@packetjay Fun and games until someone uses IPv6 or TCP.

Slides:



Advertisements
Similar presentations
CST Computer Networks NAT CST 415 4/10/2017 CST Computer Networks.
Advertisements

TCP/IP Protocol Suite 1 Chapter 27 Upon completion you will be able to: Next Generation: IPv6 and ICMPv6 Understand the shortcomings of IPv4 Know the IPv6.
Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.
IPv6. Major goals 1.support billions of hosts, even with inefficient address space allocation. 2.reduce the size of the routing tables. 3.simplify the.
Network Layer IPv6 Slides were original prepared by Dr. Tatsuya Suda.
2: Comparing IPv4 and IPv6 Rick Graziani Cabrillo College
Umut Girit  One of the core members of the Internet Protocol Suite, the set of network protocols used for the Internet. With UDP, computer.
Introduction to TCP/IP TCP / IP –including 2 protocols Protocol : = a set of rules that govern the communication between different devices Protocol : =
© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—1-1 Building a Simple Network Understanding the TCP/IP Internet Layer.
IS333, Ch. 26: TCP Victor Norman Calvin College 1.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Communicating over the Network Network Fundamentals – Chapter 2.
The Network Layer Chapter 5. The IP Protocol The IPv4 (Internet Protocol) header.
Chapter 5 The Network Layer.
Chapter 14 TCP/IP and Routing Part #1 Unix System Administration.
Oct 21, 2004CS573: Network Protocols and Standards1 IP: Addressing, ARP, Routing Network Protocols and Standards Autumn
Understanding Networks. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.
IP Routing: an Introduction. Quiz
What Can IP Do? Deliver datagrams to hosts – The IP address in a datagram header identify a host IP treats a computer as an endpoint of communication Best.
Wireshark Presented By: Hiral Chhaya, Anvita Priyam.
Protocol Headers Pre DA SA 0800h … version H L 6 TCP Header Data FCS
IP Addressing INTW What is an IP address? An unique identifier for a computer or device (host) on a TCP/IP network A 32-bit binary number usually.
TCP/IP Networking sections 13.2,3,4,5 Road map: TCP, provide connection-oriented service IP, route data packets from one machine to another (RFC 791) ICMP,
Network Services Networking for Home & Small Business.
Digital Multimedia, 2nd edition Nigel Chapman & Jenny Chapman Chapter 17 This presentation © 2004, MacAvon Media Productions Multimedia and Networks.
© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—2-1 Ethernet LANs Exploring the Packet Delivery Process.
ECE 526 – Network Processing Systems Design Networking: protocols and packet format Chapter 3: D. E. Comer Fall 2008.
Internetworking Internet: A network among networks, or a network of networks Allows accommodation of multiple network technologies Universal Service Routers.
Firewall Basics Technology and Business Applications.
1 Network Layer Lecture 15 Imran Ahmed University of Management & Technology.
Mobile IP Outline Intro to mobile IP Operation Problems with mobility.
TCP/IP MODEL   Short overview for OSI model;  What is TCP/IP model?;  How is divided;  The TCP/IP structure;  The Application Layer;  The Transport.
Multimedia and Networks. Protocols (rules) Rules governing the exchange of data over networks Conceptually organized into stacked layers – Application-oriented.
S305 – Network Infrastructure Chapter 5 Network and Transport Layers.
IP addresses IPv4 and IPv6. IP addresses (IP=Internet Protocol) Each computer connected to the Internet must have a unique IP address.
Digital Multimedia, 2nd edition Nigel Chapman & Jenny Chapman Chapter 17 This presentation © 2004, MacAvon Media Productions Multimedia and Networks.
CSCI 465 D ata Communications and Networks Lecture 24 Martin van Bommel CSCI 465 Data Communications & Networks 1.
Is Cyber Security IPv6-Ready? HEPiXX – Vancouver, BC Bob Cowles October, 2011.
1 12-Jan-16 OSI network layer CCNA Exploration Semester 1 Chapter 5.
Internet Architecture. 2 INTRODUCTION INTERNET developed by a community of researchers centered around the Defense Advanced Research Projects Agency (DARPA)
Data Communications and Computer Networks Chapter 4 CS 3830 Lecture 19 Omar Meqdadi Department of Computer Science and Software Engineering University.
Chapter 16 - TCP: Software For Reliable Communication Introduction A Packet Switching System Can Be Overrun (merging highways) TCP Helps IP Guarantee Delivery.
IP Protocol CSE TCP/IP Concepts Connectionless Operation Internetworking involves connectionless operation at the level of the Internet Protocol.
NT1210 Introduction to Networking
IPv6 Security Issues Georgios Koutepas, NTUA IPv6 Technology and Advanced Services Oct.19, 2004.
Lecture 13 IP V4 & IP V6. Figure Protocols at network layer.
Challenges and  Goal: remove critical stuff remove critical stuff but: keep enough info to stay useful but: keep enough info to stay.
CR Kit Packet Formatting WINLAB Rutgers University Date : June Authors : Khanh Le, Prasanthi Maddala,
Networking Objectives Recap and understand the following network addressing terms – IP address – MAC address – Packet – protocol.
Common System Exploits Tom Chothia Computer Security, Lecture 17.
Chapter 5 Network and Transport Layers
Chapter4 Packet and Protocol.
IP: Addressing, ARP, Routing
Internet Protocol Version 6
Scaling the Network: The Internet Protocol
CR Kit Packet Formatting
Address Resolution Protocol
CS 457 – Lecture 10 Internetworking and IP
Topic 5: Communication and the Internet
Key concepts covered in Midterm III
INTERNET PROTOCOL Presented by: Md:Faruque-A-Azam ID:1642CSE00570 Batch:42 CSE,MIU.
Protocols 1 Key Revision Points.
Network Analyzer :- Introduction to Wireshark
TCP Protocol Analysis Access UMKC Home Page.
Network Analyzer :- Introduction to Wireshark
Scaling the Network: The Internet Protocol
Networking Essentials For Firewall-1 Administrators
Mobile IP Outline Intro to mobile IP Operation Problems with mobility.
Network Addressing.
16EC Computer networks unit II Mr.M.Jagadesh
Chapter 15 - IP: Software To Create A Virtual Network
Presentation transcript:

@packetjay Fun and games until someone uses IPv6 or TCP

 PCAP = Packet CAPture binary log of network packets binary log of network packets old format, being replaced by PCAPng old format, being replaced by PCAPng  Written by tcpdump, Wireshark (using dumpcap), Snort, and other tools

 Similar to editing packets for packet replay  Removing sensitive details User Credentials User Credentials Network topology (IP addresses etc.) Network topology (IP addresses etc.) Device & software version information Device & software version information Vulnerable protocols Vulnerable protocols Payloads Payloads

 Network analysts often require to keep packets only up to the TCP layer often require to keep packets only up to the TCP layer look at packet loss, timings, TCP being messed up by obscure middle boxes look at packet loss, timings, TCP being messed up by obscure middle boxes sometimes need details like FQDNs or URLs sometimes need details like FQDNs or URLs

 Security Analysts/Researchers usually don't care that much about Ethernet / ARP / IPv4 / TCP / UDP headers usually don't care that much about Ethernet / ARP / IPv4 / TCP / UDP headers Need to keep the malware / exploit delivery process intact: FQDNs, URLs, binary payloads Need to keep the malware / exploit delivery process intact: FQDNs, URLs, binary payloads

 Balance between removing details and remaining usefulness  One packet vs. many  Protocol complexity  Procotol dependencies  Defensive Transformation

 Hex Editors  Wireshark Edit Feature only in GTK at this time only in GTK at this time  WireEdit

 bittwiste, tcprewrite  pktanon  pcaplib  TraceWrangler

 Example: replacing an IPv4 Address Generate a new 32bit value and assign it Generate a new 32bit value and assign it Random, 1:1 rule, network rule Random, 1:1 rule, network rule  Problems: Special IP addresses ( , /8) Special IP addresses ( , /8) Multicast range ( /4) Multicast range ( /4) Mapping to the same replacement Mapping to the same replacement

 Well known vs. arbitrary ports  Payloads may be split across multiple packets (uh oh!) Reassembly may be neccessary Reassembly may be neccessary What about missing packets & retransmissions? What about missing packets & retransmissions?  Replacement size differences matter

 Example: IPv6 Neighbor Solicitation  Address dependencies: MAC MAC IPv6 IPv6 Multicast Multicast

 Even DNS can be complicated Runs on UDP (mostly) but TCP sometimes, too Runs on UDP (mostly) but TCP sometimes, too Contains FQDNs in most cases Contains FQDNs in most cases  Replacing FQDNs is not easy Subelements need be consistently replaced Subelements need be consistently replaced „test.packet-foo.com“ -> „something.secret.com“ „test.packet-foo.com“ -> „something.secret.com“ „abc.def.packet-foo.com“ -> „wut.xyz.secret.com“ „abc.def.packet-foo.com“ -> „wut.xyz.secret.com“

  Web:blog.packet-foo.com 

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.