Network sniffing packet capture and analysis

Similar documents
Lab 1: Packet Sniffing and Wireshark

Firewalls. October 13, 2017

CIT 380: Securing Computer Systems. Network Security Concepts

DKT 224/3 LAB 2 NETWORK PROTOCOL ANALYZER DATA COMMUNICATION & NETWORK SNIFFING AND IDENTIFY PROTOCOL USED IN LIVE NETWORK

Computer Networks A Simple Network Analyzer Decoding Ethernet and IP headers

Introduction to OSI model and Network Analyzer :- Introduction to Wireshark

Network Traffic Analysis - Course Outline

Introduction to OSI model and Network Analyzer :- Introduction to Wireshark

ITTC Communication Networks Laboratory The University of Kansas EECS 563 Introduction to Protocol Analysis with Wireshark

Advanced Computer Networking. CYBR 230 Jeff Shafer University of the Pacific. Project 2

ITTC Communication Networks Laboratory The University of Kansas EECS 780 Introduction to Protocol Analysis with Wireshark

Lab I: Using tcpdump and Wireshark

Packet Analysis - Wireshark

CSCD433/533 Advanced Networks Winter 2017 Lecture 13. Raw vs. Cooked Sockets

Introduction to Troubleshooting TCP/IP Networks with Wireshark

IP Network Troubleshooting Part 3. Wayne M. Pecena, CPBE, CBNE Texas A&M University Educational Broadcast Services - KAMU

Lab 4: Network Packet Capture and Analysis using Wireshark

Cisco Nexus 7000 Series Architecture: Built-in Wireshark Capability for Network Visibility and Control

When does it work? Packet Sniffers. INFO Lecture 8. Content 24/03/2009

Network Analyzer :- Introduction to Wireshark

Packet Capture & Wireshark. Fakrul Alam

in-the-middle attack

Hands-On Hacking Techniques 101

CSE 461 Midterm Winter 2018

SC/CSE 3213 Winter Sebastian Magierowski York University CSE 3213, W13 L8: TCP/IP. Outline. Forwarding over network and data link layers

CNIT 50: Network Security Monitoring. 6 Command Line Packet Analysis Tools

Brief Contents. Acknowledgments... xv. Introduction...xvii. Chapter 1: Packet Analysis and Network Basics Chapter 2: Tapping into the Wire...

Packet Sniffing and Spoofing

Lecture Outline. Lecture 2. OSI model and networking. The OSI model and networking. The OSI model and networking. The OSI model and networking

Secure Communications Over a Network

COMPUTER NETWORKING LAB EXERCISES (TP) 4

Lab 5 Packet Capture Traffic Analysis With Wireshark

Certified Penetration Testing Consultant

The following topics describe how to configure correlation policies and rules.

Packet Capture Wireshark Fakrul Alam

Introduction to Wireshark

Intrusion Detection. October 19, 2018

Network Forensics (wireshark) Cybersecurity HS Summer Camp

Wireshark Lab: Getting Started

AN TOÀN LỚP 4: TCP/IP ATTACKS NGUYEN HONG SON PTITHCM

Wireshark Lab: Getting Started v7.0

Computer Networks A Simple Network Analyzer PART A undergraduates and graduates PART B graduate students only

CSE4344 Project 2 (Spring 2017) Wireshark Lab: HTTP

Wireshark Lab: Getting Started v7.0

University of Maryland Baltimore County Department of Information Systems Spring 2015

CSIBridge: Computer Science for Digital Forensics and Cyber Security

Lecture (02) Network Protocols and Standards

Agility2018-TCPdump Documentation

n Describe sniffing concepts, including active and passive sniffing n Describe sniffing countermeasures n Describe signature analysis within Snort

Wireshark. Why we need to capture packet & how it s related to security? 6/19/ June 2018 PacNOG 22, Honiara, Solomon Islands Supported by:

Experiment 2: Wireshark as a Network Protocol Analyzer

Computer Networks. Syllabus Ver Instructor: Ass.Prof. Yuriy Shamshin. ISMA University Riga, Latvia

Wireshark Lab: Getting Started

Jonathan Wald and Jason Zigelbaum (A project report written under the guidance of Prof.

ECPE / COMP 177 Fall Some slides from Kurose and Ross, Computer Networking, 5 th Edition

COPYRIGHTED MATERIAL. Introducing Wireshark CHAPTER

Capturing & Analyzing Network Traffic: tcpdump/tshark and Wireshark

Material for the Networking lab in EITF25 & EITF45

UNI CS 3470 Networking Project 5: Using Wireshark to Analyze Packet Traces 12

Computer Networks Security: intro. CS Computer Systems Security

The following topics describe how to configure traffic profiles:

King Fahd University of Petroleum & Minerals. Data Traffic Capture and Protocols Analysis using Sniffer Tool

WANMon: A Resource Usage Monitoring Tool for Ad Hoc Wireless Networks

VERSION Lab 3: Link Layer

5. Write a capture filter for question 4.

TCP/IP Attack Lab. 1 Lab Overview. 2 Lab Environment. 2.1 Environment Setup. SEED Labs TCP/IP Attack Lab 1

Some Considerations on Protocol Analysis and Debugging

The ACK and NACK of Programming

Packet Capturing with TCPDUMP command in Linux

Wireshark: Network Forensic Exercise by Fakrul Alam, Bangladesh CERT

CNIT 121: Computer Forensics. 9 Network Evidence

Networks Fall This exam consists of 10 problems on the following 13 pages.

ETHICAL HACKING LAB SERIES. Lab 19: Using Certificates to Encrypt

ACCURATE STUDY GUIDES, HIGH PASSING RATE! Question & Answer. Dump Step. provides update free of charge in one year!

NETWORK PACKET ANALYSIS PROGRAM

CSEE 4119 Computer Networks. Chapter 1 Introduction (4/4) Introduction 1-1

Configure Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) Service Settings on a Switch

Lab: 2. Wireshark Getting Started

COMP 2000 W 2012 Lab no. 3 Page 1 of 11

COMP2330 Data Communications and Networking

ELEC/TELE/PHTN Networked Communications Design Topic. Networked Communications Elective Topic, S Context and Objectives

Computer forensic science

Lab Assignment for Chapter 1

Computer Networking Introduction

So What is WireShark?

Networking Background

Managing and Securing Computer Networks. Guy Leduc. Chapter 2: Software-Defined Networks (SDN) Chapter 2. Chapter goals:

Protocol Layers, Security Sec: Application Layer: Sec 2.1 Prof Lina Battestilli Fall 2017

Tunnels and VPN * s. Administrative submittal instructions

Lab - Using Wireshark to Examine a UDP DNS Capture

Ethereal Lab: Getting Started

Chapter 1 Introduction

CS 640: Introduction to Computer Networks. Today s Lecture. Page 1

ETSF10 Internet Protocols Network Layer Protocols

Lab - Using Wireshark to Examine a UDP DNS Capture

Wireshark Tutorial. Chris Neasbitt UGA Dept. of Computer Science

2012, Oracle. All rights reserved. Slide 1

CSC 4900 Computer Networks: Security Protocols (2)

As for the requirement of having a USB 3.0 port, you will come to know the reason in the next section.

Internetworking Models The OSI Reference Model

Transcription:

Network sniffing packet capture and analysis September 29, 2017 Administrative submittal instructions answer the lab assignment s 13 questions in numbered list form, in a Word document file. (13 th response is to embed a screenshot graphic.) email to csci530l@usc.edu exact subject title must be snifflab deadline is start of your lab session the following week reports not accepted (zero for lab) if late you did not attend the lab (except DEN or prior arrangement) email subject title deviates 1

DETER preparations coming soon next lecture topic will be done on DETER so will most of those remaining thereafter you have an account I created them Tuesday (9/26) you should have received an advisory email then familiarization option if you are unfamiliar with DETER mechanics, set up and use a simple experiment as outlined at the get/use an account link on our website Lab calendar adjusted for midterm no earlier lab due exam week app security is due 10/13 instead no current lab performed exam week packet sniffing performed week of 10/9 instead no lab lecture exam week I m going fishing, will return on 10/13 2

Packet sniffer A tool that captures, interprets, and stores network packets for analysis also known as network sniffer network monitor packet capture utility protocol analyzer is intimately network-y Sniffing in security context an introductory counterpoint conventional wisdom hacking is emblematic of popular security news and is all about the outside menace popular conculsion: security is about networks reality the outside is there but don t forget the inside too!! does security vanish when net cable unplugged? 3

Half of security unrelated to nets purely local dimensions physical security BIOS/bootloader security filesystem permissions execution jails encrypted filesystems etc network aspects packet sniffing remote backup and logging port scanning tunnels but today s topic is in the network category Wireshark product background principal author Gerald Combs original name ethereal (changed 2006, legal reasons) open source equivalent linux, Windows, Apple versions 4

Related software pcap the underlying library pcap captures the packets Wireshark displays them (graphically) tcpdump rides on pcap like Wireshark displays what pcap captures (character mode) very widespread others tshark, character mode version in Wireshark s stable Network Monitor - Microsoft snoop - Sun Microsystems ettercap snort netcat product background a general purpose client and server there s more than one (hobbit s, GNU s) different authors different features different syntax cryptcat adds filestream en/de-cryption for you to generate something to send a server in this exercise 5

ssh secure shell creates an encrypted network conversation for you to compare with an unencrypted one in this exercise by capturing both Foundation concept: frames are what Wireshark is for capturing a.k.a. packets, datagrams, segments, protocol data units they come in nested groups 6

Nesting / successive enveloping Russian laquer dolls How data gets enveloped Packets 7

Packets have detailed structure Packets have detailed structure Wireshark knows the structures for ~2000 protocols turns byte dump into intelligible decode, in the details pane 8

Wireshark interface components packet list pane packet details pane packet 6 s details packet bytes pane packet 6 s bytes Stack correlation application transport network data link physical highest-layer protocol that each packet contains 9

Wireshark taps interfaces probe takes measurement where it is sees whatever is at the interface (e.g, NIC) sees nothing else does not see what s on the network limits value on host connected to a switch (versus a hub) It s s 70 o in L.A. No, it s 70 o right here 10

There s s a port scan on the network wire shark No, there s a port scan right here Two what-to to-capture restrictions Involuntary: can t capture what doesn t appear on the interface in the first place Voluntary: packet filter expressions 11

Packet filter expressions using address primitives host 200.2.2.1 src host 200.2.2.2 dst host 200.2.2.2 ip[16]>=224 ip[2:2]>512 ether[0]&1=1 Packet filter expressions using protocol primitives ip tcp udp icmp 12

Booleans and or not 2 different filters, 2 different syntaxes capture filters (during capture) shares same syntax as tcpdump uses display filters (after the fact) Wireshark s own syntax can auto-generate filter expression from a model packet ( give me the expression for a packet like this one ) 13

These syntaxes semantically same enter display filter here while displaying enter capture filter here before capturing Wireshark SSL decrypt feature (given key!) with key without key but where do we get the key? info 14

If you want to see network traffic besides your own make sure NIC is in promiscuous mode operate in a network with a hub, not a switch not your choice if you re not net admin use a switch with a management port that receives all traffic sniff by remote access on computers at other places in the network, save the capture to a file, transfer the file to Wireshark info http://www.wireshark.org/ http://wiki.wireshark.org/ Packet Sniffing In a Switched Environment https://www.sans.org/reading-room/whitepapers/networkdevs/packetsniffing-switched-environment-244 SSL/TLS: What's Under the Hood https://www.sans.org/reading-room/whitepapers/authentication/ssl-tlswhats-hood-34297 15

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback