CONTENTS IN DETAIL ACKNOWLEDGMENTS INTRODUCTION 1 PACKET ANALYSIS AND NETWORK BASICS 1 2 TAPPING INTO THE WIRE 17 3 INTRODUCTION TO WIRESHARK 35

Similar documents
Brief Contents. Acknowledgments... xv. Introduction...xvii. Chapter 1: Packet Analysis and Network Basics Chapter 2: Tapping into the Wire...

INDEX. Symbols & Numbers

NETWORK PACKET ANALYSIS PROGRAM

Introduction to Troubleshooting TCP/IP Networks with Wireshark

EDITION 2ND DON T JUS T S TA R E AT CAP TURED PACKE TS. WIRESHARK TO SOLV E RE A L-WORLD FSC LOGO CHRIS SANDERS

ICS 351: Networking Protocols

Foreword by Katie Moussouris... Acknowledgments... xvii. Introduction...xix. Chapter 1: The Basics of Networking... 1

Computer Forensics: Investigating Network Intrusions and Cybercrime, 2nd Edition. Chapter 2 Investigating Network Traffic

CIT 380: Securing Computer Systems. Network Security Concepts

Network Traffic Analysis - Course Outline

Introduction to Computer Networks. CS 166: Introduction to Computer Systems Security

Part 1: Training Project Information (Required for Formal Quotes) Online Live On-Demand (All Access Pass Subscriptions) Other

Wireshark 101 Essential Skills for Network Analysis 2 nd Edition

CompTIA Network+ Study Guide Table of Contents

Introduction... xiii Chapter 1: Introduction to Computer Networks and Internet Computer Networks Uses of Computer Networks...

The following virtual machines are required for completion of this lab: Exercise I: Mapping a Network Topology Using

Computer Networks Security: intro. CS Computer Systems Security

Wireshark 101 Essential Skills for Network Analysis 1 st Edition

TCP /IP Fundamentals Mr. Cantu

Advanced Network Troubleshooting Using Wireshark (Hands-on)

Assignment - 1 Chap. 1 Wired LAN s

Network Security. Thierry Sans

Course List. December 2010

COPYRIGHTED MATERIAL. Con t e n t s. Chapter 1 Introduction to Networking 1. Chapter 2 Overview of Networking Components 21.

Defining Networks with the OSI Model. Module 2

TCP/IP Overview. Basic Networking Concepts. 09/14/11 Basic TCP/IP Networking 1

Lab 1: Packet Sniffing and Wireshark

MTA_98-366_Vindicator930

Network+ Guide to Networks, Seventh Edition Chapter 2, Solutions

Foreword xxiii Preface xxvii IPv6 Rationale and Features

Network Security. Kitisak Jirawannakool Electronics Government Agency (public organisation)

When does it work? Packet Sniffers. INFO Lecture 8. Content 24/03/2009

TCP/IP Networking. Training Details. About Training. About Training. What You'll Learn. Training Time : 9 Hours. Capacity : 12

TSIN02 - Internetworking

Part VI. Appendixes. Appendix A OSI Model and Internet Protocols Appendix B About the CD

Chapter 2 Advanced TCP/IP

Networks Fall This exam consists of 10 problems on the following 13 pages.

Chapter 09 Network Protocols

TSIN02 - Internetworking

Computer Networks. More on Standards & Protocols Quality of Service. Week 10. College of Information Science and Engineering Ritsumeikan University

Guide to Networking Essentials, 6 th Edition. Chapter 5: Network Protocols

Experiment 2: Wireshark as a Network Protocol Analyzer

This course prepares candidates for the CompTIA Network+ examination (2018 Objectives) N

Networking By: Vince

Table of Contents. Contents iii

Question 7: What are Asynchronous links?

Introduction to OSI model and Network Analyzer :- Introduction to Wireshark

TSIN02 - Internetworking

Chapter 12 Network Protocols

So What is WireShark?

IT114 NETWORK+ Learning Unit 1 Objectives: 1, 2 Time In-Class Time Out-Of-Class Hours 2-3. Lectures: Course Introduction and Overview

Understanding Networking Fundamentals

Layer 4: UDP, TCP, and others. based on Chapter 9 of CompTIA Network+ Exam Guide, 4th ed., Mike Meyers

Chapter 2 - Part 1. The TCP/IP Protocol: The Language of the Internet

Lab Using Wireshark to Examine Ethernet Frames

2

n Describe sniffing concepts, including active and passive sniffing n Describe sniffing countermeasures n Describe signature analysis within Snort

EITF25 Internet Techniques and Applications L7: Internet. Stefan Höst

Muhammad Farooq-i-Azam CHASE-2006 Lahore

TCP/IP Protocol Suite

Networking Fundamentals

DKT 224/3 LAB 2 NETWORK PROTOCOL ANALYZER DATA COMMUNICATION & NETWORK SNIFFING AND IDENTIFY PROTOCOL USED IN LIVE NETWORK

A Framework for Optimizing IP over Ethernet Naming System

E&CE 358: Tutorial 1. Instructor: Sherman (Xuemin) Shen TA: Miao Wang

ETSF10 Internet Protocols Network Layer Protocols

Lab Using Wireshark to Examine Ethernet Frames

EC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led

Tony Fortunato Sr Network Specialist The Technology Firm

Hands-On Hacking Techniques 101

FINAL EXAM REVIEW PLEASE NOTE THE MATERIAL FROM LECTURE #16 at the end. Exam 1 Review Material

TSIN02 - Internetworking

Laboratory Manual for CENG460 Communications Networks

Date: June 4 th a t 1 4:00 1 7:00

User Manual. (Professional Edition)

SYED AMMAL ENGINEERING COLLEGE

Digital forensics Technical Fundamentals. Saurabh Singh

IP Networking. Cisco Press. Wendell Odom, CCIE No Indianapolis, IN East 96th Street

Chapter 3: Network Protocols and Communications

Packet Sniffing and Spoofing

Network Access Layer Internet Layer Transport Layer Application Layer. Presentation. Transport. Physical

5105: BHARATHIDASAN ENGINEERING COLLEGE NATTARMPALLI UNIT I FUNDAMENTALS AND LINK LAYER PART A

CSC 574 Computer and Network Security. TCP/IP Security

University of Southern California EE450: Introduction to Computer Networks

Networking Technologies and Applications

TCP/IP Protocol Suite and IP Addressing

PROTECTING INFORMATION ASSETS NETWORK SECURITY

Security+ Guide to Network Security Fundamentals, Fourth Edition. Network Attacks Denial of service Attacks

VALLIAMMAI ENGNIEERING COLLEGE SRM Nagar, Kattankulathur DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING QUESTION BANK UNIT 1

Fundamental Questions to Answer About Computer Networking, Jan 2009 Prof. Ying-Dar Lin,

CPSC156a: The Internet Co-Evolution of Technology and Society. Lecture 4: September 16, 2003 Internet Layers and the Web

Example questions for the Final Exam, part A

The ACK and NACK of Programming

H

Last time. Network layer. Introduction. Virtual circuit vs. datagram details. IP: the Internet Protocol. forwarding vs. routing

CCRI Networking Technology I CSCO-1850 Spring 2014

Forescout. Configuration Guide. Version 8.1

Networking for Data Acquisition Systems. Fabrice Le Goff - 14/02/ ISOTDAQ

Internetworking With TCP/IP

OSI Layer OSI Name Units Implementation Description 7 Application Data PCs Network services such as file, print,

CSC 6575: Internet Security Fall 2017

Transcription:

CONTENTS IN DETAIL ACKNOWLEDGMENTS xv INTRODUCTION xvii Why This Book?...xvii Concepts and Approach...xviii How to Use This Book... xix About the Sample Capture Files... xx The Rural Technology Fund... xx Contacting Me... xx 1 PACKET ANALYSIS AND NETWORK BASICS 1 Packet Analysis and Packet Sniffers... 2 Evaluating a Packet Sniffer... 2 How Packet Sniffers Work... 3 How Computers Communicate... 4 Protocols... 4 The Seven-Layer OSI Model... 5 Data Encapsulation... 8 Network Hardware... 10 Traffic Classifications... 14 Broadcast Traffic... 14 Multicast Traffic... 15 Unicast Traffic... 15 Final Thoughts... 16 2 TAPPING INTO THE WIRE 17 Living Promiscuously... 18 Sniffing Around Hubs... 19 Sniffing in a Switched Environment... 20 Port Mirroring... 21 Hubbing Out... 22 Using a Tap... 24 ARP Cache Poisoning... 26 Sniffing in a Routed Environment... 30 Sniffer Placement in Practice... 31 3 INTRODUCTION TO WIRESHARK 35 A Brief History of Wireshark... 35 The Benefits of Wireshark... 36

Installing Wireshark... 37 Installing on Microsoft Windows Systems... 37 Installing on Linux Systems... 39 Installing on Mac OS X Systems... 40 Wireshark Fundamentals... 41 Your First Packet Capture... 41 Wireshark s Main Window... 42 Wireshark Preferences... 43 Packet Color Coding... 45 4 WORKING WITH CAPTURED PACKETS 47 Working with Capture Files... 47 Saving and Exporting Capture Files... 48 Merging Capture Files... 49 Working with Packets... 49 Finding Packets... 50 Marking Packets... 51 Printing Packets... 51 Setting Time Display Formats and References... 52 Time Display Formats... 52 Packet Time Referencing... 52 Setting Capture Options... 53 Capture Settings... 53 Capture File(s) Settings... 54 Stop Capture Settings... 55 Display Options... 56 Name Resolution Settings... 56 Using Filters... 56 Capture Filters... 56 Display Filters... 62 Saving Filters... 65 5 ADVANCED WIRESHARK FEATURES 67 Network Endpoints and Conversations... 67 Viewing Endpoints... 68 Viewing Network Conversations... 69 Troubleshooting with the Endpoints and Conversations Windows... 70 Protocol Hierarchy Statistics... 71 Name Resolution... 72 Enabling Name Resolution... 73 Potential Drawbacks to Name Resolution... 73 Protocol Dissection... 74 Changing the Dissector... 74 Viewing Dissector Source Code... 76 Following TCP Streams... 76 Packet Lengths... 78 x Contents in Detail

Graphing... 79 Viewing IO Graphs... 79 Round-Trip Time Graphing... 81 Flow Graphing... 82 Expert Information... 82 6 COMMON LOWER-LAYER PROTOCOLS 85 Address Resolution Protocol... 86 The ARP Header... 87 Packet 1: ARP Request... 88 Packet 2: ARP Response... 89 Gratuitous ARP... 89 Internet Protocol... 91 IP Addresses... 91 The IPv4 Header... 92 Time to Live... 93 IP Fragmentation... 95 Transmission Control Protocol... 98 The TCP Header... 98 TCP Ports... 99 The TCP Three-Way Handshake... 101 TCP Teardown... 103 TCP Resets... 105 User Datagram Protocol... 105 The UDP Header... 106 Internet Control Message Protocol... 107 The ICMP Header... 107 ICMP Types and Messages... 107 Echo Requests and Responses... 108 Traceroute... 110 7 COMMON UPPER-LAYER PROTOCOLS 113 Dynamic Host Configuration Protocol... 113 The DHCP Packet Structure... 114 The DHCP Renewal Process... 115 DHCP In-Lease Renewal... 119 DHCP Options and Message Types... 120 Domain Name System... 120 The DNS Packet Structure... 121 A Simple DNS Query... 122 DNS Question Types... 124 DNS Recursion... 124 DNS Zone Transfers... 127 Hypertext Transfer Protocol... 129 Browsing with HTTP... 129 Posting Data with HTTP... 131 Final Thoughts... 132 Contents in Detail xi

8 BASIC REAL-WORLD SCENARIOS 133 Social Networking at the Packet Level... 134 Capturing Twitter Traffic... 134 Capturing Facebook Traffic... 137 Comparing Twitter vs. Facebook Methods... 140 Capturing ESPN.com Traffic... 140 Using the Conversations Window... 140 Using the Protocol Hierarchy Statistics Window... 141 Viewing DNS Traffic... 142 Viewing HTTP Requests... 143 Real-World Problems... 144 No Internet Access: Configuration Problems... 144 No Internet Access: Unwanted Redirection... 147 No Internet Access: Upstream Problems... 150 Inconsistent Printer... 153 Stranded in a Branch Office... 155 Ticked-Off Developer... 159 Final Thoughts... 163 9 FIGHTING A SLOW NETWORK 165 TCP Error-Recovery Features... 166 TCP Retransmissions... 166 TCP Duplicate Acknowledgments and Fast Retransmissions... 169 TCP Flow Control... 173 Adjusting the Window Size... 174 Halting Data Flow with a Zero Window Notification... 175 The TCP Sliding Window in Practice... 175 Learning from TCP Error-Control and Flow-Control Packets... 178 Locating the Source of High Latency... 179 Normal Communications... 180 Slow Communications Wire Latency... 180 Slow Communications Client Latency... 181 Slow Communications Server Latency... 182 Latency Locating Framework... 182 Network Baselining... 183 Site Baseline... 184 Host Baseline... 185 Application Baseline... 186 Additional Notes on Baselines... 186 Final Thoughts... 187 10 PACKET ANALYSIS FOR SECURITY 189 Reconnaissance... 190 SYN Scan... 190 Operating System Fingerprinting... 194 xii Contents in Detail

Exploitation... 197 Operation Aurora... 197 ARP Cache Poisoning... 202 Remote-Access Trojan... 206 Final Thoughts... 213 11 WIRELESS PACKET ANALYSIS 215 Physical Considerations... 216 Sniffing One Channel at a Time... 216 Wireless Signal Interference... 217 Detecting and Analyzing Signal Interference... 217 Wireless Card Modes... 218 Sniffing Wirelessly in Windows... 219 Configuring AirPcap... 219 Capturing Traffic with AirPcap... 221 Sniffing Wirelessly in Linux... 222 802.11 Packet Structure... 223 Adding Wireless-Specific Columns to the Packet List Pane... 225 Wireless-Specific Filters... 226 Filtering Traffic for a Specific BSS ID... 226 Filtering Specific Wireless Packet Types... 227 Filtering a Specific Frequency... 227 Wireless Security... 228 Successful WEP Authentication... 229 Failed WEP Authentication... 230 Successful WPA Authentication... 231 Failed WPA Authentication... 232 Final Thoughts... 233 APPENDIX FURTHER READING 235 Packet Analysis Tools... 235 tcpdump and Windump... 235 Cain & Abel... 236 Scapy... 236 Netdude... 236 Colasoft Packet Builder... 237 CloudShark... 237 pcapr... 237 NetworkMiner... 238 Tcpreplay... 238 ngrep... 238 libpcap... 239 hping... 239 Domain Dossier... 239 Perl and Python... 239 Contents in Detail xiii

Packet Analysis Resources... 239 Wireshark Home Page... 239 SANS Security Intrusion Detection In-Depth Course... 239 Chris Sanders Blog... 240 Packetstan Blog... 240 Wireshark University... 240 IANA... 240 TCP/IP Illustrated (Addison-Wesley)... 240 The TCP/IP Guide (No Starch Press)... 240 INDEX 241 xiv Contents in Detail

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback