Presentation is loading. Please wait.

Presentation is loading. Please wait.

Wireshark Lab#3.

Published byHilary Houston Modified over 6 years ago

Similar presentations

Presentation on theme: "Wireshark Lab#3."— Presentation transcript:

1 Wireshark Lab#3

2 Computer Network Monitoring
Port Scanning Keystroke Monitoring Packet sniffers takes advantage of “friendly” nature of net. Grabs packets not destined for system used by hackers sysadmins Law enforcement agencies

3 Wireshark Wireshark is a powerful protocol analyzer (and sniffer) that can be used by network professionals to troubleshoot and analyze network traffic under great scrutiny. Since the information revealed by Wireshark can be used to either attack or defend a network, administrators should learn how to use it so that they are aware of what potential attackers can see Wireshark is a utility that will help you to look at how various protocols work.

4 Scanning Your Own Network
Will provide you with “hackers view” into your network Will illustrate the most visible vulnerabilities Scan from both “internal” and “external” vantage points

5 Protocols Internet Control Message Protocol (ICMP) is a transport protocol used between different devices on a network to help the network know a bit more about what is happening and why it might be happening. User Datagram Protocol (UDP) : is a connectionless transport protocol used to send small amounts of data, typically where the order of transmission does not matter or where the timeliness of the traffic is more important than the completeness of the traffic (for example, audio). Transmission Control Protocol (TCP) is a connection-oriented protocol between two or more computers. a reliable connection must be established before data is transmitted. The process of two devices establishing this connection with TCP is called the three-way handshake.

6 Tcp three-way handshake

7 TCP packet 4 8 16 32 Source Port Destination Port Sequence Number
Source Port Destination Port Sequence Number Acknowledgement Number Data offset Unused U A P R S F R C S S Y I G K H T NN Window Checksum Urgent Pointer Options Padding Data

8 IP Packet 4 8 16 19 32 Version Length Type of Srvc Total Length
Version Length Type of Srvc Total Length Identification Flags Fragment Offset Time to live Protocol Header Checksum Source Address Destination Address Version: format of header (usually ‘4) Length: header-only length Type of Service: quality of service desired, e.g. high or low delay, normal or high reliability, normal or high throughput… Identification: uniquely identifies this packet so that it can be distinguished from other packets Flags: whether this packet is fragmented and whether this is last fragment Fragment Offset: offset from the start of the original packet, used to rebuild the full message once all fragments received Time to live: how long the datagram will be stored on the network before it is destroyed. Protocol: specifies next level of protocol used in the data portion of the datagram e.g. 1 = Internet Control Message = Internet Group Management 6 = Transmission Control Header Checksum: used to provide error checking on the header itself. Source Address: IP address of the source host on the internet Destination Address: IP address of the destination host on the internet. Options Data

9 Wireshark’s main screen is separated into three sections:
Packet list Tree view section Data view section You will see two packets that have a protocol of ARP. The first is a broadcast and the second is a reply.

10 not icmp.resp_in and icmp.type==8
ll icmp requests where wireshark doesn't have the according response inside the capture file ip.addr ==x.x.x.x Sets a filter for any packet with x.x.x.x, as either the source or destination IP address.  ip.addr ==x.x.x.x && ip.addr ==x.x.x.x Sets a conversation filter between the two IP addresses. Tcp,htto,dns, Sets a filter based on protocol.  tcp.port==xxx Sets filters based on TCP port numbers. http.request Sets a filter for all HTTP GET and POST requests. This will show webpages being accessed for the most part here. tcp contains xxx Set a filter based on a string you provide and searches TCP packets for that string. If you were looking for a specific item or user name you knew was appearing in the packet, this is a filter you could use. !(arp or icmp or dns) his filter format is designed to filter out certain types of protocols you might not want. In my example, we have ARP, ICMP, and DNS—all of which are broadcasts—to hide. This lets our eyes work on other things. d/ChWorkBuildDisplayFilterSection.html

11

12 Lab Exercises

13

14 Wireshark Color Coding
You’ll probably see packets highlighted in green, blue, and black. Wireshark uses colors to help you identify the types of traffic at a glance. By default, green is TCP traffic, dark blue is DNS traffic, light blue is UDP traffic, and black identifies TCP packets with problems — for example, they could have been delivered out-of-order.

Download ppt "Wireshark Lab#3."

Similar presentations

TCP/IP Christopher Zacky. lolwut Decimal Numbers.

TCP/IP Christopher Zacky. lolwut Decimal Numbers.
Umut Girit 200535027.  One of the core members of the Internet Protocol Suite, the set of network protocols used for the Internet. With UDP, computer.

Umut Girit  One of the core members of the Internet Protocol Suite, the set of network protocols used for the Internet. With UDP, computer.
1 Topic 2 – Lesson 4 Packet Filtering Part I. 2 Basic Questions What is packet filtering? What is packet filtering? What elements are inside an IP header?

1 Topic 2 – Lesson 4 Packet Filtering Part I. 2 Basic Questions What is packet filtering? What is packet filtering? What elements are inside an IP header?
CISCO NETWORKING ACADEMY Chabot College ELEC 99.05 Transport Layer (4)

CISCO NETWORKING ACADEMY Chabot College ELEC Transport Layer (4)
Intermediate TCP/IP TCP Operation.

Intermediate TCP/IP TCP Operation.
CSE551: Computer Network Review r Network Layers r TCP/UDP r IP.

CSE551: Computer Network Review r Network Layers r TCP/UDP r IP.
Instructor: Sam Nanavaty TCP/IP protocol. Instructor: Sam Nanavaty Version – Allows for the evolution of the protocol IHL (Internet header length) – Length.

Instructor: Sam Nanavaty TCP/IP protocol. Instructor: Sam Nanavaty Version – Allows for the evolution of the protocol IHL (Internet header length) – Length.
Chapter 7 – Transport Layer Protocols

Chapter 7 – Transport Layer Protocols
Module A.  This is a module that some teachers will cover while others will not  This module is a refresher on networking concepts, which are important.

Module A.  This is a module that some teachers will cover while others will not  This module is a refresher on networking concepts, which are important.
1 Application TCPUDP IPICMPARPRARP Physical network Application TCP/IP Protocol Suite.

1 Application TCPUDP IPICMPARPRARP Physical network Application TCP/IP Protocol Suite.
Source Port # (16)Destination Port # (16) Sequence Number (32 bits) Acknowledgement Number (32 bits) Hdr Len (4) Flags (6)Window Size (16) Options (if.

Source Port # (16)Destination Port # (16) Sequence Number (32 bits) Acknowledgement Number (32 bits) Hdr Len (4) Flags (6)Window Size (16) Options (if.
Securing TCP/IP Chapter 6. Introduction to Transmission Control Protocol/Internet Protocol (TCP/IP) TCP/IP comprises a suite of four protocols The protocols.

Securing TCP/IP Chapter 6. Introduction to Transmission Control Protocol/Internet Protocol (TCP/IP) TCP/IP comprises a suite of four protocols The protocols.
Gursharan Singh Tatla Transport Layer 16-May-2011 1

Gursharan Singh Tatla Transport Layer 16-May
CS 356 Systems Security Spring 2015 Dr. Indrajit Ray

CS 356 Systems Security Spring Dr. Indrajit Ray
Packet Analysis with Wireshark

Packet Analysis with Wireshark
Network Protocols.

Network Protocols.
COMT 429 The Internet Protocols COMT 429. History 1969First version of a 4 node store and forward network, the ARPAnet 1972Formal demonstration of ARPAnet.

COMT 429 The Internet Protocols COMT 429. History 1969First version of a 4 node store and forward network, the ARPAnet 1972Formal demonstration of ARPAnet.
Introduction to Networks CS587x Lecture 1 Department of Computer Science Iowa State University.

Introduction to Networks CS587x Lecture 1 Department of Computer Science Iowa State University.
Chap 9 TCP/IP Andres, Wen-Yuan Liao Department of Computer Science and Engineering De Lin Institute of Technology

Chap 9 TCP/IP Andres, Wen-Yuan Liao Department of Computer Science and Engineering De Lin Institute of Technology
1 LAN Protocols (Week 3, Wednesday 9/10/2003) © Abdou Illia, Fall 2003.

1 LAN Protocols (Week 3, Wednesday 9/10/2003) © Abdou Illia, Fall 2003.

Similar presentations

Ads by Google