Intro to Ethical Hacking

Slides:



Advertisements
Similar presentations
Overview How to crack WEP and WPA
Advertisements

COEN 252 Computer Forensics Using TCPDump / Windump for package analysis.
TCPDUMP Network-Based Intrusion Detection. Description  Packet sniffing is the heart of intrusion detection and of understanding what is actually occurring.
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
Database Encryption. Encryption: overview Encrypting Data-in-transit As it is transmitted between client-server Encrypting Data-at-rest Storing data in.
Packet Sniffing - By Aarti Dhone.
1 Packet Sniffers Prepared By: Amer Alhorini Supervised By: Dr. Lo'ai Tawalbeh NYIT New York Institute of Technology.
Tcpdump Tutorial EE122 Fall 2006 Dilip Antony Joseph, Vern Paxson, Sukun Kim.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Passive traffic measurement Capturing actual Internet packets in order to measure: –Packet sizes –Traffic volumes –Application utilisation –Resource utilisation.
Practical Networking. Introduction  Interfaces, network connections  Netstat tool  Tcpdump: Popular network debugging tool  Used to intercept and.
CAP6135: Malware and Software Vulnerability Analysis Network Traffic Monitoring Using Wireshark Cliff Zou Spring 2013.
Computer Networks IGCSE ICT Section 4.
CIS 193A – Lesson12 Monitoring Tools. CIS 193A – Lesson12 Focus Question What are the common ways of specifying network packets used in tcpdump, wireshark,
1 Ethereal.  Freeware sniffing tool.  Captures live network traffic.  The user interface separates it from other sniffers.
University of Calgary – CPSC 441.  Wireshark (originally named Ethereal)is a free and open-source packet analyzer.  It is used for network troubleshooting,
CPSC 441 Tutorial TA: Fang Wang The content of these slides are taken from CPSC 526 TUTORIAL by Nashd Safa (Extended and partially modified)
Net Optics Confidential and Proprietary Net Optics appTap Intelligent Access and Monitoring Architecture Solutions.
COEN 252 Computer Forensics
COEN 252 Computer Forensics Collecting Network-based Evidence.
Network Security: Lab#4-2 Packet Sniffers J. H. Wang Dec. 2, 2013.
Day 14 Introduction to Networking. Unix Networking Unix is very frequently used as a server. –Server is a machine which “serves” some function Web Server.
1 TAC2000/ LABORATORY 117 Analyzing SIP Call Flows Dr. Quincy Wu National Chiao Tung University
MIS Week 4 Site:
Mahindra-British Telecom Ltd. Exploiting Layer 2 By Balwant Rathore.
Chapter 5: Implementing Intrusion Prevention
© 2010 Cisco Systems, Inc. All rights reserved. 1 CREATE Re-Tooling Exploring Protocols with Wireshark March 12, 2011 CREATE CATC and Ohlone College.
Trinity Uses Nmap, shouldn’t you?. From “The Art of War” "... knowing your enemy 100% of the time, you will win your battle 100% of the time, knowing.
CHAPTER 9 Sniffing.
Switch Features Most enterprise-capable switches have a number of features that make the switch attractive for large organizations. The following is a.
Sniffer, tcpdump, Ethereal, ntop
NET 324 D Networks and Communication Department Lec1 : Network Devices.
Network Sniffer Anuj Shah Advisor: Dr. Chung-E Wang Department of Computer Science.
Network Analyzer :- Introduction to Wireshark. What is Wireshark ? Ethereal Formerly known as Ethereal GUINetwork Protocol Analyzer Wireshark is a GUI.
Networks Part 3: Packet Paths + Wireshark NYU-Poly: HSWP Instructor: Mandy Galante.
Monitoring Troubleshooting TCP/IP Chapter 3. Objectives for this Chapter Troubleshoot TCP/IP addressing Diagnose and resolve issues related to incorrect.
1 Microsoft Windows 2000 Network Infrastructure Administration Chapter 4 Monitoring Network Activity.
Network Equipment Assignment 3 LTEC 4550 Aaron Whitaker.
COMP2322 Lab 1 Introduction to Wireshark Weichao Li Jan. 22, 2016.
LSNDI RMRA 1 Design and troubleshooting M Clements.
WIRESHARK Lab#3. Computer Network Monitoring  Port Scanning  Keystroke Monitoring  Packet sniffers  takes advantage of “friendly” nature of net. 
Network Analyzer :- Introduction to Ethereal Computer Networking (Graduate Class)
Ping and Traceroute by Aleisa A. Drivere Supervisor Graciela Perera.
Common System Exploits Tom Chothia Computer Security, Lecture 17.
An Introduction To ARP Spoofing & Other Attacks
Exploiting Layer 2 By Balwant Rathore.
Lab 2: Packet Capture & Traffic Analysis with Wireshark
The Linux Operating System
Intro to Ethical Hacking
Network Commands 2 Linux Ubuntu A.S.
A Quick Guide to Ethereal/Wireshark
COMP2322 Lab 1 Wireshark Steven Lee Jan. 25, 2017.
Wireshark Lab#3.
Traffic Analysis with Ethereal
Intro to Ethical Hacking
Intro to Ethical Hacking
Intro to Ethical Hacking
Chapter 5: Network Security and Monitoring
SNORT.
Digital Pacman: Firewall Edition
Topic 5: Communication and the Internet
Intro to Ethical Hacking
6. Operating Systems Finger printing & Scanning
Intro to Ethical Hacking
Intro to Ethical Hacking
Intro to Ethical Hacking
Network Analyzer :- Introduction to Wireshark
Network Analyzer :- Introduction to Wireshark
How to install HP printer using IP address? How to install HP printer using IP address? Call
COEN 252 Computer Forensics
Presentation transcript:

Intro to Ethical Hacking MIS 5211.001 Week 7 http://community.mis.temple.edu/itacs5211fall16/

Tonight's Plan Tcpdump Windump Network Taps MIS 5211.001

tcpdump Tcpdump is a network analysis tool Requires root or sudo priveleges Displays network traffic in a raw state MIS 5211.001

Windows and Mac On Windows there is an equivalent called windump Available at: https://www.winpcap.org/windump/ WinDump captures using the WinPcap library and drivers, which are freely downloadable from the WinPcap.org website. Note: Installing windows version of Wireshark will add the WinPcap files needed by WinDump For Mac tcpdump is built in Apple provides some direction on use at: https://support.apple.com/en-us/HT202013 MIS 5211.001

Basic Use Some basic flags (See man page for more) -c Count function, how many packets to you want. If you don’t say it will just keep running until you hit CTRL-C -n Don’t resolve addresses to names -nn Don’t resolve address or port names -s Snap Length, how much of the packet do you want -S Absolute sequence number -v, -vv, and –vvv Varying degrees of verbose. How much do you want tcpdump to tell you -X Data from each packet MIS 5211.001

First example Tried tcpdump –nS -n (Don’t convert addresses) -S (Absolute sequence numbers) MIS 5211.001

Next Example Tried tscpdump –nnvvS -nn (Don’t resolve address or port to names) -vv (Tell me more) -S (Absolute sequence numbers) MIS 5211.001

Next Example Try tcpdump –nnvvXS Add -X (Captures data) MIS 5211.001

Try tcpdump –nnvvXSs 1514 Final –s extends defaults snap length to capture full packet MIS 5211.001

More Capture MIS 5211.001

Yet More Capture There is more after this, but I’ll stop here. MIS 5211.001

Adding More Try tcpdump –nnxxXSs 0 -c2 icmp 0 Actually results in no data capture even with X and s set -c2 Restricts capture to two packets Using icmp filters so only icmp packet headers are captured See Next slide for example MIS 5211.001

MIS 5211.001

Other Options Try adding host to look for traffic based on IP address (also works with hostname if you’re not using -n) Try adding SRC or DST to find traffic from only a source or destination (eliminates one side of a host conversation) Try adding port to see only traffic to or from a certain port Lots more: portrange, less/more, or >/< MIS 5211.001

Writing to a File Try –w to write to a file Resultant file MIS 5211.001

File Contents Opens by default in Wireshark MIS 5211.001

Reading Files Try –r to read a file in MIS 5211.001

Reference for tcpdump Lots more at: http://www.tcpdump.org/ MIS 5211.001

Packet Sniffing or Taps Packet Sniffer Definition: A packet sniffer is a wire-tap device that plugs into computer networks and eavesdrops on the network traffic.

Options Using the SPAN port on a switch inline (dedicated) tap Aggregating tap MIS 5211.001

Using the SPAN Port Commercial switches (Not home and small office gear) have a function called SPAN that mirror all data passing through the switch to a single port where it can be monitored Both Network Engineering and Security groups will try to use this as it is inexpensive (free) and relatively simple to set up MIS 5211.001

Inline Tap As the name implies, the tap is inserted in to the network, typically at a choke point near the central router where it can “see” the most traffic. Advantage – Seamless and undetectable Disadvantage – creates a network outage when it is inserted, can create a network outage if it fails MIS 5211.001

Aggregating Tap Basically, multiple inline taps that aggregate their output to a single port for monitoring Advantage Simplifies monitoring (data collection) Disadvantage Expensive (Last time a looked $50,000 per tap) MIS 5211.001

Packet Sniffer Mitigation Host A Host B Router A Router B The following techniques and tools can be used to mitigate sniffers: Authentication—Using strong authentication, such as one-time passwords, is a first option for defense against packet sniffers. Switched infrastructure—Deploy a switched infrastructure to counter the use of packet sniffers in your environment. Cryptography—The most effective method for countering packet sniffers does not prevent or detect packet sniffers, but rather renders them irrelevant.

Questions ? MIS 5211.001

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.