Packet Analysis Fluke Protocol Expert & Misc Applications Brian D. Sterck

Where to find your updates

Promotions Page for CiscoNA

Beginning the Installation

Readme File contains password Launching OPV-PE ====================== Login and Password A valid, case sensitive, user name and password is required to launch OPV-PE software. The password for the default super user is shown below. The passwords for these users should be changed after the first launch of OPV-PE. To change the default password for these users, or create new users, choose the menu item Host>Access Privileges>User Manager, highlight the first user and click "Modify". Enter a new password for the following users. User Name: su Password : manager (hidden) User Name: guest Password : public (hidden) **Note:A checkbox is provided to select a default User Name (not password) for easier Login.

Initial Login Screen

Capture and Monitoring Mode (Opening View)

NIC Description

Secondary NIC Description

Hide Resource Browser Rename Network Adapters

System Settings

Module Settings

Monitor View Preferences

Expert Configuration

Host Table

Protocol Distribution

MAC Statistics

Size Distribution

Name Table

Remote vs. Local

Expert View – Symptoms Overview

Expert View – Transport Symptoms

Expert View – Network Symptoms

Expert View – Session Anaysis

Expert View – Transport Entities

Host, Network, App Matrix

Display Filter

Capture Filter

Stopping the Capture

Capture View

Buffer Limit with Education Version

Viewing Captured Frames

Viewing Captured Frames (Cont.)

MAC Address – Source & Destination

Change Capture View to Include Network Address

Capture View with L3 Addressing

Telnet Capture

Username? Interesting…

Display Filter to Remove Clutter

Username Capture

Return of Keystroke by Switch

Sending ‘l’ keystroke

Sending ‘u’ keystroke

Sending ‘k’ keystroke

Sending ‘e’ keystroke

Actual Terminal of User

Password Prompt sent by Switch

Passwords Are Not Echoed By Cisco Switch (1 st Char = ‘t’)

2 nd Char = ‘e’

3 rd Char = ‘S’

4 th Char = ‘t’

5 th Char = ‘P’

6 th Char = ‘a’

7 th Char = ‘s’

8 th Char = ‘s’

9 th Char = ‘!’

Switch Prompt is Displayed

Capture of Show Run Output

Fluke Password in Config

Advanced Security Member Portal

Advanced Security Member Portal Tools Database

Get Pass

Hex Reveals Lowercase and Uppercase Difference

Unload Display Filter

Protocol Distribution for ACL Design

ACL influenced by Protocol Distribution HOMEOFFICE831(config)#ip access-list extended TESTACL HOMEOFFICE831(config-ext-nacl)#permit tcp any eq 119 HOMEOFFICE831(config-ext-nacl)#permit tcp any eq 80 HOMEOFFICE831(config-ext-nacl)#permit tcp any eq 3389 HOMEOFFICE831(config-ext-nacl)#permit tcp any range HOMEOFFICE831(config-ext-nacl)#permit udp any range HOMEOFFICE831(config-ext-nacl)#permit tcp any eq 25 HOMEOFFICE831(config-ext-nacl)#permit tcp any eq 110 HOMEOFFICE831(config-ext-nacl)#permit udp any eq 53 HOMEOFFICE831(config-ext-nacl)#permit icmp any any echo HOMEOFFICE831(config-ext-nacl)#permit icmp any any echo- HOMEOFFICE831(config-ext-nacl)#permit icmp any any echo-reply HOMEOFFICE831(config-ext-nacl)#permit icmp any any echo-reply unrea HOMEOFFICE831(config-ext-nacl)#permit icmp any any echo-reply unreachable

Etherpeek User Capture

Etherpeek Password Capture

Etherpeek Filters

Ethereal To get up and running with Ethereal, you will need to download and install Ethereal, and will also need to download and install WinPcap if you plan to capture packets with Ethereal. If you don't install WinPcap, you will not be able to capture packets with Ethereal!

Ethereal Interface Capture

Begin Capture (Ethereal)

Capture Buffer (Ethereal)

Filtering with Ethereal

Ethereal Password Capture

Follow TCP Stream

Follow TCP Stream (Cont.)

Questions?