An introduction to Network Analyzers Dr. Farid Farahmand 3/23/2009.

Slides:



Advertisements
Similar presentations
Password Cracking, Network Sniffing, Man-in-the-Middle attacks, and Virtual Private Networks Lab 2 – Class Discussion Group 3 Ruhull Alam Bhuiyan Keon.
Advertisements

Tactics to Discover “Passive” Monitoring Devices
IST 201 Chapter 9. TCP/IP Model Application Transport Internet Network Access.
Introduction to Network Analysis and Sniffer Pro
Packet Analyzers, a Threat to Network Security. Agenda Introduction The background of packet analyzers LAN technologies & network protocols Communication.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
IS Network and Telecommunications Risks
1 Fall 2005 Hardware Addressing and Frame Identification Qutaibah Malluhi CSE Department Qatar University.
Chapter 14 TCP/IP and Routing Part #1 Unix System Administration.
1 Fall 2005 Internetworking: Concepts, Architecture and TCP/IP Layering Qutaibah Malluhi CSE Department Qatar University.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
OSI Model.
1 K. Salah Module 4.0: Network Components Repeater Hub NIC Bridges Switches Routers VLANs.
Securing TCP/IP Chapter 6. Introduction to Transmission Control Protocol/Internet Protocol (TCP/IP) TCP/IP comprises a suite of four protocols The protocols.
Computer Security and Penetration Testing
Wireshark Presented By: Hiral Chhaya, Anvita Priyam.
Data Communications and Networks
TC 361 Data Networking Test Review
COEN 252 Computer Forensics
Network Protocols. Why Protocols?  Rules and procedures to govern communication Some for transferring data Some for transferring data Some for route.
NetworkProtocols. Objectives Identify characteristics of TCP/IP, IPX/SPX, NetBIOS, and AppleTalk Understand position of network protocols in OSI Model.
Computer Networks.  The OSI model is a framework containing seven layers that defines the protocols and devices used at each stage of the process when.
Network Security: Lab#4-2 Packet Sniffers J. H. Wang Dec. 2, 2013.
Network Services Networking for Home & Small Business.
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
1 Version 3.0 Module 11 TCP Application and Transport.
COEN 252: Computer Forensics Network Analysis and Intrusion Detection with Snort.
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Linux Networking and Security
Computer Security Workshops Networking 101. Reasons To Know Networking In Regard to Computer Security To understand the flow of information on the Internet.
Computer Networking From LANs to WANs: Hardware, Software, and Security Chapter 13 FTP and Telnet.
CHAPTER 9 Sniffing.
Data Communications and Networks
INTRODUCTION TO NETWORKS 8/2/2015 SSIG SOUTHERN METHODIST UNIVERSITY.
TCP/IP MODEL   Short overview for OSI model;  What is TCP/IP model?;  How is divided;  The TCP/IP structure;  The Application Layer;  The Transport.
Switch Features Most enterprise-capable switches have a number of features that make the switch attractive for large organizations. The following is a.
1 Chapter Overview Network Communications The OSI Reference Model.
1 Chapter Overview Network Communications The OSI Reference Model.
Sniffer, tcpdump, Ethereal, ntop
1 Bus topology network. 2 Data is sent to all computers, but only the destination computer accepts 02608c
Linux Operations and Administration Chapter Eight Network Communications.
PACKET SNIFFING Dr. Andy Wu BCIS 4630 Fundamentals of IT Security.
0x440 Network Sniffing.
Slide #1 CIT 380: Securing Computer Systems TCP/IP.
© ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 1 Essential TCP/IP Network Protocols and.
Voice Over Internet Protocol (VoIP) Copyright © 2006 Heathkit Company, Inc. All Rights Reserved Presentation 5 – VoIP and the OSI Model.
LonWorks Introduction Hwayoung Chae.
Cisco I Introduction to Networks Semester 1 Chapter 7 JEOPADY.
Unit 2 Personal Cyber Security and Social Engineering Part 2.
COURSE OUTLINE 1 Introduction(History) Key functions Interface analysis 2 Traffic Analysis/OSI Review Protocol Filtering 3 IP and port filtering Wireshark.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 OSI transport layer CCNA Exploration Semester 1 – Chapter 4.
IST 201 Chapter 11 Lecture 2. Ports Used by TCP & UDP Keep track of different types of transmissions crossing the network simultaneously. Combination.
Fall  Computer Crimes  Operating System Identification  Firewalking 2.
An Intro to Network Analyzers
Networks Fall 2009.
Lab 2: Packet Capture & Traffic Analysis with Wireshark
Chapter 3 Understanding the OSI Model
LAN Vulnerabilities.
Packet Sniffers Lecture 10 - NETW4006 NETW4006-Lecture09.
What the OSI Protocol Layers Do
Traffic Analysis with Ethereal
Intro to Ethical Hacking
Intro to Ethical Hacking
Computer Networks 9/17/2018 Computer Networks.
CIT 480: Securing Computer Systems
Chapter 4 Core TCP/IP Protocols
Communication Networks NETW 501 Tutorial 3
Network Analyzer :- Introduction to Wireshark
Network Architecture Models
OSI Reference Model Kashif Ishaq.
Presentation transcript:

An introduction to Network Analyzers Dr. Farid Farahmand 3/23/2009

Network Analysis and Sniffing Process of capturing, decoding, and analyzing network traffic  Why is the network slow  What is the network traffic pattern  How is the traffic being shared between nodes Also known as  traffic analysis, protocol analysis, sniffing, packet analysis, eavesdropping*, etc. *Listen secretly to what is said in private!

Network Analyzer A combination of hardware and software tools what can detect, decode, and manipulate traffic on the network  Passive monitoring (detection) - Difficult to detect  Active (attack) Available both free and commercially Mainly software-based (utilizing OS and NIC)  Also known as sniffer  A program that monitors the data traveling through the network passively Common network analyzers  Wireshark / Ethereal  Windump  Etherpeak  Dsniff  And much more…. Read: Basic Packet-Sniffer Construction from the Ground Up! by Chad Renfro Checkout his program: sniff.c

Network Analyzer Components Hardware  Special hardware devices Monitoring voltage fluctuation Jitter (random timing variation) Jabber (failure to handle electrical signals) CRC and Parity Errors  NIC Card Capture driver  capturing the data Buffer  memory or disk-based Real-time analysis  analyzing the traffic in real time; detecting any intrusions Decoder  making data readable Capturing the data is easy! The question is what to do with it!

Who Uses Network Analyzers System administrators  Understand system problems and performance Malicious individuals (intruders) Capture cleartext data Passively collect data on vulnerable protocols  FTP, POP3, IMAP, SMATP, rlogin, HTTP, etc.  Capture VoIP data Mapping the target network Traffic pattern discovery Actively break into the network (backdoor techniques)

Basic Operation Ethernet traffic is broadcasted to all nodes on the same segment Sniffer can capture all the incoming data when the NIC is in promiscuous mode:  ifconfig eth0 promisc  ifconfig eth0 –promisc  Default setup is non-promiscuous (only receives the data destined for the NIC)  Remember: a hub receives all the data! If switches are used the sniffer must perform port spanning  Also known as port mirroring  The traffic to each port is mirrored to the sniffer

Port Monitoring

Protecting Against Sniffers Spoofing the MAC is often referred to changing the MAC address (in Linux:)  ifconfig eth0 down  ifconfig eth0 hw ether 00:01:02:03:04:05  ifconfig eth0 up  Register the new MAC address by broadcasting it ping –c 1 –b To detect a sniffer (Linux)  Download Promisc.c)  ifconfig -a (search for promisc)  ip link (search for promisc) To detect a sniffer (Windows)  Download PromiscDetect Remember: 00:01:02:03:04:05 MAC address (HWaddr)= Vender Address + Unique NIC #

Protecting Against Sniffers Using switches can help Use encryption  Making the intercepted data unreadable  Note: in many protocols the packet headers are cleartext! VPNn use encryption and authorization for secure communications  VPN Methods Secure Shell ( SSH): headers are not encrypted Secure Sockets Layer ( SSL): high network level packet security; headers are not encrypted IPsec: Encrypted headers but does not used TCP or UDP Remember: Never use unauthorized Sniffers at wok!

What is Wireshark? Formerly called Ethereal An open source program  free with many features Decodes over 750 protocols Compatible with many other sniffers Plenty of online resources are available Supports command-line and GUI interfaces  TSHARK (offers command line interface) has three components Editcap (similar to Save as..to translate the format of captured packets) Mergecap (combine multiple saved captured files) Text2pcap (ASCII Hexdump captures and write the data into a libpcap output file) Remember: You must have a good understanding of the network before you use Sniffers effectively!

Installing Wireshark Download the program from  Requires to install capture drivers (monitor ports and capture all traveling packets)  Linux: libpcap  Windows: winpcap ( Typically the file is in TAR format (Linux) To install in Linux  rpm –ivh libpcap i.386.rpm (install lipcap RPM)  rpm –q libpcap (query lipcap RPM)  tar –zxvf libpcap tar.gz ./config  make  sudo make install

Installing Wireshark Packages that are needed for Installation Ethereal (available in Fedora Core 4 disk #4)  ethereal— i386.rpm Ethereal GNOME User Interface  ethereal-gnome i386.rpm Log in as the ‘root’ user Insert Fedora Code 4 Disk #4 Navigate to the following folder in the disk /Fedora/RPMS Locate packages  ethereal— i386.rpm  ethereal-gnome i386.rpm Copy the above packages to your system Change directory to the packages location  cd Install Ethereal  rpm –ivh ethereal— i386.rpm Install Ethereal GNOME user Interface  rpm –ivh ethereal-gnome i386.rpm

Wireshark Window Menu Bar Summary Window Tool Bar Filter Bar Info Field Disp. Info field Protocol Tree Window Data View Window

Packet number 8 – BGP (Boarder Gateway Prot) Protocol Tree Window: Details of the selected packet (#8) Raw data (content of packet # 8)

Filtering BGP packets only

We continue in the lab…. Download the following files and copy them in your HW:  bgp_test  tcp_stream_analysis  follow_tcp_stream

A Little about Protocols… Protocols are standard for communications Ethernet is the most popular protocol standard to enable computer communication  Based on shared medium and broadcasting Ethernet address is called MAC address  48 bit HW address coded in the RON of the NIC card  The first 12 bits represent the vender  The second 12 bits represent the serial number  Use: arp –a Remember: IP address is logical addressing  Network layer is in charge of routing  Use: ipconfig

OSI Model Physical Data link; sublayers:  MAC: Physical addressing: moving packets from one NIC card to another  LLC (Logical Link Control) Flow control and error control Network  Logical addressing (IP protocol) Transport  Provides reliable end-to-end transport  Can be connectionless (UDP) or connection oriented (TCP)  Connection oriented requires ACK

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.