Determining Topology from a Capture File

Slides:



Advertisements
Similar presentations
Introduction into VXLAN Russian IPv6 day June 6 th, 2012 Frank Laforsch Systems Engineer, EMEA
Advertisements

Computer Networks21-1 Chapter 21. Network Layer: Address Mapping, Error Reporting, and Multicasting 21.1 Address Mapping 21.2 ICMP 21.3 IGMP 21.4 ICMPv6.
OpenFlow overview Joint Techs Baton Rouge. Classic Ethernet Originally a true broadcast medium Each end-system network interface card (NIC) received every.
Internet Control Protocols Savera Tanwir. Internet Control Protocols ICMP ARP RARP DHCP.
Cisco 3 - Switch Perrine. J Page 15/8/2015 Chapter 8 What happens to the member ports of a VLAN when the VLAN is deleted? 1.They become inactive. 2.They.
Ethernet and switches selected topics 1. Agenda Scaling ethernet infrastructure VLANs 2.
1 Some TCP/IP Basics....NFSDNSTELNETSMTPFTP UDPTCP IP and ICMP Ethernet, serial line,..etc. Application Layer Transport Layer Network Layer Low-level &
1 K. Salah Module 4.0: Network Components Repeater Hub NIC Bridges Switches Routers VLANs.
Course 301 – Secured Network Deployment and IPSec VPN
Networking Components
CECS 474 Computer Network Interoperability Tracy Bradley Maples, Ph.D. Computer Engineering & Computer Science Cal ifornia State University, Long Beach.
Microsoft Virtual Academy Module 4 Creating and Configuring Virtual Machine Networks.
Introduction to InfoSec – Recitation 12 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)
Virtual LANs. VLAN introduction VLANs logically segment switched networks based on the functions, project teams, or applications of the organization regardless.
CECS 5460 – Assignment 3 Stacey VanderHeiden Güney.
Introduction to IT and Communications Technology Justin Champion C208 – 3292 Ethernet Switching CE
Network Layer – Subnetting and Control Protocols Dr. Sanjay P. Ahuja, Ph.D. Fidelity National Financial Distinguished Professor of CIS School of Computing,
Connectivity Capability Features TOSCA. Aspects of Connectivity GenericIP Connectivity Resolvability: ARP: IP/MAC DNS: Name/IP MDNS: Netconf Routing/bridging/tunneling:
Networks LANS,. FastPoll True Questions Answer A for True and B for False A wireless infrastructure network uses a centralized broadcasting device, such.
Virtual LAN Design Switches also have enabled the creation of Virtual LANs (VLANs). VLANs provide greater opportunities to manage the flow of traffic on.
Network Admin Course Plan Accede Institute Of Science & Technology.
1/28/2010 Network Plus Network Device Review. Physical Layer Devices Repeater –Repeats all signals or bits from one port to the other –Can be used extend.
11 SECURING YOUR NETWORK PERIMETER Chapter 10. Chapter 10: SECURING YOUR NETWORK PERIMETER2 CHAPTER OBJECTIVES  Establish secure topologies.  Secure.
NUS.SOC.CS2105 Ooi Wei Tsang Application Transport Network Link Physical you are here.
Chapter 8: Virtual LAN (VLAN)
TCP/IP Honolulu Community College Cisco Academy Training Center Semester 2 Version 2.1.
Transport Layer3-1 Chapter 4: Network Layer r 4. 1 Introduction r 4.2 Virtual circuit and datagram networks r 4.3 What’s inside a router r 4.4 IP: Internet.
Homework 02 NAT 、 DHCP 、 Firewall 、 Proxy. Computer Center, CS, NCTU 2 Basic Knowledge  DHCP Dynamically assigning IPs to clients  NAT Translating addresses.
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 3 v3.0 Module 8 Virtual LANs Cisco Networking Academy.
1 VLANs Relates to Lab 6. Short module on basics of VLAN switching.
4: DataLink Layer1 Hubs r Physical Layer devices: essentially repeaters operating at bit levels: repeat received bits on one interface to all other interfaces.
Physical Net. Access IP TCP/UDP Application Physical Net. Access IP TCP/UDP Application Physical Net. Access Physical Net. Access IP Physical Net. Access.
Cisco I Introduction to Networks Semester 1 Chapter 3 JEOPADY.
Assignment 3 Jacob Seiz. Hub A hub provides a central access point for a network. Through multiple I/O ports a hub can connect multiple Ethernet devices.
Ethernet Packet Filtering - Part1 Øyvind Holmeide Jean-Frédéric Gauvin 05/06/2014 by.
Introduction to Networks
Wireless Ethernet Programming
CompTIA Security+ Study Guide (SY0-401)
NAT、DHCP、Firewall、FTP、Proxy
Virtualization of networks
Introduction An introduction to the software and organization of the Internet Lab.
Virtual Local Area Networks or VLANs
Link Layer 5.1 Introduction and services
Networking CS 3470, Section 1 Sarah Diesburg
Implementing TCP/IP.
Part I. Overview of Data Communications and Networking
or call for office visit,
ISO/OSI Model and Collision Domain
Chapter 4 Data Link Layer Switching
Network Architecture Introductory material
Virtual LANs.
Net 431: ADVANCED COMPUTER NETWORKS
CompTIA Security+ Study Guide (SY0-401)
One Upon A Time Computer Networks
2018 Valid Cisco Exam Dumps IT-Dumps
Advanced Network Training
Introduction An introduction to the software and organization of the Internet Lab.
An introduction to the organization of the Internet Lab
An introduction to the organization of the Internet Lab
Review of Important Networking Concepts
Connecting LANs, Backbone Networks,
Firewalls Routers, Switches, Hubs VPNs
NTHU CS5421 Cloud Computing
When you connect with DHCP, you are assigned a
IPsrc IPdst MACsrc MACdst
An introduction to the organization of the Internet Lab
Chapter 15. Connecting Devices
IP IP Net. Access Net. Access Net. Access Net. Access Physical
CS 381: Introduction to Computer Networks
CISCO SWITCHING Hussein Salameh Network Administrator
Presentation transcript:

Determining Topology from a Capture File Wednesday 15th June 2016 Chris Bidwell Network Engineer

L1-4 Reminder 4 Transport Proxies Load balancers Firewalls TCP UDP 3 Network Router L3 Switch IP ICMP IGMP 2 Data-Link Switch (Ethernet) MAC address VLAN tags LACP 1 Physical

L2 Analysis Ethernet, MAC to MAC Broadcast domains split on bridges and L3 boundaries We can see all broadcasts from our neighbours in the network, e.g. ARP, DHCP … and determine their type/vendor based on MAC OUI Spanning-tree Link-Layer Discovery Protocols CoS markings for prioritised treatment in VLANs

L3 Analysis IP to IP TTL controls how far packets can go Monotonic decrement across L3 routers OS-specific defaults can be identified with a little guesswork ICMP can inform of routing, access-control and link properties Redirects to optimise forwarding from hosts Unreachables: filtering, lack of route etc. DSCP for QoS treatment

L4 Analysis TCP, UDP etc. 5-tuple: sIP+dIP+proto+sprt+dprt Port numbers frequently indicate application Some identify OS or device function Ephemeral range can further ID the OS Load balancers Proxies

Capture Scenarios Content Source Size Visibility Single flow or fragment: One to one Application-generated Firewall IPS/IDS event KB-MB L3, L4+ Multiple 5-tuples: One to many Client Server Tap/SPAN MB L2+ Many to many MB-GB

We Can Only See What’s There Capture technique & location: App, Tap, SPAN Capture hardware/resource limitation: NIC buffering, disk IO performance Filtering: ACL, BPF, anonymisation Segmentation: private VLAN, WLAN isolation Connectivity: link or device failures

… And Sometimes Folks Lie And Hide Not everything you see can be trusted… Deliberate misinformation from sysadmins Sanitisation efforts usually strip or replace identifying information Can reduce the effectiveness of analysis ... Or highlight where some more work is required

So What Can We See? “It depends”. With enough capture time and no filtering, you may see: Some elements of physical interconnects Manufacturer and OS information for visible nodes VLAN assignment, QoS implementation clues Local IP addressing scheme Gateway quantity and functionality Possible tunnelling, filtering, proxying or load-balancing DNS, application or device discovery info

*.pcap

The Topology… sort of.

The Topology

FIN

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.