Brief Contents. Acknowledgments... xv. Introduction...xvii. Chapter 1: Packet Analysis and Network Basics Chapter 2: Tapping into the Wire...

Similar documents
CONTENTS IN DETAIL ACKNOWLEDGMENTS INTRODUCTION 1 PACKET ANALYSIS AND NETWORK BASICS 1 2 TAPPING INTO THE WIRE 17 3 INTRODUCTION TO WIRESHARK 35

INDEX. Symbols & Numbers

Introduction to Troubleshooting TCP/IP Networks with Wireshark

NETWORK PACKET ANALYSIS PROGRAM

Wireshark 101 Essential Skills for Network Analysis 2 nd Edition

Network Traffic Analysis - Course Outline

CIT 380: Securing Computer Systems. Network Security Concepts

ICS 351: Networking Protocols

Foreword by Katie Moussouris... Acknowledgments... xvii. Introduction...xix. Chapter 1: The Basics of Networking... 1

Part 1: Training Project Information (Required for Formal Quotes) Online Live On-Demand (All Access Pass Subscriptions) Other

Computer Forensics: Investigating Network Intrusions and Cybercrime, 2nd Edition. Chapter 2 Investigating Network Traffic

Introduction... xiii Chapter 1: Introduction to Computer Networks and Internet Computer Networks Uses of Computer Networks...

Wireshark 101 Essential Skills for Network Analysis 1 st Edition

Introduction to Computer Networks. CS 166: Introduction to Computer Systems Security

COPYRIGHTED MATERIAL. Con t e n t s. Chapter 1 Introduction to Networking 1. Chapter 2 Overview of Networking Components 21.

Assignment - 1 Chap. 1 Wired LAN s

Advanced Network Troubleshooting Using Wireshark (Hands-on)

CompTIA Network+ Study Guide Table of Contents

EDITION 2ND DON T JUS T S TA R E AT CAP TURED PACKE TS. WIRESHARK TO SOLV E RE A L-WORLD FSC LOGO CHRIS SANDERS

MTA_98-366_Vindicator930

Part VI. Appendixes. Appendix A OSI Model and Internet Protocols Appendix B About the CD

Defining Networks with the OSI Model. Module 2

The following virtual machines are required for completion of this lab: Exercise I: Mapping a Network Topology Using

Network Security. Thierry Sans

Table of Contents. Contents iii

Network+ Guide to Networks, Seventh Edition Chapter 2, Solutions

TCP /IP Fundamentals Mr. Cantu

Foreword xxiii Preface xxvii IPv6 Rationale and Features

Lab 1: Packet Sniffing and Wireshark

When does it work? Packet Sniffers. INFO Lecture 8. Content 24/03/2009

Guide to Networking Essentials, 6 th Edition. Chapter 5: Network Protocols

This course prepares candidates for the CompTIA Network+ examination (2018 Objectives) N

Course List. December 2010

Network Security. Kitisak Jirawannakool Electronics Government Agency (public organisation)

So What is WireShark?

Chapter 09 Network Protocols

Networks Fall This exam consists of 10 problems on the following 13 pages.

TCP/IP Networking. Training Details. About Training. About Training. What You'll Learn. Training Time : 9 Hours. Capacity : 12

CSC 574 Computer and Network Security. TCP/IP Security

CCRI Networking Technology I CSCO-1850 Spring 2014

Layer 4: UDP, TCP, and others. based on Chapter 9 of CompTIA Network+ Exam Guide, 4th ed., Mike Meyers

Ethical Hacking and Prevention

Chapter 12 Network Protocols

TCP/IP Overview. Basic Networking Concepts. 09/14/11 Basic TCP/IP Networking 1

Packet Sniffing and Spoofing

Computer Networks. More on Standards & Protocols Quality of Service. Week 10. College of Information Science and Engineering Ritsumeikan University

Computer Networks Security: intro. CS Computer Systems Security

Networking Fundamentals

TCP/IP Protocol Suite

E&CE 358: Tutorial 1. Instructor: Sherman (Xuemin) Shen TA: Miao Wang

Experiment 2: Wireshark as a Network Protocol Analyzer

Chapter 2 Advanced TCP/IP

Network Security. Network Vulnerabilities

IT114 NETWORK+ Learning Unit 1 Objectives: 1, 2 Time In-Class Time Out-Of-Class Hours 2-3. Lectures: Course Introduction and Overview

Lesson 5 TCP/IP suite, TCP and UDP Protocols. Chapter-4 L05: "Internet of Things ", Raj Kamal, Publs.: McGraw-Hill Education

University of Southern California EE450: Introduction to Computer Networks

TSIN02 - Internetworking

SYED AMMAL ENGINEERING COLLEGE

20-CS Cyber Defense Overview Fall, Network Basics

Threat Pragmatics. Target 6/19/ June 2018 PacNOG 22, Honiara, Solomon Islands Supported by:

ETSF10 Internet Protocols Network Layer Protocols

The ACK and NACK of Programming

Chapter 2 - Part 1. The TCP/IP Protocol: The Language of the Internet

access link basic service set (BSS) broadband cable ad hoc wireless network Address Resolution Protocol (ARP) broadcast broadcast domain

Networking By: Vince

NETWORKING KEITH W. ROSS. Polytechnic Institute of NYU. Addison-Wesley

Lab Using Wireshark to Examine Ethernet Frames

Significance of TCP/IP Model Divya Shree Assistant Professor (Resource Person), Department of computer science and engineering, UIET, MDU, Rohtak

DKT 224/3 LAB 2 NETWORK PROTOCOL ANALYZER DATA COMMUNICATION & NETWORK SNIFFING AND IDENTIFY PROTOCOL USED IN LIVE NETWORK

VALLIAMMAI ENGNIEERING COLLEGE SRM Nagar, Kattankulathur DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING QUESTION BANK UNIT 1

TCP/IP Protocol Suite and IP Addressing

Unit 28 Website Production ASSIGNMENT 1

Chapter 3: Network Protocols and Communications

IP Networking. Cisco Press. Wendell Odom, CCIE No Indianapolis, IN East 96th Street

SANS SEC504. Hacker Tools, Techniques, Exploits and Incident Handling.

Chapter 11: Networks

Understanding Networking Fundamentals

Question 7: What are Asynchronous links?

Computer Network Programming. The Transport Layer. Dr. Sam Hsu Computer Science & Engineering Florida Atlantic University

A Framework for Optimizing IP over Ethernet Naming System

The Lean Plan p. 1. Embedded Systems. The Operating System The Development Environment. Acknowledgments Introduction p. 1.

Chapter 16 Networking

Lecture-4. TCP/IP-Overview:

Curso: Ethical Hacking and Countermeasures

Lab Using Wireshark to Examine Ethernet Frames

Just enough TCP/IP. Protocol Overview. Connection Types in TCP/IP. Control Mechanisms. Borrowed from my ITS475/575 class the ITL

OSI Layer OSI Name Units Implementation Description 7 Application Data PCs Network services such as file, print,

Internetworking With TCP/IP

Cisco CCNA (ICND1, ICND2) Bootcamp

Erasable Programmable Read-Only Memory (EPROM) Electrically Erasable Programmable Read-Only Memory (EEPROM) CMOS 2.2.

Introduction... 1 Book I: Overview... 5

Networking and Health Information Exchange: ISO Open System Interconnection (OSI)

Configuring attack detection and prevention 1

EC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led

Network Access Layer Internet Layer Transport Layer Application Layer. Presentation. Transport. Physical

TSIN02 - Internetworking

Hands-On Ethical Hacking and Network Defense

User Manual. (Professional Edition)

Port Mirroring in CounterACT. CounterACT Technical Note

Hands-On Hacking Techniques 101

Transcription:

Brief Contents Acknowledgments... xv Introduction...xvii Chapter 1: Packet Analysis and Network Basics... 1 Chapter 2: Tapping into the Wire... 17 Chapter 3: Introduction to Wireshark... 37 Chapter 4: Working with Captured Packets... 53 Chapter 5: Advanced Wireshark Features.... 77 Chapter 6: Packet Analysis on the Command Line... 103 Chapter 7: Network Layer Protocols... 119 Chapter 8: Transport Layer Protocols... 151 Chapter 9: Common Upper-Layer Protocols... 163 Chapter 10: Basic Real-World Scenarios... 199 Chapter 11: Fighting a Slow Network... 231 Chapter 12: Packet Analysis for Security.... 257 Chapter 13: Wireless Packet Analysis... 295 Appendix A: Further Reading... 317 Appendix B: Navigating Packets... 325 Index... 333

Acknowledgments xv Introduction xvii Why This Book?.... xviii Concepts and Approach... xviii How to Use This Book.... xx About the Sample Capture Files... xx The Rural Technology Fund... xxi Contacting Me.... xxi 1 Packet Analysis and Network Basics 1 Packet Analysis and Packet Sniffers... 2 Evaluating a Packet Sniffer... 2 How Packet Sniffers Work... 3 How Computers Communicate.... 4 Protocols... 4 The Seven-Layer OSI Model... 5 Network Hardware... 10 Traffic Classifications... 15 Broadcast Traffic.... 15 Multicast Traffic... 16 Unicast Traffic.... 16 Final Thoughts... 16 2 Tapping into the Wire 17 Living Promiscuously... 18 Sniffing Around Hubs... 19 Sniffing in a Switched Environment.... 20 Port Mirroring.... 21 Hubbing Out... 23 Using a Tap... 24 ARP Cache Poisoning... 27 Sniffing in a Routed Environment... 31 Sniffer Placement in Practice... 33 3 Introduction to Wireshark 37 A Brief History of Wireshark... 37 The Benefits of Wireshark... 38

Installing Wireshark................................................ 39 Installing on Windows Systems... 39 Installing on Linux Systems... 41 Installing on OS X Systems... 43 Wireshark Fundamentals.... 44 Your First Packet Capture... 44 Wireshark s Main Window... 45 Wireshark Preferences.... 46 Packet Color Coding... 48 Configuration Files... 50 Configuration Profiles... 50 4 Working with Captured Packets 53 Working with Capture Files.... 53 Saving and Exporting Capture Files.... 54 Merging Capture Files... 55 Working with Packets... 56 Finding Packets.... 56 Marking Packets... 57 Printing Packets.... 58 Setting Time Display Formats and References.... 58 Time Display Formats.... 59 Packet Time Referencing... 60 Time Shifting... 60 Setting Capture Options... 61 Input Tab... 61 Output Tab.... 62 Options Tab... 63 Using Filters.... 65 Capture Filters... 65 Display Filters... 71 Saving Filters... 74 Adding Display Filters to a Toolbar... 75 5 Advanced Wireshark Features 77 Endpoints and Network Conversations... 78 Viewing Endpoint Statistics.... 78 Viewing Network Conversations... 79 Identifying Top Talkers with Endpoints and Conversations... 80 Protocol Hierarchy Statistics.... 83 Name Resolution... 84 Enabling Name Resolution... 84 Potential Drawbacks to Name Resolution... 86 Using a Custom hosts File.... 86 Manually Initiated Name Resolution... 88 Protocol Dissection... 88 Changing the Dissector... 88 Viewing Dissector Source Code... 90 x

Following Streams... 91 Following SSL Streams... 92 Packet Lengths... 93 Graphing... 95 Viewing IO Graphs... 95 Round-Trip Time Graphing... 98 Flow Graphing... 99 Expert Information... 99 6 Packet Analysis on the Command Line 103 Installing TShark.... 104 Installing tcpdump... 105 Capturing and Saving Packets... 106 Manipulating Output... 109 Name Resolution... 111 Applying Filters... 113 Time Display Formats in TShark....................................... 114 Summary Statistics in TShark......................................... 115 Comparing TShark and tcpdump...................................... 118 7 Network Layer Protocols 119 Address Resolution Protocol (ARP)... 120 ARP Packet Structure... 121 Packet 1: ARP Request... 122 Packet 2: ARP Response.... 123 Gratuitous ARP... 124 Internet Protocol (IP)... 125 Internet Protocol Version 4 (IPv4).... 125 Internet Protocol Version 6 (IPv6).... 133 Internet Control Message Protocol (ICMP)... 144 ICMP Packet Structure... 144 ICMP Types and Messages.... 144 Echo Requests and Responses.... 145 traceroute.... 147 ICMP Version 6 (ICMPv6)... 150 8 Transport Layer Protocols 151 Transmission Control Protocol (TCP)... 151 TCP Packet Structure... 152 TCP Ports... 152 The TCP Three-Way Handshake... 155 TCP Teardown... 158 TCP Resets... 159 User Datagram Protocol (UDP)... 160 UDP Packet Structure... 161 xi

9 Common Upper-Layer Protocols 163 Dynamic Host Configuration Protocol (DHCP)... 163 DHCP Packet Structure.... 164 The DHCP Initialization Process.... 165 DHCP In-Lease Renewal... 170 DHCP Options and Message Types.... 170 DHCP Version 6 (DHCPv6).... 171 Domain Name System (DNS).... 173 DNS Packet Structure.... 173 A Simple DNS Query... 174 DNS Question Types... 176 DNS Recursion... 177 DNS Zone Transfers... 181 Hypertext Transfer Protocol (HTTP)... 183 Browsing with HTTP.... 183 Posting Data with HTTP... 186 Simple Mail Transfer Protocol (SMTP)... 187 Sending and Receiving Email... 188 Tracking an Email Message... 189 Sending Attachments via SMTP... 196 Final Thoughts... 198 10 Basic Real-World Scenarios 199 Missing Web Content.... 200 Tapping into the Wire... 200 Analysis.... 201 Lessons Learned... 204 Unresponsive Weather Service... 205 Tapping into the Wire... 206 Analysis.... 206 Lessons Learned... 209 No Internet Access... 210 Gateway Configuration Problems... 210 Unwanted Redirection... 213 Upstream Problems... 216 Inconsistent Printer... 219 Tapping into the Wire... 219 Analysis.... 219 Lessons Learned... 222 No Branch Office Connectivity... 222 Tapping into the Wire... 223 Analysis.... 223 Lessons Learned... 226 Software Data Corruption... 226 Tapping into the Wire... 226 Analysis.... 227 Lessons Learned... 230 Final Thoughts... 230 xii

11 Fighting a Slow Network 231 TCP Error-Recovery Features... 232 TCP Retransmissions... 232 TCP Duplicate Acknowledgments and Fast Retransmissions.... 235 TCP Flow Control... 240 Adjusting the Window Size... 241 Halting Data Flow with a Zero Window Notification... 242 The TCP Sliding Window in Practice... 243 Learning from TCP Error-Control and Flow-Control Packets.... 247 Locating the Source of High Latency... 248 Normal Communications... 248 Slow Communications: Wire Latency.... 248 Slow Communications: Client Latency... 249 Slow Communications: Server Latency... 250 Latency Locating Framework.... 251 Network Baselining... 251 Site Baseline.... 252 Host Baseline... 253 Application Baseline... 254 Additional Notes on Baselines... 255 Final Thoughts... 255 12 Packet Analysis for Security 257 Reconnaissance... 258 SYN Scan... 258 Operating System Fingerprinting.... 263 Traffic Manipulation... 266 ARP Cache Poisoning... 267 Session Hijacking... 271 Malware.... 275 Operation Aurora... 275 Remote-Access Trojan... 281 Exploit Kit and Ransomware... 288 Final Thoughts... 294 13 Wireless Packet Analysis 295 Physical Considerations... 296 Sniffing One Channel at a Time... 296 Wireless Signal Interference... 297 Detecting and Analyzing Signal Interference... 297 Wireless Card Modes.... 298 Sniffing Wirelessly in Windows... 300 Configuring AirPcap... 300 Capturing Traffic with AirPcap... 302 Sniffing Wirelessly in Linux... 303 802.11 Packet Structure... 304 xiii

Adding Wireless-Specific Columns to the Packet List Pane... 305 Wireless-Specific Filters.... 307 Filtering Traffic for a Specific BSS ID... 307 Filtering Specific Wireless Packet Types... 307 Filtering a Specific Frequency... 308 Saving a Wireless Profile... 309 Wireless Security... 309 Successful WEP Authentication... 309 Failed WEP Authentication... 311 Successful WPA Authentication.... 312 Failed WPA Authentication... 314 Final Thoughts... 315 A Further Reading 317 Packet Analysis Tools... 317 CloudShark... 317 WireEdit... 318 Cain & Abel... 319 Scapy... 319 TraceWrangler... 319 Tcpreplay.... 319 NetworkMiner... 319 CapTipper... 320 ngrep... 321 libpcap... 321 Npcap.... 321 hping.... 321 Python... 321 Packet Analysis Resources... 321 Wireshark s Home Page... 322 Practical Packet Analysis Online Course.... 322 SANS s Security Intrusion Detection In-Depth Course... 322 Chris Sanders s Blog... 322 Brad Duncan s Malware Traffic Analysis... 322 IANA s Website.... 323 W. Richard Stevens s TCP/IP Illustrated Series... 323 The TCP/IP Guide... 323 B Navigating Packets 325 Packet Representation.... 326 Using Packet Diagrams... 328 Navigating a Mystery Packet.... 330 Final Thoughts... 332 Index 333 xiv

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback