Some Considerations on Protocol Analysis and Debugging

Similar documents
Introduction to Wireshark

Introduction to OSI model and Network Analyzer :- Introduction to Wireshark

CONTENTS IN DETAIL ACKNOWLEDGMENTS INTRODUCTION 1 PACKET ANALYSIS AND NETWORK BASICS 1 2 TAPPING INTO THE WIRE 17 3 INTRODUCTION TO WIRESHARK 35

Sniffing. Michael Sonntag Institute for Information processing and microprocessor technology (FIM) Johannes Kepler University Linz, Austria

So What is WireShark?

Introduction to Computer Networks. CS 166: Introduction to Computer Systems Security

IP Network Troubleshooting Part 3. Wayne M. Pecena, CPBE, CBNE Texas A&M University Educational Broadcast Services - KAMU

Lab I: Using tcpdump and Wireshark

DKT 224/3 LAB 2 NETWORK PROTOCOL ANALYZER DATA COMMUNICATION & NETWORK SNIFFING AND IDENTIFY PROTOCOL USED IN LIVE NETWORK

Introduction to OSI model and Network Analyzer :- Introduction to Wireshark

ECE 697J Advanced Topics in Computer Networks

Lab Exercise UDP. Objective. Requirements. Step 1: Capture a Trace

CS519: Computer Networks. Lecture 1 (part 2): Jan 28, 2004 Intro to Computer Networking

Brief Contents. Acknowledgments... xv. Introduction...xvii. Chapter 1: Packet Analysis and Network Basics Chapter 2: Tapping into the Wire...

Objectives: (1) To learn to capture and analyze packets using wireshark. (2) To learn how protocols and layering are represented in packets.

Network Traffic Analysis - Course Outline

Introduction to Troubleshooting TCP/IP Networks with Wireshark

Computer Networks A Simple Network Analyzer PART A undergraduates and graduates PART B graduate students only

Trace Collection Guidelines

Network Analyzer :- Introduction to Wireshark

ECE 158A: Lecture 13. Fall 2015

Lab Exercise Protocol Layers

Computer Networks Security: intro. CS Computer Systems Security

E&CE 358: Tutorial 1. Instructor: Sherman (Xuemin) Shen TA: Miao Wang

Configure Multicast on Cisco Mobility Express AP's

NETWORK PACKET ANALYSIS PROGRAM

Computer Networks A Simple Network Analyzer Decoding Ethernet and IP headers

MTA_98-366_Vindicator930

Network Forensics (wireshark) Cybersecurity HS Summer Camp

n Describe sniffing concepts, including active and passive sniffing n Describe sniffing countermeasures n Describe signature analysis within Snort

CIT 380: Securing Computer Systems. Network Security Concepts

Network packet analyzer Wireshark

ECE 435 Network Engineering Lecture 15

Advanced Network Troubleshooting Using Wireshark (Hands-on)

Chapter 3: Network Protocols and Communications

User Manual. (Professional Edition)

Lab 1: Packet Sniffing and Wireshark

Packet Capturing with TCPDUMP command in Linux

Chapter 2 Communicating Over the Network

Network sniffing packet capture and analysis

Chapter 3: Network Protocols and Communications CCENT Routing and Switching Introduction to Networks v6.0 Instructor Planning Guide

ICS 351: Networking Protocols

CONTENTS. Getting connected. Ethernet Setup. Connecting a Router. Logging on. Configuring DHCP in Windows. Configuring DHCP on a Mac.

Networks Fall This exam consists of 10 problems on the following 13 pages.

Network Security. Thierry Sans

COMP 2000 W 2012 Lab no. 3 Page 1 of 11

Monitoring the Mobility Express Network

Tools Needed: - PC with Wireshark installed ( - An Ethernet hub or a managed switch with Port mirroring capability

Administrator's Guide

Administrator's Guide

A Simple Network Analyzer Decoding TCP, UDP, DNS and DHCP headers

Hands-On Hacking Techniques 101


301b - LTM TECHNOLOGY SPECIALIST

2

ITTC Communication Networks Laboratory The University of Kansas EECS 563 Introduction to Protocol Analysis with Wireshark

When does it work? Packet Sniffers. INFO Lecture 8. Content 24/03/2009

VPN and IPsec. Network Administration Using Linux. Virtual Private Network and IPSec 04/2009

4 rd class Department of Network College of IT- University of Babylon

Wireless LANs: outline. wireless and WiFi security: WEP, i, WPA, WPA2. networking security wireless ad-hoc and mesh networks

Networking interview questions

libcap_utils Documentation

GRE Tunnel APPLICATION NOTE

Innovation and Cryptoventures. Technology 101. Lee Jacobs and Campbell R. Harvey. February 22, 2017

COMPARATIVE ANALYSIS OF PACKET SNIFFERS : A STUDY

Catalyst Switches for Microsoft Network Load Balancing Configuration Example

Internetwork Expert s CCNP Bootcamp. Wireless LANs. WLANs replace Physical (layer 1) and Data Link (layer 2) transports with wireless

Capturing & Analyzing Network Traffic: tcpdump/tshark and Wireshark

Lab Assignment for Chapter 1

CSCD433/533 Advanced Networks Winter 2017 Lecture 13. Raw vs. Cooked Sockets

Ethernet Hub. Campus Network Design. Hubs. Sending and receiving Ethernet frames via a hub

The explosive growth of the Internet. IPv4 address space, 32-bit Real-time and interactive applications

Cisco Nexus 7000 Series Architecture: Built-in Wireshark Capability for Network Visibility and Control

Network Communications Standards. Applied Information Technology

Cisco Exam Questions & Answers

The ACK and NACK of Programming

ITP 140 Mobile Applications Technologies. Networks

CSE 461 Midterm Winter 2018

CS164 Final Exam Winter 2013

COMPUTER NETWORK. PREPARED BY: DHAVAL R. PATEL Page 1. Q.1 Explain IP address. IP address is unique number of network device in network.

COMS Introduction to Computers. Networking

Gigabit Ethernet XMVR LAN Services Modules

Gigabit Ethernet XMVR LAN Services Modules

Configuring VLANs CHAPTER

7 Filtering and Firewalling

Network Media and Layer 1 Functionality

SIP security and the great fun with Firewall / NAT Bernie Höneisen SURA / ViDe, , Atlanta, GA (USA)

Administrator's Guide

Administrator's Guide

More on LANs. Roadmap. CPSC Network Programming. ! Hardware Addressing. !LAN Wiring. ! Extending LANs. ! Local Loop Digital Technologies

Securing Wireless LAN Controllers (WLCs)

CPSC 441 COMPUTER COMMUNICATIONS MIDTERM EXAM SOLUTION

HW/Lab 4: IPSec and Wireless Security. CS 336/536: Computer Network Security DUE 11 am on 12/01/2014 (Monday)

Some portions courtesy Srini Seshan or David Wetherall

M!DGE2 Release Notes Firmware version xxx

GIGABIT ETHERNET XMVR LAN SERVICES MODULES

Lab 6: Access Lists. Device Interface IP Address Subnet Mask Gateway/Clock Rate Fa 0/ R1

Packet Sniffing and Spoofing

Implementing IP in IP Tunnel

Experiment 2: Wireshark as a Network Protocol Analyzer

Transcription:

Some Considerations on Protocol Analysis and Debugging 1 Protocol Analysis and Debugging Figuring out why your protocol does not work Finding out why it does not interwork with someone else Understanding what your implementation actually does What does it send? How does it react when it receives what? We focus on the functional aspect for now Numerous tools available Support for many standardized protocols Understanding what is going on between third party implementations Understanding whether your protocols sends the right things Many tools support performance analysis 2

Simple Setup: client Host X client server Host Y (a) client (d) (b) (c) (b) (a) a) In your application b) In your local system c) At the link interfaces d) On the wire/in the air 3 Of course, there are gdb, profilers,... a) In your application Make extensive use of logging Problems may be hard or unpredictable to reproduce Need to live with what you got Use meaningful information, consistent spelling/terminology (for grep(1)) Possibly format lines for later processing Include timestamps, sources, destinations You will figure out what you have missed Format for easy subsequent processing (field separators, etc.) May also be helpful for later performance measurements Use command line switches (or config files) to control (the amount of) logging Recompilations without logging ( #ifdef ) may make errors disappear Log close to transmission and reception Timestamps are more accurate You cannot have accidentally messed with the buffer 4

a) In your application (2) Hexdumps are useful Gets around internal conversion and interpretation Did you receive the wrong thing or did you interpret it incorrectly IPv4 UDP UPnP Packet 00000380: 4500 00a1 7b90 0000 0111 788b 83f6 5140 E...{...x...Q@ 00000390: efff fffa 0d20 076c 008d 7f2d 4d2d 5345....l...-M-SE 000003a0: 4152 4348 202a 2048 5454 502f 312e 310d ARCH * HTTP/1.1. 000003b0: 0a48 6f73 743a 3233 392e 3235 352e 3235.Host:239.255.25 000003c0: 352e 3235 303a 3139 3030 0d0a 5354 3a75 5.250:1900..ST:u 000003d0: 726e 3a73 6368 656d 6173 2d75 706e 702d rn:schemas-upnp- 000003e0: 6f72 673a 6465 7669 6365 3a49 6e74 6572 org:device:inter 000003f0: 6e65 7447 6174 6577 6179 4465 7669 6365 netgatewaydevice 00000400: 3a31 0d0a 4d61 6e3a 2273 7364 703a 6469 :1..Man:"ssdp:di 00000410: 7363 6f76 6572 220d 0a4d 583a 330d 0a0d scover"..mx:3... 00000420: 0add 9224 420f 3e06 008b 0000 008b 0000...$B.>... 00000430: 0001 005e 7fff fa00 0e35 428a 4d08 00...^...5B.M.. 5 b) Local link interface Tools for tapping into the packets exchanged on a link Tcpdump (www.tcpdump.org) Highly configurable command line tool Capture packets seen by the link interface Builds upon packet capturing library (libpcap) Link interface in promiscuous mode: captures all packet on the wire) Otherwise: only packets anyway received by the node Allows for filtering Stores complete capture, selected packets, or prints summary Allows analysis down to the link layer headers Prerequisite: root access to the system in question Does not work for host local traffic! Numerous tools exist for post-processing 6

b) Local link interface Ethereal (now called Wireshark) www.ethereal.com, www.wireshark.org tcpdump with graphical user interface and built-in analysis tools Broad spectrum of support: Following individual (TCP) connections (including performance analysis) Analyzing message contents (including protocol decoding) Obviously does not work if you use security VPN tunnels (IPsec), TLS connections In those cases, you can only analyze their setup 7 c) Link interface (3 rd party monitoring) Ethernet: works only with hubs Switches need to be configured to perform snooping on the certain port WLAN: promiscuous mode often not supported At least in Windows drivers Does not work with WPA and peerwise negotiated keys AirPcap for wireshark Does not work with security (see b) In all cases: Respect the privacy of others 8

(Without root permissions) d) Local monitoring (1) UDP: use multicast and write a small protocol monitor Both sides send multicast packets May use the same multicast addresses May need to filter out own ones May use different multicast addresses A B M 9 d) Local monitoring (2) UDP/TCP: build and use a bridge module Forward received data Log the data in arbitrary formats Interpret the protocol as necessary A M B strace/trace/truss Monitor system calls executed by the application Essentially works just for simple ones Further support may be available from your development tools 10

d) Local monitoring (3) With root permissions and lots of energy :-) use/create monitoring inside the kernel 11 Wireless Networks Just for completeness: finding WLANs For configuration purposes or for debugging performance Who is around? And on which channels? Network stumbler (www.stumbler.net) Kismet (www.kismetwireless.net) Sometimes, it is also worthwhile look at the spectrum Microwave ovens, other noise Need specific piece of sensing hardware 12

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback