Dumps: Read’em and Weep Presented at Black Lodge Research www.blacklodgeresearch.orgwww.blacklodgeresearch.org.

Slides:

Advertisements

Similar presentations

Hands-On Ethical Hacking and Network Defense Lecture 15 Man in the Middle Attack to get Passwords from HTTPS Sessions.

Advertisements

Sniffing, Spoofing, Hijacking This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added.

Introduction to Network Analysis and Sniffer Pro

Packet Analyzers, a Threat to Network Security. Agenda Introduction The background of packet analyzers LAN technologies & network protocols Communication.

Chapter 14 Wireless Attacks, Intrusion Monitoring and Policy

Man in the Middle Paul Box Beatrice Wilds Will Lefevers.

Sniffing the sniffers - detecting passive protocol analysers John Baldock, Intel Corp Craig Duffy, Bristol UWE.

Network Analyzer Example

McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 Application Layer PART VI.

Adrian Crenshaw.  I run Irongeek.com  I have an interest in InfoSec education  I don’t know everything - I’m.

Transport Layer Flow. Socket Connections UDP Segment Structure.

ITIS3100 By Fei Xu. Acknowledge This document is basically a digest from “Wireshark User's Guide for Wireshark 1.0.0” You can download the software.

Hubs & Switches Ethernet Basics -10. There is only so much available bandwidth, in some instances it can be dynamic An overabundance of data on the network,

Introduction to InfoSec – Recitation 12 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)

Troubleshooting Software Tools vs. Professional Test Equipment.

Chapter 11 Extending LANs: Fiber Modems, Repeaters, Bridges, & Switches Hub Bridge Switch.

Drinking straight from the network hose. So What is WireShark? Packet sniffer/protocol analyzer Open Source Network Tool Latest version of the ethereal.

1 Chapter 6 Network Security Threats. 2 Objectives In this chapter, you will: Learn how to defend against packet sniffers Understand the TCP, UDP, and.

Wireshark Presented By: Hiral Chhaya, Anvita Priyam.

CSCD433 Advanced Networks Fall 2011 Raw vs. Cooked Sockets.

Adrian Crenshaw.  I run Irongeek.com  I have an interest in InfoSec education  I don’t know everything - I’m.

COEN 252 Computer Forensics

Cyber Security. Security – It’s About Layers There’s no one stop solution to protection Each layer you add, an additional tool will be needed to pierce.

COEN 252 Computer Forensics Collecting Network-based Evidence.

Network Security: Lab#4-2 Packet Sniffers J. H. Wang Dec. 2, 2013.

This courseware is copyrighted © 2015 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.

1/28/2010 Network Plus Network Device Review. Physical Layer Devices Repeater –Repeats all signals or bits from one port to the other –Can be used extend.

Packet Analysis Using Wireshark for Beginners 22AF

Introduction to InfoSec – Recitation 11 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)

Switches 1RD-CSY  In this lecture, we will learn about  Collision Domain and Microsegmentation  Switches – a layer two device ◦ MAC address.

EFFECTIVELY TEACHING WITH WIRESHARK LAURA CHAPPELL EFFECTIVELY TEACHING WITH WIRESHARK LAURA CHAPPELL CHAPPELLU.COM WIRESHARKTRAINING.COM.

Networking Components Daniel Rosser LTEC Network Hub It is very difficult to find Hubs anymore Hubs sends data from one computer to all other computers.

CHAPTER 9 Sniffing.

Switches 1RD-CSY  In this lecture, we will learn about  Collision Domain and Microsegmentation  Switches – a layer two device ◦ MAC address.

Packet Capture and Analysis: An Introduction to Wireshark 1.

Topics Network topology Virtual LAN Port scanners and utilities Packet sniffers Weak protocols Practical exercise.

TCP/IP bai3110. Topics covered TCP/IP layers TCP UDP IP ICMP Unicast Broadcast Multicast ARP IGMP Sniffing Port scanning.

CNIT 124: Advanced Ethical Hacking Ch 7: Capturing Traffic.

70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network, Enhanced Chapter 3: TCP/IP Architecture.

Sniffer, tcpdump, Ethereal, ntop

NET 324 D Networks and Communication Department Lec1 : Network Devices.

LAN Switching Concepts. Overview Ethernet networks used to be built using repeaters. When the performance of these networks began to suffer because too.

Networking Components Eric Sestak LTEC Network Hub Hubs are old devices which are rarely ever seen anymore these days. Before switches were commonplace.

ONETOUCH™ AT NETWORK ASSISTANT NEWS BRIEFING PRESENTATION (EMBARGOED UNTIL 6/6/12)

Packets and Protocols Chapter Two Introducing Wireshark.

Chapter 3.  Upon completion of this chapter, you should be able to:  Select and install network cards to meet network connection requirements  Connect.

Group 3 Characterization of Wireless: Network layer and above.

CTC228 Nov Today... Catching up with group projects URLs and DNS Nmap Review for Test.

1 Interview Questions - What is the difference between TCP and UDP? - What is Nagle's Algorithm? - Describe the TCP handshaking process. - What is Slow.

1 Ch 11 Extending LANs Fiber modems, Repeaters, Bridges, and Switches.

COMP2322 Lab 1 Introduction to Wireshark Weichao Li Jan. 22, 2016.

WIRESHARK Lab#3. Computer Network Monitoring  Port Scanning  Keystroke Monitoring  Packet sniffers  takes advantage of “friendly” nature of net. 

MIS Week 9 Site:

NETWORKING COMPONENTS Jeffery Rice LTEC Assignment 3.

Mobile Packet Sniffer Ofer Borosh Vadim Lanzman Dr. Chen Avin

Lec # 25 Computer Network Muhammad Waseem Iqbal. Learn about the Internetworking Devices – Repeaters – Hubs – Switches – Bridges – Routers.

COURSE OUTLINE 1 Introduction(History) Key functions Interface analysis 2 Traffic Analysis/OSI Review Protocol Filtering 3 IP and port filtering Wireshark.

Packet Sniffing Hans Kokx

Instructor Materials Chapter 5: Network Security and Monitoring

資料通訊與網路教授: 吳照輝助教: 鄺福全.

COMP2322 Lab 1 Wireshark Steven Lee Jan. 25, 2017.

LAN Vulnerabilities.

Packet Sniffers Lecture 10 - NETW4006 NETW4006-Lecture09.

Intro to Ethical Hacking

Intro to Ethical Hacking

Chapter 5: Network Security and Monitoring

Chapter 11 Securing Network Components

Wireshark LAN Monitoring HaganFox.net/NetSec Originally presented at

Intro to Wireshark What is it? What does it do? Why do I need it?

Roy Hoover Mike Williams

Presentation transcript:

Dumps: Read’em and Weep Presented at Black Lodge Research

Legal This presentation is for information and educational use only. None of the techniques described in the following should be used for illegal communications interception. Please be aware of: US Code 18, part 1, section 119:

Covering Today: 1.What 2.Why 3.When 4.How 5.Where 6.Use more Fiber.. 7.Tcp Poké Ball go!

What Network dumps tell the truth, the whole truth (if done right) and nothing but the truth, so help them Bruce. Contains the raw data going across the pipes. Troubleshooters best friend and worst nightmare Variety of tools: Tcpdump, wireshark, tshark, CACE pipe,

Why Shows what application level analysis can’t, the real data on the wire Makes segmentation of troubleshooting easier For client/support relationship, great way to prove the network is not the problem.

When When ever there is trouble, dumps will be there.. Slow network Unexplained behavior Connectivity issues Security Breach Pen Testing Wifi access.. To retrieve your forgotten wifi password. For the fun of it.

How Not OS dependant, there is a capture engine for anything Are you Promiscuous? How big can you get? Splitsville? Remote Execution

Where Know your network type: Hub - Easy to cap on, tough to find Switch - Easy to find, require different approach to capture on (SPAN, TAP, Mac Flood, MiTM) Wireless - Everywhere, each security type requires a slightly different approach.

Where Hub -On same Hub, start capture promiscuous mode - Half duplex ( since all packets go to all ports) Switch -Standard uni-cast, meaning packets go where they should (based on Mac table/arps) - Bummer, can’t listen to all traffic - Solution 1: MaC Flood - Solution 2: Span port - Solution 2: TAP ( t.html)

Where Wireless - Like dust in the wind, open wifi is free to snag on a promiscuous capable adapter.

Use more fiber Filters -Capture Filters -Display Filters - Difference?

Tcp Poké Ball go! Capture HTTP Filter Handshake Filter Http Find the photo Capture SSL Version Cipher used? Resume or New? Capture FTP Active or Passive? Determine Ports, filter by port Find the photo Capture Wireless Find HTTP Filter out beacons General: Layer 2 arps, macs, tcp handshakes, windows,