COMP2322 Lab 1 Wireshark Steven Lee Jan. 25, 2017.

Slides:

Advertisements

Similar presentations

Wireless Monitoring and Protection. Topics Objectives Protocol Analyzers WIPS Common WIDS/WIPS Features Conclusion.

Advertisements

F3 Collecting Network Based Evidence (NBE)

Ubiquitous Computing Technology Research Institute Sungkyunkwan University Using Ethereal - Packet Capturing & Analysis Tool Sungkyunkwan University.

Capture Packets using Wireshark. Introduction Wireshark – – Packet analysis software – Open source.

1 Capturing & Analyzing Network Traffic: tcpdump/tshark and Wireshark EE 122: Intro to Communication Networks Vern Paxson / Jorge Ortiz / Dilip Anthony.

Computer Security and Penetration Testing

TSS Academy Troubleshooting with.

Practical Networking. Introduction  Interfaces, network connections  Netstat tool  Tcpdump: Popular network debugging tool  Used to intercept and.

© 2006, The Technology Firm Ethereal The Technology Firm.

CAP6135: Malware and Software Vulnerability Analysis Network Traffic Monitoring Using Wireshark Cliff Zou Spring 2013.

Wireshark and TCP/IP Basics ACM SIG-Security Lance Pendergrass.

Wireshark Presented By: Hiral Chhaya, Anvita Priyam.

1 Lab 3 Transport Layer T.A. Youngjoo Han. 2 Transport Layer  Providing logical communication b/w application processes running on different hosts 

1 Ethereal.  Freeware sniffing tool.  Captures live network traffic.  The user interface separates it from other sniffers.

University of Calgary – CPSC 441.  Wireshark (originally named Ethereal)is a free and open-source packet analyzer.  It is used for network troubleshooting,

Laura Chappell Author Wireshark Network Analysis: The Official Wireshark Certified Network Analyst Study Guide wiresharkbook.com SESSION CODE: SIA336.

Packet capture and protocol analysis 1. Content TCP/IP Networking Review Packet Capture Protocol Analysis 2.

CPSC 441 Tutorial TA: Fang Wang The content of these slides are taken from CPSC 526 TUTORIAL by Nashd Safa (Extended and partially modified)

Session 10 Windows Platform Eng. Dina Alkhoudari.

Section 2.2 Network Forensics TRACKING HACKERS THROUGH CYBERSPACE

Network Security: Lab#4-2 Packet Sniffers J. H. Wang Dec. 2, 2013.

Packet Analysis Using Wireshark for Beginners 22AF

1 TAC2000/ LABORATORY 117 Outline of the Hands-on Tutorial  SIP User-Agent Register Register Make calls Make calls  Fault-Finding Tools Observe.

Module 4: Configuring ISA Server as a Firewall. Overview Using ISA Server as a Firewall Examining Perimeter Networks and Templates Configuring System.

Outline Overview Video Format Conversion Connection with An authentication Streaming media Transferring media.

Scapy. Introduction  It’s a packet manipulation tool.  It can forge or decode packets of a wide number of protocols, send them on the wire, capture.

1 TAC2000/ LABORATORY 117 Analyzing SIP Call Flows Dr. Quincy Wu National Chiao Tung University

1. I NTRODUCTION TO N ETWORKS Network programming is surprisingly easy in Java ◦ Most of the classes relevant to network programming are in the java.net.

© 2010 Cisco Systems, Inc. All rights reserved. 1 CREATE Re-Tooling Exploring Protocols with Wireshark March 12, 2011 CREATE CATC and Ohlone College.

Network Management Protocols and Applications Cliff Leach Mike Looney Danny Mar Monty Maughon.

Agilent Technologies Copyright 1999 H7211A+221 v Capture Filters, Logging, and Subnets: Module Objectives Create capture filters that control whether.

Integrating and Troubleshooting Citrix Access Gateway.

Practice 4 – traffic filtering, traffic analysis

Sniffer, tcpdump, Ethereal, ntop

Network Analyzer :- Introduction to Wireshark. What is Wireshark ? Ethereal Formerly known as Ethereal GUINetwork Protocol Analyzer Wireshark is a GUI.

Networks Part 3: Packet Paths + Wireshark NYU-Poly: HSWP Instructor: Mandy Galante.

Computer Networking.  The basic tool for observing the messages exchanged between executing protocol entities  Captures (“sniffs”) messages being sent/received.

Firewalls2 By using a firewall: We can disable a service by throwing out packets whose source or destination port is the port number for that service.

POSTECH 1/39 CSED702D: Internet Traffic Monitoring and Analysis James Won-Ki Hong Department of Computer Science and Engineering POSTECH, Korea

COMP2322 Lab 1 Introduction to Wireshark Weichao Li Jan. 22, 2016.

Introduction Web analysis includes the study of users’ behavior on the web Traffic analysis – Usage analysis Behavior at particular website or across.

COURSE OUTLINE 1 Introduction(History) Key functions Interface analysis 2 Traffic Analysis/OSI Review Protocol Filtering 3 IP and port filtering Wireshark.

Network Analyzer :- Introduction to Ethereal Computer Networking (Graduate Class)

Packet Sniffing Hans Kokx

Traffic Analysis– Wireshark

Traffic Analysis– Traffic Forensic Example

Application Layer Functionality and Protocols Abdul Hadi Alaidi

Module 3: Enabling Access to Internet Resources

CAP6135: Malware and Software Vulnerability Analysis Network Traffic Monitoring Using Wireshark Cliff Zou Spring 2016.

Lab 2: Packet Capture & Traffic Analysis with Wireshark

COMP2322 Lab 5 IP Steven Lee March 22, 2017.

Due: a start of class Oct 12

資料通訊與網路教授: 吳照輝助教: 鄺福全.

A Quick Guide to Ethereal/Wireshark

COMP2322 Lab 2 HTTP Steven Lee Feb. 8, 2017.

Traffic Analysis with Ethereal

Due: a start of class Oct 26

Intro to Ethical Hacking

Intro to Ethical Hacking

Using Ethereal - Packet Capturing & Analysis Tool

Introduction to Packet Sniffing using Ethereal

IS 4506 Server Configuration (HTTP Server)

Wireshark CSC8510 David Sivieri.

Traffic Analysis– Traffic Forensic Example

Network Analyzer :- Introduction to Wireshark

Traffic Analysis– Wireshark Simple Example

Wireshark(Ethereal).

TCP Protocol Analysis Access UMKC Home Page.

Network Analyzer :- Introduction to Wireshark

TCP Protocol Analysis Access UMKC Home Page.

Presentation transcript:

COMP2322 Lab 1 Wireshark Steven Lee Jan. 25, 2017

Packet capture Why do we need to capture packets? Troubleshoot network problems Examine security problems Debug protocol implementations Learn network protocol internals

Existing packet capture tools/sniffers Classic tools Wireshark tcpdump Other tools Ettercap dsniff ntop Kismet WinDump TShark

What is Wireshark? An open source network protocol analyzer Capture network packets Display packet data Supports 2157 protocols (as of v2.2.3) Supports command-line and GUI interfaces Supports multiple platforms including Windows, macOS, Linux and Unix Wireshark User’s Guide (https://www.wireshark.org/download/docs/user-guide-a4.pdf)

libpcap and WinPcap Libraries for network traffic capture Provide the core functions of packet capturing Linux/Unix: libpcap (http://www.tcpdump.org/) Windows: WinPcap (http://www.winpcap.org)

Practice 1 Y:\Win32\WiresharkPortable_1.4 Select the right interface. Start packet capture for 10 seconds and save the trace Question 1 (4 marks) How many interface(s) do you see? What are they? Which interface have you chosen and why?

Filters Capture filters Display filters Only packets that meet the rule(s) are captured and decoded Syntax: https://www.wireshark.org/docs/wsug_html_chunked/ChCapCaptureFilterSection.html Display filters Do not affect what packets are captured Only affect which captured packets are displayed https://www.wireshark.org/docs/wsug_html_chunked/ChWorkBuildDisplayFilterSection.html

Some other features Follow TCP stream Statistics Analyze → Follow → TCP Stream Statistics Capture File Properties: statistics on this capture file Conversations: statistics on captured conversations A conversation is the traffic between two specific endpoints Endpoints: traffic statistics on end hosts IO Graph: visualization of captured network packets

Practice 2 Visit http://www4.comp.polyu.edu.hk/~comp2322/ Question 2 (22 marks) What capture filter can be used to capture only HTTP traffics? What display filter can be used to display only HTTP traffics? What is your IP address? What is the server’s IP address? What is the HTTP version? What is the HTTP request method? How many HTTP request(s) is/are sent to the server? Mark the request packet(s) by right-clicking it/them and select Mark/Unmark Packet. What is/are the status code(s) in the response(s)? How many application protocol(s) is/are captured while accessing the website? What protocol(s) does HTTP rely on? What is the relationship between HTTP and the World Wide Web (WWW)?

Practice 3 Visit https://www.google.com/ Question 3 (4 marks) What port does HTTPS use? How is a HTTPS connection established?

Practice 4 Visit https://www.facebook.com/ Question 4 (4 marks) What are the IP addresses of Facebook when visited at home and on campus? Are the IP addresses the same? If not, can you guess why? (Hint: content delivery network (CDN))