdump report consists of the following: Captured packet count Received packet count Count of packets dropped by kernel Supported by various platforms 32
33 Tool: WinDump Port of Tcpdump for the Windows platform WinDump is fully compatible with Tcpdump Can be used to watch and diagnose network traffic according to various complex rules WinDump is simple to use and works at the command-line level With the command: windump n S vv The n option tells WinDump to display IP addresses instead of computer names 33
34 Tool: Wireshark Formerly known as Ethereal GUI-based network protocol analyzer Lets the user interactively browse packet data from a live network or from a previously saved capture file Wireshark s native capture file format is the libpcap format Also the format used by Tcpdump and various other tools 34
35 Tool: Wireshark Figure 2-7 Wireshark can show information about all captured packets 35
36 Tool: CommView A network monitor and analysis tool Provides a complete picture of the traffic flowing through a PC or LAN segment Captures every packet on the wire and displays information and vital statistics about the captured packets Users can examine, save, filter, import, and export captured packets Includes an add-on called the Remote Agent Allows users to capture network traffic on any computer where Remote Agent is running 36
37 Tool: HTTP Sniffer An HTTP packet sniffer, protocol analyzer, and file reassembly tool for Windows Captures IP packets containing HTTP messages Rebuilds the HTTP sessions and reassembles files sent through HTTP Features: Powerful HTTP file rebuilder Multiple file-type support Powerful packet-capturing filter Customized logging 37
38 Tool: EtherDetect Packet Sniffer A connection-oriented packet sniffer and network protocol analyzer A user can: Capture full packets Organize packets by TCP connections or UDP threads Passively monitor the network View packets in hex format 38
39 Tool: OmniPeek A network analysis tool used to quickly analyze and troubleshoot network problems at the enterprise level Some features include the ability to: Analyze traffic from any local network segment Drill down to see which network nodes are communicating, which protocols are being transmitted, and which traffic characteristics are affecting network performance Change filters on the fly View packet-stream-based analytics 39
40 Tool: OmniPeek Figure 2-8 OmniPeek provides different views of captured packets 40
41 Tool: Iris Network Traffic Analyzer Provides network traffic analysis and reporting functionality Captures network traffic and can automatically reassemble it to its native format Investigator can configure it to capture only specific data through any combination of packet filters 41
42 Tool: SmartSniff Provides ability to view captured TCP/IP packets as sequences of conversations between clients and servers Some features include: Color coding of local and remote traffic Exporting to HTML and other formats A basic, but very small and standalone, protocol analyzer 42
43 Tool: NetSetMan A network settings manager that allows a user to easily switch between six different network settings profiles that include the following: IP address Subnet mask Default gateway Preferred and alternate DNS servers Computer name Workgroup DNS domain and more 43
44 Tool: Distinct Network Monitor Displays live network traffic statistics Includes a scheduler that allows an administrator to run a scheduled collection of network traffic statistics or packet captures Some features include: A drill-down capability showing all the local hardware addresses that have generated the packets Reporting feature allows a user to create statistics reports in HTML and CSV formats Can discover which ports on a system are open 44
45 Tools More tools include: EtherApe Colasoft Capsa Network Analyzer AnalogX PacketMon IE HTTP Analyzer EtherScan Analyzer Sniphere AWRC Pro (Atelier Web Remote Commander Pro) IPgrab GPRS Network Sniffer 45
46 Tools More tools include (cont d): Siemens Monitoring Center RSA NetWitness NetResident InfinitiStream etrust Network Forensics Paraben P2C4 46
47 Tool: Snort Intrusion Detection System Snort features include: Detects threats based on pattern matching Uses syslog, SMB messages, or a file to alert an administrator Develops new rules quickly once the pattern (attack signature) is known for a vulnerability Records packets from the offending IP address in a hierarchical directory structure Records the presence of traffic that should not be found on the network 47
48 Snort Rules There are a number of rules that Snort allows a user to write Each Snort rules must describe the following: Any violation of the security policy of the company that might be a threat to the security of the company s network and other valuable information All the well-known and common attempts to exploit the vulnerabilities in the company s network The conditions in which a user thinks that the identity of a network packet is not authentic 48
49 Snort Rules Figure 2-10 Snort is a powerful IDS that allows users to write new rules 49
50 Tool: IDS Policy Manager Manages Snort IDS sensors in a distributed environment Features include: Ability to update rules via the Web Can manage multiple sensors with multiple policy files Can upload policy files via SFTP and FTP Supports external rule set for BleedingSnort and Snort Community rules Can learn details about a signature 50
51 Documenting the Evidence Gathered on a Network Documenting the evidence gathered on a network is easy if the network logs are small, as a printout can be taken and tested Documenting digital evidence on a network becomes more complex when the evidence is gathered from systems that are in remote locations Because of the unavailability of date and time stamps of the related files For documentation and integrity of the document, it is advisable to follow a standard methodology 51
52 Evidence Reconstruction for Investigation Gathering evidence on a network is cumbersome for the following reasons: Evidence is not static and not concentrated at a single point on the network Variety of the evidence-gathering process more difficult hardware and software found on the network makes 52
53 Evidence Reconstruction for Investigation Three fundamentals of reconstruction for investigating a crime: Temporal analysis Relational analysis Functional analysis 53
54 Summary There are two types of network addressing schemes: LAN addressing and Internetwork addressing Sniffing tools are software or hardware that can intercept and log traffic passing over a digital network or part of a network The ARP table of a router comes in handy for investigating network attacks, as the table contains IP addresses associated with the respective MAC addresses 54
55 Summary The DHCP server maintains a list of recent queries, along with the MAC address and IP address An administrator can configure an IDS to capture network traffic when an alert is generated 55
CIT 380: Securing Computer Systems. Network Security Concepts
CIT 380: Securing Computer Systems Network Security Concepts Topics 1. Protocols and Layers 2. Layer 2 Network Concepts 3. MAC Spoofing 4. ARP 5. ARP Spoofing 6. Network Sniffing Protocols A protocol defines
More informationIntroduction to Computer Networks. CS 166: Introduction to Computer Systems Security
Introduction to Computer Networks CS 166: Introduction to Computer Systems Security Network Communication Communication in modern networks is characterized by the following fundamental principles Packet
More informationTCP/IP Protocol Suite and IP Addressing
TCP/IP Protocol Suite and IP Addressing CCNA 1 v3 Module 9 10/11/2005 NESCOT CATC 1 Introduction to TCP/IP U.S. DoD created the TCP/IP model. Provides reliable data transmission to any destination under
More informationE&CE 358: Tutorial 1. Instructor: Sherman (Xuemin) Shen TA: Miao Wang
E&CE 358: Tutorial 1 Instructor: Sherman (Xuemin) Shen TA: Miao Wang Email: m59wang@uwaterloo.ca 1 About Tutorials TA: Miao Wang Office: EIT 3133; Tutorials: Th 4:30 5:20 pm Topics Supplementary knowledge
More informationComputer Networks Security: intro. CS Computer Systems Security
Computer Networks Security: intro CS 166 - Computer Systems Security A very easy network 3/14/16 Computer Networks: Intro 2 Two philosophers example Translator Language Translator Engineer Communication
More informationSC/CSE 3213 Winter Sebastian Magierowski York University CSE 3213, W13 L8: TCP/IP. Outline. Forwarding over network and data link layers
SC/CSE 3213 Winter 2013 L8: TCP/IP Overview Sebastian Magierowski York University 1 Outline TCP/IP Reference Model A set of protocols for internetworking The basis of the modern IP Datagram Exchange Examples
More informationHands-On TCP/IP Networking
Hands-On Course Description In this Hands-On TCP/IP course, the student will work on a live TCP/IP network, reinforcing the discussed subject material. TCP/IP is the communications protocol suite on which
More informationCONTENTS IN DETAIL ACKNOWLEDGMENTS INTRODUCTION 1 PACKET ANALYSIS AND NETWORK BASICS 1 2 TAPPING INTO THE WIRE 17 3 INTRODUCTION TO WIRESHARK 35
CONTENTS IN DETAIL ACKNOWLEDGMENTS xv INTRODUCTION xvii Why This Book?...xvii Concepts and Approach...xviii How to Use This Book... xix About the Sample Capture Files... xx The Rural Technology Fund...
More informationDefining Networks with the OSI Model. Module 2
Defining Networks with the OSI Model Module 2 Objectives Skills Concepts Objective Domain Description Objective Domain Number Understanding OSI Basics Defining the Communications Subnetwork Defining the
More informationInterconnecting Networks with TCP/IP. 2000, Cisco Systems, Inc. 8-1
Interconnecting Networks with TCP/IP 2000, Cisco Systems, Inc. 8-1 Objectives Upon completion of this chapter you will be able to perform the following tasks: Identify the IP protocol stack, its protocol
More informationChapter 7. Local Area Network Communications Protocols
Chapter 7 Local Area Network Communications Protocols The Network Layer The third layer of the OSI Model is the network layer. The network layer is concerned with providing a means for hosts to communicate
More informationWhen does it work? Packet Sniffers. INFO Lecture 8. Content 24/03/2009
Packet Sniffers INFO 404 - Lecture 8 24/03/2009 nfoukia@infoscience.otago.ac.nz Definition Sniffer Capabilities How does it work? When does it work? Preventing Sniffing Detection of Sniffing References
More informationThe following virtual machines are required for completion of this lab: Exercise I: Mapping a Network Topology Using
Module 08: Sniffers Objective The objective of this lab is to make students learn to sniff a network and analyze packets for any attacks on the network. The primary objectives of this lab are to: Sniff
More informationData and Computer Communications. Chapter 2 Protocol Architecture, TCP/IP, and Internet-Based Applications
Data and Computer Communications Chapter 2 Protocol Architecture, TCP/IP, and Internet-Based s 1 Need For Protocol Architecture data exchange can involve complex procedures better if task broken into subtasks
More informationComputer Networks. More on Standards & Protocols Quality of Service. Week 10. College of Information Science and Engineering Ritsumeikan University
Computer Networks More on Standards & Protocols Quality of Service Week 10 College of Information Science and Engineering Ritsumeikan University Introduction to Protocols l A protocol is a set of rules
More informationCYBER ATTACKS EXPLAINED: PACKET SPOOFING
CYBER ATTACKS EXPLAINED: PACKET SPOOFING Last month, we started this series to cover the important cyber attacks that impact critical IT infrastructure in organisations. The first was the denial-of-service
More informationECE4110 Internetwork Programming. Introduction and Overview
ECE4110 Internetwork Programming Introduction and Overview 1 EXAMPLE GENERAL NETWORK ALGORITHM Listen to wire Are signals detected Detect a preamble Yes Read Destination Address No data carrying or noise?
More informationChapter 2 - Part 1. The TCP/IP Protocol: The Language of the Internet
Chapter 2 - Part 1 The TCP/IP Protocol: The Language of the Internet Protocols A protocol is a language or set of rules that two or more computers use to communicate 2 Protocol Analogy: Phone Call Parties
More informationNETWORK INTRUSION. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006
NETWORK INTRUSION Information Security in Systems & Networks Public Development Program Sanjay Goel University at Albany, SUNY Fall 2006 1 Learning Objectives Students should be able to: Recognize different
More informationNetworking interview questions
Networking interview questions What is LAN? LAN is a computer network that spans a relatively small area. Most LANs are confined to a single building or group of buildings. However, one LAN can be connected
More informationTestOut Network Pro - English 4.1.x COURSE OUTLINE. Modified
TestOut Network Pro - English 4.1.x COURSE OUTLINE Modified 2017-07-06 TestOut Network Pro Outline - English 4.1.x Videos: 141 (18:42:14) Demonstrations: 81 (10:38:59) Simulations: 92 Fact Sheets: 145
More informationTestOut Network Pro - English 5.0.x COURSE OUTLINE. Modified
TestOut Network Pro - English 5.0.x COURSE OUTLINE Modified 2018-03-06 TestOut Network Pro Outline - English 5.0.x Videos: 130 (17:10:31) Demonstrations: 78 (8:46:15) Simulations: 88 Fact Sheets: 136 Exams:
More informationOverview of TCP/IP Overview of TCP/IP protocol: TCP/IP architectural models TCP protocol layers.
Overview of TCP/IP 3 Overview of TCP/IP protocol: TCP/IP architectural models TCP protocol layers. 4 2 5 6 3 7 8 4 9 10 5 11 12 6 13 14 7 15 16 8 17 18 9 19 20 10 21 Why TCP/IP? Packet based Provides decentralized
More informationEXAM - HP0-Y52. Applying HP FlexNetwork Fundamentals. Buy Full Product.
HP EXAM - HP0-Y52 Applying HP FlexNetwork Fundamentals Buy Full Product http://www.examskey.com/hp0-y52.html Examskey HP HP0-Y52 exam demo product is here for you to test the quality of the product. This
More informationThe OSI Model. Open Systems Interconnection (OSI). Developed by the International Organization for Standardization (ISO).
Network Models The OSI Model Open Systems Interconnection (OSI). Developed by the International Organization for Standardization (ISO). Model for understanding and developing computer-to-computer communication
More informationch02 True/False Indicate whether the statement is true or false.
ch02 True/False Indicate whether the statement is true or false. 1. No matter what medium connects computers on a network copper wires, fiber-optic cables, or a wireless setup the same protocol must be
More informationNETWORK PACKET ANALYSIS PROGRAM
NETWORK PACKET ANALYSIS PROGRAM Duration: 3 days (21 hours) Mode: 1. Instructor Led Class room Training and Labs 2. Online In this hands-on course, you will receive in-depth training on Protocol analysis
More informationCisco Interconnecting Cisco Networking Devices Part 1.
Cisco 100-105 Interconnecting Cisco Networking Devices Part 1 http://killexams.com/pass4sure/exam-detail/100-105 Question: 323 Refer to the exhibit. SwitchA receives the frame with the addressing shown.
More informationAN TOÀN LỚP 4: TCP/IP ATTACKS NGUYEN HONG SON PTITHCM
1 AN TOÀN LỚP 4: TCP/IP ATTACKS NGUYEN HONG SON PTITHCM 2 Introduction (1/2) TCP provides a full duplex reliable stream connection between two end points A connection is uniquely defined by the quadruple
More informationConcept Questions Demonstrate your knowledge of these concepts by answering the following questions in the space that is provided.
223 Chapter 19 Inter mediate TCP The Transmission Control Protocol/Internet Protocol (TCP/IP) suite of protocols was developed as part of the research that the Defense Advanced Research Projects Agency
More informationLab 4: Network Packet Capture and Analysis using Wireshark
Lab 4: Network Packet Capture and Analysis using Wireshark 4.1 Details Aim: To provide a foundation in network packet capture and analysis. You may be faced with network traffic analysis, from traffic
More informationLab 1: Packet Sniffing and Wireshark
Lab 1: Packet Sniffing and Wireshark Fengwei Zhang Wayne State University Course: Cyber Security Practice 1 Packet Sniffer Packet sniffer is a basic tool for observing network packet exchanges in a computer
More informationTCP/IP THE TCP/IP ARCHITECTURE
TCP/IP-1 The Internet Protocol (IP) enables communications across a vast and heterogeneous collection of networks that are based on different technologies. Any host computer that is connected to the Internet
More informationCCNA Exploration Network Fundamentals. Chapter 03 Application Functionality and Protocols
CCNA Exploration Network Fundamentals Chapter 03 Application Functionality and Protocols Updated: 27/04/2008 1 3.1 Applications: The Interface Between Human and Networks Applications provide the means
More informationMuhammad Farooq-i-Azam CHASE-2006 Lahore
Muhammad Farooq-i-Azam CHASE-2006 Lahore Overview Theory Existing Sniffers in action Switched Environment ARP Protocol and Exploitation Develop it yourself 2 Network Traffic Computers and network devices
More informationZENworks for Desktops Preboot Services
3.2 Novell ZENworks for Desktops Preboot Services DEPLOYMENT www.novell.com Legal Notices Novell, Inc. makes no representations or warranties with respect to the contents or use of this documentation,
More informationSUBJECT: DATA COMMUNICATION AND NETWORK SEMESTER: V SEMESTER COURSE: BCA SUBJECT TEACHER: Dr.K.Chitra Assistant Professor, Department of Computer
SUBJECT: DATA COMMUNICATION AND NETWORK SEMESTER: V SEMESTER COURSE: BCA SUBJECT TEACHER: Dr.K.Chitra Assistant Professor, Department of Computer Science Chapter - 2 Switching and Network Architecture
More informationChapter 2. Communicating Over The Network. CCNA1-1 Chapter 2
Chapter 2 Communicating Over The Network CCNA1-1 Chapter 2 Communicating Over the Network The Platform for Communications CCNA1-2 Chapter 2 Elements of Communication People communicate in many different
More informationLayer 4: UDP, TCP, and others. based on Chapter 9 of CompTIA Network+ Exam Guide, 4th ed., Mike Meyers
Layer 4: UDP, TCP, and others based on Chapter 9 of CompTIA Network+ Exam Guide, 4th ed., Mike Meyers Concepts application set transport set High-level, "Application Set" protocols deal only with how handled
More informationBrief Contents. Acknowledgments... xv. Introduction...xvii. Chapter 1: Packet Analysis and Network Basics Chapter 2: Tapping into the Wire...
Brief Contents Acknowledgments... xv Introduction...xvii Chapter 1: Packet Analysis and Network Basics... 1 Chapter 2: Tapping into the Wire... 17 Chapter 3: Introduction to Wireshark... 37 Chapter 4:
More informationNetwork Reference Models
Network Reference Models LECTURE (2) Network Reference Models A framework (guideline) for network implementation and troubleshooting. Divides complex functions into simpler components. Importance of reference
More informationCommunicating over the Network
Communicating over the Network Network Fundamentals Chapter 2 Version 4.0 1 Network Structure The elements of communication 3 common elements of communication Message source people/electronic devices need
More informationn Describe sniffing concepts, including active and passive sniffing n Describe sniffing countermeasures n Describe signature analysis within Snort
Outline n Describe sniffing concepts, including active and passive sniffing and protocols susceptible to sniffing n Describe ethical hacking techniques for Layer 2 traffic Chapter #4: n Describe sniffing
More informationAN INTRODUCTION TO ARP SPOOFING
AN INTRODUCTION TO ARP SPOOFING April, 2001 Sean Whalen Sophie Engle Dominic Romeo GENERAL INFORMATION Introduction to ARP Spoofing (April 2001) Current Revision: 1.8 Available: http://chocobospore.org
More information20-CS Cyber Defense Overview Fall, Network Basics
20-CS-5155 6055 Cyber Defense Overview Fall, 2017 Network Basics Who Are The Attackers? Hackers: do it for fun or to alert a sysadmin Criminals: do it for monetary gain Malicious insiders: ignores perimeter
More informationLecture-4. TCP/IP-Overview:
Lecture-4 TCP/IP-Overview: The history goes back to ARPANET a research network sponsored by DoD US Govt. It eventually connected hundreds of universities and govt installations, using leased telephone
More informationCCNA R&S: Introduction to Networks. Chapter 10: The Application Layer
CCNA R&S: Introduction to Networks Chapter 10: The Application Layer Frank Schneemann 10.0.1.1 Introduction 10.0.1.2 Activity - Application Investigation 10.1.1.1 OSI and TCP/IP Models Revisited The application
More informationTCP/IP Networking. Training Details. About Training. About Training. What You'll Learn. Training Time : 9 Hours. Capacity : 12
TCP/IP Networking Training Details Training Time : 9 Hours Capacity : 12 Prerequisites : There are no prerequisites for this course. About Training About Training TCP/IP is the globally accepted group
More informationInterconnecting Networks with TCP/IP
Chapter 8 Interconnecting s with TCP/IP 1999, Cisco Systems, Inc. 8-1 Introduction to TCP/IP Internet TCP/IP Early protocol suite Universal 1999, Cisco Systems, Inc. www.cisco.com ICND 8-2 TCP/IP Protocol
More informationA Framework for Optimizing IP over Ethernet Naming System
www.ijcsi.org 72 A Framework for Optimizing IP over Ethernet Naming System Waleed Kh. Alzubaidi 1, Dr. Longzheng Cai 2 and Shaymaa A. Alyawer 3 1 Information Technology Department University of Tun Abdul
More informationThe Internet. 9.1 Introduction. The Internet is a global network that supports a variety of interpersonal and interactive multimedia applications.
The Internet 9.1 Introduction The Internet is a global network that supports a variety of interpersonal and interactive multimedia applications. Associated with each access network - ISP network, intranet,
More informationCCNA Exploration1 Chapter 3: Application Layer Functionality and Protocols
CCNA Exploration1 Chapter 3: Application Layer Functionality and Protocols LOCAL CISCO ACADEMY ELSYS TU INSTRUCTOR: STELA STEFANOVA 1 Objectives Functions of the three upper OSI model layers, network services
More informationCompTIA Network+ Study Guide Table of Contents
CompTIA Network+ Study Guide Table of Contents Course Introduction Table of Contents Getting Started About This Course About CompTIA Certifications Module 1 / Local Area Networks Module 1 / Unit 1 Topologies
More informationDigital forensics Technical Fundamentals. Saurabh Singh
Digital forensics Technical Fundamentals Saurabh Singh 159744151 saurabhgcet1989@gmail.com Topics Source of network based evidence Principles of internetworking Internet protocol Suite conclusion Source
More informationCompTIA Exam JK0-023 CompTIA Network+ certification Version: 5.0 [ Total Questions: 1112 ]
s@lm@n CompTIA Exam JK0-023 CompTIA Network+ certification Version: 5.0 [ Total Questions: 1112 ] Topic break down Topic No. of Questions Topic 1: Network Architecture 183 Topic 3: Troubleshooting 140
More informationEMT2455 Data Communications 4. Network Layer. Dr. Xiaohai Li. Dept. of Computer Eng. Tech., NYCCT. Last Update: Nov.
EMT2455 Data Communications 4. Network Layer Dr. Xiaohai Li xhli@citytech.cuny.edu Dept. of Computer Eng. Tech., NYCCT Last Update: Nov. 2014 Copyright Notice The slides include pictures, figures, diagrams,
More informationUnit 28 Website Production ASSIGNMENT 1
Unit 28 Website Production ASSIGNMENT 1 Last week Learning outcomes History HTML skeleton Annotated diagram of a WAN Servers, routers, client PC, browser, Server OS Switch, packet Architecture ISP Web
More informationActual4Test. Actual4test - actual test exam dumps-pass for IT exams
Actual4Test http://www.actual4test.com Actual4test - actual test exam dumps-pass for IT exams Exam : 200-125 Title : CCNA Cisco Certified Network Associate CCNA (v3.0) Vendor : Cisco Version : DEMO Get
More informationThis course prepares candidates for the CompTIA Network+ examination (2018 Objectives) N
CompTIA Network+ (Exam N10-007) Course Description: CompTIA Network+ is the first certification IT professionals specializing in network administration and support should earn. Network+ is aimed at IT
More information06/02/ Local & Metropolitan Area Networks 0. INTRODUCTION. 1. History and Future of TCP/IP ACOE322
1 Local & Metropolitan Area Networks ACOE322 Lecture 5 TCP/IP Protocol suite and IP addressing 1 0. INTRODUCTION We shall cover in this topic: 1. The relation of TCP/IP with internet and OSI model 2. Internet
More informationLecture 17 Overview. Last Lecture. Wide Area Networking (2) This Lecture. Internet Protocol (1) Source: chapters 2.2, 2.3,18.4, 19.1, 9.
Lecture 17 Overview Last Lecture Wide Area Networking (2) This Lecture Internet Protocol (1) Source: chapters 2.2, 2.3,18.4, 19.1, 9.2 Next Lecture Internet Protocol (2) Source: chapters 19.1, 19.2, 22,1
More informationChapter 10: Application Layer CCENT Routing and Switching Introduction to Networks v6.0
Chapter 10: Application Layer CCENT Routing and Switching Introduction to Networks v6.0 CCNET v6 10 Chapter 10 - Sections & Objectives 10.1 Application Layer Protocols Explain the operation of the application
More informationLecture 8. Reminder: Homework 3, Programming Project 2 due on Thursday. Questions? Tuesday, September 20 CS 475 Networks - Lecture 8 1
Lecture 8 Reminder: Homework 3, Programming Project 2 due on Thursday. Questions? Tuesday, September 20 CS 475 Networks - Lecture 8 1 Outline Chapter 3 - Internetworking 3.1 Switching and Bridging 3.2
More informationOSI and TCP/IP Models
EECS 3214 Department of Electrical Engineering & Computer Science York University 18-01-08 12:12 1 OSI and / Models 2 1 / Encapsula5on (Packet) (Frame) 3 / Model and Example Protocols A list of protocols
More informationACL Rule Configuration on the WAP371
Article ID: 5089 ACL Rule Configuration on the WAP371 Objective A network access control list (ACL) is an optional layer of security that acts as a firewall for controlling traffic in and out of a subnet.
More informationChapter 2 Network Models 2.1
Chapter 2 Network Models 2.1 Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. 2-1 LAYERED TASKS We use the concept of layers in our daily life. As an example,
More informationChapter 2. Communicating Over The Network
Chapter 2 Communicating Over The Network CCNA1-1 Chapter 2 Note for Instructors These presentations are the result of a collaboration among the instructors at St. Clair College in Windsor, Ontario. Thanks
More informationIntroduction to TCP/IP
Introduction to TCP/IP Properties and characteristics of TCP/IP IPv4 IPv6 Public vs private vs APIPA/link local Static vs dynamic Client-side DNS settings Client-side DHCP Subnet mask vs CIDR Gateway TCP/IP
More informationCOMPARATIVE ANALYSIS OF PACKET SNIFFERS : A STUDY
COMPARATIVE ANALYSIS OF PACKET SNIFFERS : A STUDY ABSTRACT Jyoti Senior Engineer, Bharat Electronics Limited (India) Today everything is being centralized through a common dedicated network to ease its
More informationCIS 5373 Systems Security
CIS 5373 Systems Security Topic 4.1: Network Security Basics Endadul Hoque Slide Acknowledgment Contents are based on slides from Cristina Nita-Rotaru (Northeastern) 2 Network Security INTRODUCTION 3 What
More informationSection 1.1: Networking Overview
Section 1.1: Networking Overview This section provides an introduction to networking. Students will become familiar with the following aspects of a network: Components of a network o Computers o Transmission
More informationReview of Important Networking Concepts
Review of Important Networking Concepts Review: ed communication architecture The TCP/IP protocol suite 1 Networking Concepts Protocol Architecture Protocol s Encapsulation Network Abstractions 2 1 Sending
More informationCS475 Networks Lecture 8 Chapter 3 Internetworking. Ethernet or Wi-Fi).
Assignments Reading for Lecture 9: Section 3.3 3.2 Basic Internetworking (IP) Bridges and LAN switches from last section have limited ability CS475 Networks Lecture 8 Chapter 3 Internetworking is a logical
More information5105: BHARATHIDASAN ENGINEERING COLLEGE NATTARMPALLI UNIT I FUNDAMENTALS AND LINK LAYER PART A
5105: BHARATHIDASAN ENGINEERING COLLEGE NATTARMPALLI 635 854. NAME OF THE STAFF : R.ANBARASAN DESIGNATION & DEPARTMENT : AP/CSE SUBJECT CODE : CS 6551 SUBJECT NAME : COMPUTER NETWORKS UNIT I FUNDAMENTALS
More informationNetwork Security. Network Vulnerabilities
Network Security Network Vulnerabilities 1 Attacks and the OSI Stack Stack layer Services Protocols Application; Presentation; Session Transport DNS SMTP TCP Network Routers IP Logic Physical Switches
More informationInterconnecting Cisco Networking Devices Part1 ( ICND1) Exam.
Cisco 640-822 Interconnecting Cisco Networking Devices Part1 ( ICND1) Exam TYPE: DEMO http://www.examskey.com/640-822.html Examskey Cisco 640-822 exam demo product is here for you to test quality of the
More informationHands-On Ethical Hacking and Network Defense
Hands-On Ethical Hacking and Network Defense Chapter 2 TCP/IP Concepts Review Last modified 1-11-17 Objectives Describe the TCP/IP protocol stack Explain the basic concepts of IP addressing Explain the
More informationNetwork Security. Dr. Ihsan Ullah. Department of Computer Science & IT University of Balochistan, Quetta Pakistan. June 18, 2015
Network Security Dr. Ihsan Ullah Department of Computer Science & IT University of Balochistan, Quetta Pakistan June 18, 2015 1 / 19 ARP (Address resolution protocol) poisoning ARP is used to resolve 32-bit
More informationChapter 2 Communicating Over the Network
Chapter 2 Communicating Over the Network Elements of Communication Communicating the Messages Continuous stream of bits 00101010100101010101010101010101010 I have to wait Single communications (e.g. video,
More informationTCP/IP and the OSI Model
TCP/IP BASICS TCP/IP and the OSI Model TCP/IP BASICS The network protocol of the Internet Composed of six main protocols IP Internet Protocol UDP User Datagram Protocol TCP Transmission Control Protocol
More informationMTA_98-366_Vindicator930
MTA_98-366_Vindicator930 Number: 98-366 Passing Score: 700 Time Limit: 45 min File Version: 1.0 http://www.gratisexam.com/ Microsoft Technology Associate Networking Fundamentals MTA 98-366 Exam A QUESTION
More informationLecture 8. Basic Internetworking (IP) Outline. Basic Internetworking (IP) Basic Internetworking (IP) Service Model
Lecture 8 Basic Internetworking (IP) Reminder: Homework 3, Programming Project 2 due on Tuesday. An example internet is shown at right. Routers or gateways are used to connect different physical networks.
More informationNetworking Fundamentals
Networking Fundamentals Network Startup Resource Center www.nsrc.org These materials are licensed under the Creative Commons Attribution-NonCommercial 4.0 International license (http://creativecommons.org/licenses/by-nc/4.0/)
More informationIntroduction to Networking
Introduction to Networking Chapters 1 and 2 Outline Computer Network Fundamentals Defining a Network Networks Defined by Geography Networks Defined by Topology Networks Defined by Resource Location OSI
More informationCopyleft 2005, Binnur Kurt. Objectives
1 ing Fundamentals Copyleft 2005, Binnur Kurt Objectives Define basic networking terms Describe some commonly used network applications Describe the main purposes and functions of computer networking Describe
More informationComputer Forensics: Investigating Network Intrusions and Cyber Crime, 2nd Edition. Chapter 3 Investigating Web Attacks
Computer Forensics: Investigating Network Intrusions and Cyber Crime, 2nd Edition Chapter 3 Investigating Web Attacks Objectives After completing this chapter, you should be able to: Recognize the indications
More informationIntroduction to OSI model and Network Analyzer :- Introduction to Wireshark
Sungkyunkwan University Introduction to OSI model and Network Analyzer :- Introduction to Wireshark Syed Muhammad Raza s.moh.raza@gmail.com Copyright 2000-2014 Networking Laboratory 1/56 An Overview Internet
More informationB.Sc. (Hons.) Computer Science with Network Security B.Eng. (Hons) Telecommunications B.Sc. (Hons) Business Information Systems
B.Sc. (Hons.) Computer Science with Network Security B.Eng. (Hons) Telecommunications B.Sc. (Hons) Business Information Systems Bridge BTEL/PT BCNS/14/FT BIS/14/FT BTEL/14/FT Examinations for 2014-2015
More informationNetwork Architecture Models
School of Business Eastern Illinois University Network Architecture Models (September 8, 2009) Abdou Illia, Fall 2009 Learning Objectives 2 Discuss the OSI reference Model Discuss the Internet Model Compare
More informationCCRI Networking Technology I CSCO-1850 Spring 2014
CCRI Networking Technology I CSCO-1850 Spring 2014 Instructor John Mowry Telephone 401-825-2138 E-mail jmowry@ccri.edu Office Hours Room 2126 Class Sections 102 Monday & Wednesday 6:00PM-9:50PM, starts
More informationOverview Intrusion Detection Systems and Practices
Overview Intrusion Detection Systems and Practices Chapter 13 Lecturer: Pei-yih Ting Intrusion Detection Concepts Dealing with Intruders Detecting Intruders Principles of Intrusions and IDS The IDS Taxonomy
More informationNetwork+ Guide to Networks 6 th Edition. Chapter 4 Introduction to TCP/IP Protocols
Network+ Guide to Networks 6 th Edition Chapter 4 Introduction to TCP/IP Protocols Objectives Identify and explain the functions of the core TCP/IP protocols Explain the TCP/IP model and how it corresponds
More informationTCP/IP Networking Basics
TCP/IP Networking Basics 1 A simple TCP/IP Example A user on host argon.tcpip-lab.edu ( Argon ) makes a web access to URL http://neon.tcpip-lab.edu/index.html. What actually happens in the network? 2 HTTP
More informationPROGRAMMING Kyriacou E. Frederick University Cyprus. Network communication examples
ACSC424 NETWORK APPLICATION PROGRAMMING Kyriacou E. Frederick University Cyprus communication examples The OSI reference model (proposed by ISO) Application A Application B 2 Application Application Presentation
More informationChapter 3: Network Protocols and Communications
Chapter 3: Network Protocols and Communications Introduction to Networks Intro to Networks v5 Message Delivery Options IPv4 Unicast One-to-One Multicast One-to-Many Broadcast One-to-All IPv6 Unicast One-to-One
More informationThe Data Link Layer. 32 PART I Networking Basics
32 PART I Networking Basics weather station. More realistic devices use duplex mode, where all systems can send or receive with equal facility. This is often further distinguished as half-duplex (the system
More informationITEC 3210 M - Applied Data Communications and Networks. Professor: Younes Benslimane, Ph.D.
ITEC 3210 M - Applied Data Communications and Networks Professor: Younes Benslimane, Ph.D. Midterm Exam February 11 th 2013 Instructions Duration: 1 hour 20 minutes Answer all questions No documentation
More informationComputer Communication & Networks / Data Communication & Computer Networks Week # 03
Computer Communication & Networks / Data Communication & Computer Networks Week # 03 M.Nadeem Akhtar CS & IT Department The University of Lahore Email: nadeem.akhtar@cs.uol.edu.pk URL-https://sites.google.com/site/nadeemuolcsccn/home
More informationChapter 3: Network Protocols and Communications CCENT Routing and Switching Introduction to Networks v6.0 Instructor Planning Guide
Chapter 3: Network Protocols and Communications CCENT Routing and Switching Introduction to Networks v6.0 Instructor Planning Guide CCNET v6 1 Chapter 3: Network Protocols and Communications CCENT Routing
More informationChapter 2. Switch Concepts and Configuration. Part II
Chapter 2 Switch Concepts and Configuration Part II CCNA3-1 Chapter 2-2 Switch Concepts and Configuration Configuring Switch Security MAC Address Flooding Passwords Spoofing Attacks Console Security Tools
More information