Presentation is loading. Please wait.

Presentation is loading. Please wait.

COURSE OUTLINE 1 Introduction(History) Key functions Interface analysis 2 Traffic Analysis/OSI Review Protocol Filtering 3 IP and port filtering Wireshark.

Published byAnastasia Flynn Modified over 8 years ago

Similar presentations

Presentation on theme: "COURSE OUTLINE 1 Introduction(History) Key functions Interface analysis 2 Traffic Analysis/OSI Review Protocol Filtering 3 IP and port filtering Wireshark."— Presentation transcript:

1

2 COURSE OUTLINE 1 Introduction(History) Key functions Interface analysis 2 Traffic Analysis/OSI Review Protocol Filtering 3 IP and port filtering Wireshark and Linux firewall interaction Demonstration of detecting unauthorized traffic 4 Tshark command line interface overview Demonstrate how credentials can be stolen Network card Modes: Monitoring/Remote Capture

3 Why is Wireshark relevant ? Network security Prevention Performance Troubleshooting

4 Brief History(What was happening in the 80’s?) How did technicians troubleshoot networks ? ANY IDEAS ?

5 The Oscilloscope In the 1980’s to answer this question and thoroughly examine a network an oscilloscope was the main technology used.

6 What could the Oscilloscope do? An oscilloscope showed square-ish electrical pulses that bounced up and down observing the change of an electrical over time. Then the observed waveform could be analyzed.  Technicians could determine the time and voltage values of a signal.  Technicians could calculate the frequency of a signal.  Technicians could observe the change of an electrical signal over time.

7 Packet Switched Networks

8 Packets instead of pulses With the growth of packet-switched networks. Packet analysers such as Tcp dump combined with clever low-level programming (pcap) meant you could see what was in each message going across the network.

9 Enter Gerald Combs

10 Ethereal/Wireshark In the late 1990s Gerald Combs a computer science graduate was working for a small internet service provider. He began writing Ethereal in 1998 which led to Riverbed Technology expanding the concept under Wireshark in 2010. Today Wireshark has won several industry awards and is today one of the best open source packet analyzers available today for UNIX and Windows.

11 What is Wireshark? Wireshark is a free and open source network protocol analyser(also known as a network sniffer) that enables users to interactively browse the data traffic on a computer network.  500,000 downloads a month.  The IT industry has embraced Wireshark as the go-to tool for network troubleshooting, optimization and security.

12 Network Tools Ping, Tracert, Netstat, Arp They test end basic connectivity First “filling of the network behaviour ”

13 SNMP Tools Continuous monitoring and mapping Events and notifications Map systems.

14 Where is Wireshark used ? Network administrators use it to troubleshoot network problems Hunt down unauthorized Network traffic Troubleshoot slow network performance Confirm Firewall settings Determine whether a machine has malware IT Security becoming a huge asset in the workplace Knowledge of Wireshark is a huge plus in IT admin Jobs.

15 Where to Locate it? For Internet connectivity monitoring (Before or after the firewall?) For WAN monitoring (Connect laptop to the LAN switch, with port mirror to the monitored router. For server monitoring(Connect the laptop to the LAN switch, with port mirror to the monitored server.)

16 Welcome to the interface

17 WordPress wireshark01site.wordpress.com

18 During installation main sure WinPcap is installed. Remember from earlier slide. Pcap is the (API) for capturing network traffic.

19

20 Initial Screen

21 Organize your layout

22 OSI MODEL + Wireshark Interface

Download ppt "COURSE OUTLINE 1 Introduction(History) Key functions Interface analysis 2 Traffic Analysis/OSI Review Protocol Filtering 3 IP and port filtering Wireshark."

Similar presentations

F3 Collecting Network Based Evidence (NBE)

F3 Collecting Network Based Evidence (NBE)
International Academy Design and Technology Technology Classes.

International Academy Design and Technology Technology Classes.
Precept 3 Host Configuration 1 Peng Sun. What TCP conn. running? Commands netstat [-n] [-p] [-c] (Linux) lsof -i -P (Mac) ss (newer version of netstat)

Precept 3 Host Configuration 1 Peng Sun. What TCP conn. running? Commands netstat [-n] [-p] [-c] (Linux) lsof -i -P (Mac) ss (newer version of netstat)
SYSTEM ADMINISTRATION Chapter 19

SYSTEM ADMINISTRATION Chapter 19
Operating Systems Concepts 1/e Ruth Watson Chapter 11 Chapter 11 Network Maintenance Ruth Watson.

Operating Systems Concepts 1/e Ruth Watson Chapter 11 Chapter 11 Network Maintenance Ruth Watson.
Module 10: Troubleshooting Network Access. Overview Troubleshooting Network Access Resources Troubleshooting LAN Authentication Troubleshooting Remote.

Module 10: Troubleshooting Network Access. Overview Troubleshooting Network Access Resources Troubleshooting LAN Authentication Troubleshooting Remote.
Packet Analyzers, a Threat to Network Security. Agenda Introduction The background of packet analyzers LAN technologies & network protocols Communication.

Packet Analyzers, a Threat to Network Security. Agenda Introduction The background of packet analyzers LAN technologies & network protocols Communication.
Capture Packets using Wireshark. Introduction Wireshark – – Packet analysis software – Open source.

Capture Packets using Wireshark. Introduction Wireshark – – Packet analysis software – Open source.
Presented by Serge Kpan LTEC 4550.020 Network Systems Administration 1.

Presented by Serge Kpan LTEC Network Systems Administration 1.
Network Hosts Analyzer Hadas Shumovitch Elad Levi Tal Katz

Network Hosts Analyzer Hadas Shumovitch Elad Levi Tal Katz
Packet Capture Using Ethereal. Definition for Sniffer: A program and/or device that monitors data traveling over a network. Sniffers can be used both.

Packet Capture Using Ethereal. Definition for Sniffer: A program and/or device that monitors data traveling over a network. Sniffers can be used both.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
ITIS3100 By Fei Xu. Acknowledge This document is basically a digest from “Wireshark User's Guide 25114 for Wireshark 1.0.0” You can download the software.

ITIS3100 By Fei Xu. Acknowledge This document is basically a digest from “Wireshark User's Guide for Wireshark 1.0.0” You can download the software.
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
(part 3).  Switches, also known as switching hubs, have become an increasingly important part of our networking today, because when working with hubs,

(part 3).  Switches, also known as switching hubs, have become an increasingly important part of our networking today, because when working with hubs,
TCP/IP Tools Lesson 5. Objectives Skills/ConceptsObjective Domain Description Objective Domain Number Using basic TCP/IP commands Understanding TCP/IP3.6.

TCP/IP Tools Lesson 5. Objectives Skills/ConceptsObjective Domain Description Objective Domain Number Using basic TCP/IP commands Understanding TCP/IP3.6.
Introduction An introduction to the equipment and organization of the Internet Lab.

Introduction An introduction to the equipment and organization of the Internet Lab.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 Configuring Network Devices Working at a Small-to-Medium Business or ISP – Chapter.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 Configuring Network Devices Working at a Small-to-Medium Business or ISP – Chapter.
Introduction to Networking. Key Terms packet  envelope of data sent between computers server  provides services to the network client  requests actions.

Introduction to Networking. Key Terms packet  envelope of data sent between computers server  provides services to the network client  requests actions.
1 Lab 3 Transport Layer T.A. Youngjoo Han. 2 Transport Layer  Providing logical communication b/w application processes running on different hosts 

1 Lab 3 Transport Layer T.A. Youngjoo Han. 2 Transport Layer  Providing logical communication b/w application processes running on different hosts 

Similar presentations

Ads by Google