Presentation is loading. Please wait.

Presentation is loading. Please wait.

Watching and Manipulating Your Network Traffic. tcpdump - your binoculars $ sudo tcpdump tcpdump: verbose output suppressed, use -v or -vv for full protocol.

Published byEmerald Chandler Modified over 8 years ago

Similar presentations

Presentation on theme: "Watching and Manipulating Your Network Traffic. tcpdump - your binoculars $ sudo tcpdump tcpdump: verbose output suppressed, use -v or -vv for full protocol."— Presentation transcript:

1 Watching and Manipulating Your Network Traffic

2 tcpdump - your binoculars $ sudo tcpdump tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes 14:59:39.168508 IP a204-2-177-16.deploy.akamaitechnologies.com.www > josiah-desktop.local.34594:. 884145450:884146898(1448) ack 1384394675 win 6266 14:59:39.168526 IP josiah-desktop.local.34594 > a204-2-177-16.deploy.akamaitechnologies.com.www:. ack 1448 win 1267 14:59:39.170034 IP a204-2-177-16.deploy.akamaitechnologies.com.www > josiah-desktop.local.34594:. 1448:2896(1448) ack 1 win 6266 14:59:39.170052 IP josiah-desktop.local.34594 > a204-2-177-16.deploy.akamaitechnologies.com.www:. ack 2896 win 1313... 14:59:39.284334 IP ec2-174-129-15-1.compute-1.amazonaws.com.www > josiah-desktop.local.50615: P 3587518292:3587518498(206) ack 329762849 win 66 14:59:39.284367 IP josiah-desktop.local.50615 > ec2-174-129-15-1.compute-1.amazonaws.com.www:. ack 206 win 108 14:59:39.284374 IP ec2-174-129-15-1.compute-1.amazonaws.com.www > josiah-desktop.local.50615: F 206:206(0) ack 1 win 66 14:59:39.284580 IP josiah-desktop.local.50615 > ec2-174-129-15-1.compute-1.amazonaws.com.www: F 1:1(0) ack 207 win 108 $ sudo tcpdump tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes 14:59:39.168508 IP a204-2-177-16.deploy.akamaitechnologies.com.www > josiah-desktop.local.34594:. 884145450:884146898(1448) ack 1384394675 win 6266 14:59:39.168526 IP josiah-desktop.local.34594 > a204-2-177-16.deploy.akamaitechnologies.com.www:. ack 1448 win 1267 14:59:39.170034 IP a204-2-177-16.deploy.akamaitechnologies.com.www > josiah-desktop.local.34594:. 1448:2896(1448) ack 1 win 6266 14:59:39.170052 IP josiah-desktop.local.34594 > a204-2-177-16.deploy.akamaitechnologies.com.www:. ack 2896 win 1313... 14:59:39.284334 IP ec2-174-129-15-1.compute-1.amazonaws.com.www > josiah-desktop.local.50615: P 3587518292:3587518498(206) ack 329762849 win 66 14:59:39.284367 IP josiah-desktop.local.50615 > ec2-174-129-15-1.compute-1.amazonaws.com.www:. ack 206 win 108 14:59:39.284374 IP ec2-174-129-15-1.compute-1.amazonaws.com.www > josiah-desktop.local.50615: F 206:206(0) ack 1 win 66 14:59:39.284580 IP josiah-desktop.local.50615 > ec2-174-129-15-1.compute-1.amazonaws.com.www: F 1:1(0) ack 207 win 108

3 A packet as seen by tcpdump 14:59:39.284374 IP ec2-174-129-15-1.compute-1.amazonaws.com.www > josiah-desktop.local.50615:F 206:206(0) ack 1 win 66 19:56:05.497478 arp who-has 192.168.1.16 tell 192.168.1.1 19:57:33.302510 IP 192.168.1.42.53708 > 192.168.1.24.snmp: GetRequest(38) E:hp.2.3.9.4.2.1.4.1.5.2.39.0 19:58:30.954951 IP 192.168.1.25.54733 > resolver1.opendns.com.domain: 23503+ PTR? 24.1.168.192.in-addr.arpa. (43) 19:58:30.990415 IP resolver1.opendns.com.domain > 192.168.1.25.54733: 23503 NXDomain 0/0/0 (43) 20:01:50.159642 IP 192.168.1.25.ntp > time7.apple.com.ntp: NTPv4, Client, length 48 20:09:37.686346 IP 192.168.1.25.63770 > 192.168.1.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST

4 tcpdump examples tcpdump tcpdump -i eth1 tcpdump -c 25 > dump_to_file tcpdump host adam and not src eve tcpdump -n host adam or eve and port 80 and vlan 1 tcpdump -F filename host adam

5 If all else fails, pipe it to grep $ tcpdump | grep www

6 iproute2 - your swiss army knife Replaces ifconfig, route, iptunnel and others Sudo apt-get install iproute Setup nics and virtual nics Configure routing tables Setup multiple routing tables Set rules that restrict traffic flow Set rules that enable traffic flow Setup simple point-to-point tunnels Configure ARP table

7 Iproute – managing interfaces ip addr add 10.10.20.254/24 dev eth0 ip addr add 10.20.0.254/24 label eth0:1 dev eth0 ip address del

8 iproute - Routes ip route add default dev eth1 via 66.77.88.99 ip route add 10.0.0.0/24 dev eth1:1 ip route delete (ip r d) ip route change (ip r c) ip route show (ip r s)

9 iproute - the routing table $ ip route sh table main 10.0.0.0 dev eth0 scope link 10.11.12.0/24 dev eth0 proto kernel scope link src 10.11.12.13 192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.159 metric 1 169.254.0.0/16 dev eth0 scope link metric 1000 default via 192.168.1.254 dev eth0

10 iproute Rules! ip rule add from unknown type unreachable priority 3000 ip rule add from enemy type blackhole priority 3001 ip rule add fwmark 1 table hide-the-good-stuff \ priority 3002 ip rule add from 10.10.20.0/24 to 192.168.0.0/24 \ type unreachable priority 3003

11 iproute - Tunnels ip addr add 10.0.0.1/30 label eth1:1 dev eth1 ip tunnel add my_tunnel mode ipip local 10.0.0.1 / remote 66.77.88.1 ttl 64 dev eth1 ip address add dev my_tunnel 10.0.0.1 peer 10.0.0.2/32

12 iproute - neighbours $ ip neigh sh 192.168.1.5 dev eth0 FAILED 192.168.1.4 dev eth0 lladdr 00:1e:c9:dd:d8:b8 REACHABLE 192.168.1.254 dev eth0 lladdr 00:50:da:21:8c:11 REACHABLE 192.168.1.3 dev eth0 FAILED 192.168.1.2 dev eth0 lladdr 00:11:2f:11:08:3e STALE

13 Thank You! http://josiahritchie.com/cposc09 Josiah Ritchie josiah@fim.org http://josiahritchie.com @josiahritchie facebook.com/josiah.ritchie

Download ppt "Watching and Manipulating Your Network Traffic. tcpdump - your binoculars $ sudo tcpdump tcpdump: verbose output suppressed, use -v or -vv for full protocol."

Similar presentations

Router Implementation Project-2

Router Implementation Project-2
IP Forwarding Relates to Lab 3.

IP Forwarding Relates to Lab 3.
Chapter 5 Link Layer Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 A note on the use of these.

Chapter 5 Link Layer Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 A note on the use of these.
OpenFlow overview Joint Techs Baton Rouge. Classic Ethernet Originally a true broadcast medium Each end-system network interface card (NIC) received every.

OpenFlow overview Joint Techs Baton Rouge. Classic Ethernet Originally a true broadcast medium Each end-system network interface card (NIC) received every.
Chapter 5 Link Layer Computer Networking: A Top Down Approach 6th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 A note on the use of these.

Chapter 5 Link Layer Computer Networking: A Top Down Approach 6th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 A note on the use of these.
8-1 Last time □ Network layer ♦ Introduction forwarding vs. routing ♦ Virtual circuit vs. datagram details connection setup, teardown VC# switching forwarding.

8-1 Last time □ Network layer ♦ Introduction forwarding vs. routing ♦ Virtual circuit vs. datagram details connection setup, teardown VC# switching forwarding.
Network Management And Debugging

Network Management And Debugging
1 IP Forwarding Relates to Lab 3. Covers the principles of end-to-end datagram delivery in IP networks.

1 IP Forwarding Relates to Lab 3. Covers the principles of end-to-end datagram delivery in IP networks.
What’s New in Fireware XTM v11.5.3. Changes in Fireware XTM v11.5.3  Routing table changes  Feature key global expiration for some XTMv keys  IP address.

What’s New in Fireware XTM v Changes in Fireware XTM v  Routing table changes  Feature key global expiration for some XTMv keys  IP address.
CIS 193A – Lesson12 Monitoring Tools. CIS 193A – Lesson12 Focus Question What are the common ways of specifying network packets used in tcpdump, wireshark,

CIS 193A – Lesson12 Monitoring Tools. CIS 193A – Lesson12 Focus Question What are the common ways of specifying network packets used in tcpdump, wireshark,
Linux Networking Commands

Linux Networking Commands
System Administration Network Tools. ping Test connectivity / latency (RTT) ICMP echo request/reply Variants ◦ARP ping  Send ARP instead  May also ping.

System Administration Network Tools. ping Test connectivity / latency (RTT) ICMP echo request/reply Variants ◦ARP ping  Send ARP instead  May also ping.
Training Ethernet and IP Basics Overview OSI Layer Model Ethernet IP ARP IP Routing Higher Layer Protocols VRRP ATM Vision Network Setup Practice.

Training Ethernet and IP Basics Overview OSI Layer Model Ethernet IP ARP IP Routing Higher Layer Protocols VRRP ATM Vision Network Setup Practice.
SUSE Linux Enterprise Server Administration (Course 3037) Chapter 7 Connect the SUSE Linux Enterprise Server to the Network.

SUSE Linux Enterprise Server Administration (Course 3037) Chapter 7 Connect the SUSE Linux Enterprise Server to the Network.
Network Redundancy Multiple paths may exist between systems. Redundancy is not a requirement of a packet switching network. Redundancy was part of the.

Network Redundancy Multiple paths may exist between systems. Redundancy is not a requirement of a packet switching network. Redundancy was part of the.
Chapter 5 Link Layer and LANs

Chapter 5 Link Layer and LANs
Network Layer – Subnetting and Control Protocols Dr. Sanjay P. Ahuja, Ph.D. Fidelity National Financial Distinguished Professor of CIS School of Computing,

Network Layer – Subnetting and Control Protocols Dr. Sanjay P. Ahuja, Ph.D. Fidelity National Financial Distinguished Professor of CIS School of Computing,
1 ECE453 – Introduction to Computer Networks Lecture 12 – Network Layer (IV)

1 ECE453 – Introduction to Computer Networks Lecture 12 – Network Layer (IV)
DHCP Dynamic Host Configuration Protocol. 2003-2004 - Information management 2 Groep T Leuven – Information department 2/18 Agenda Introduction BOOTP.

DHCP Dynamic Host Configuration Protocol Information management 2 Groep T Leuven – Information department 2/18 Agenda Introduction BOOTP.
IPv6 Transitioning Ram P Rustagi, ISE Dept, PESIT Mar 09-10, 2013.

IPv6 Transitioning Ram P Rustagi, ISE Dept, PESIT Mar 09-10, 2013.

Similar presentations

Ads by Google