Presentation is loading. Please wait.

Presentation is loading. Please wait.

Network Administration Homework1 Perl Programming Exercises

Published byGinger Reeves Modified over 6 years ago

Similar presentations

Presentation on theme: "Network Administration Homework1 Perl Programming Exercises"— Presentation transcript:

1 Network Administration Homework1 Perl Programming Exercises

2 Analysis Ethereal Output (1)
A tool that can be used to analysis network traffic passed through your network interface

3 Analysis Ethereal Output (2)
Network Monitoring Turn on the “promiscuous mode” of your NIC Normal mode NIC will collect those packets that destined to your computer That is, destination IP = My IP / Broadcast IP Otherwise, NIC will drop it. Promiscuous mode NIC will collect “all” packets Turning on the promiscuous mode needs Root privilege Tools that can do this: tcpdump, ssldump, Ethereal

4 Analysis Ethereal Output (3)
To install ethereal, you can use this URL: Download and execute it To begin monitoring your network, you can: Ctrl + K Choose your interface Specify filter Man tcpdump Ex: Host dst port 22 Check Update list of packets in real time Start capture

5 Analysis Ethereal Output (4)
After you have captured packets Spend some time to investigate the content of each packet Frame header IP header TCP/UDP header Application data

6 Analysis Ethereal Output (5)
Purpose of this first exercise: Learn how to use ethereal Learn how to use ethereal to inspect TCP/IP that we have taught Learn how to use Perl built-in function “pack” and “unpack” Learn how to use Perl Curses::UI CPAN Works you have to do in this exercise Install and user ethereal Install /usr/ports/devel/p5-Curses-UI Spend some time to investigate packets content that you have captured How TCP/IP headers looks like Write a Perl script that satisfies those requirements in next slide

7 Analysis Ethereal Output (6)
Requirements of the first exercise Input: One Ethereal output Output: One curses window that lists packets found in Ethereal-output file Each line represents one packet Each line should have the following fields SrcMac: Source MAC of that packet DstMac: destination MAC of that packet SrcIP: Source IP of that packet DstIP: destination IP of that packet SrcPort: source port of that packet DstPort: destination port of that packet Timestamp: the “captured” timestamp add by ethereal List 10 lines at most in one window Use “Curses:UI:ButtonBox” to list remain 10s’ packets Like: Provide “sort-by” functionality Sorting by the above 7 fields

8 Supplement Information

9 Ethereal Output Format
One single Ethereal output file 24bytes-Ethereal-Header Packets-with 16 bytes added information 4bytes time stamp (captured) 4bytes length of packet 4bytes actual packet length 4bytes timestamp (micro-) 4bytes Magic (0xa1b2c3d4) 2bytes major version number 2bytes minor version number 4bytes time zone offset 4bytes time stamp accuracy 4bytes snapshot length 4bytes Link-Layer Type (1) 4bytes time stamp (captured) 4bytes length of packet 4bytes actual packet length 4bytes timestamp (micro-) Ethereal Dump Header (24bytes) 4bytes time stamp (captured) 4bytes length of packet 4bytes actual packet length 4bytes timestamp (micro-)

10 CPAN (1) CPAN Search what you may like Install in your BSD
Comprehensive Perl Archive Network Collection of Perl software modules that are developed and upload by Perl enthusiasts Search what you may like Install in your BSD /usr/ports/devel/p5-* # /usr/ports/devel/p5-Curses-UI

11 CPAN (2) #!/usr/bin/perl use strict; use Curses::UI;
my $cui = new Curses::UI; $cui->dialog("Hello, world\n");

12 CPAN (3) use strict; use Curses::UI;
my $cui = new Curses::UI(-color_support => 1); my $mainWin = $cui->add( undef, 'Window', -border => 1, -padtop => 1, -padright => 2, -padbottom => 1, -padleft => 1, -titlereverse => 0, -title => 'My Main Window' ); my $settingViewer = $mainWin->add( undef, 'TextViewer', -padright => 1, -padbottom => 10, -focusable => 0, -x => 1, -y => 1, -text => ‘這樣呢?' $cui->dialog(‘test’);

13 CPAN (4) … sub sayhello $mainWin->add( { undef, 'Buttonbox',
-buttons => [ { -label => "sayhello", -shortcut => 1, -onpress => \&sayhello }, -label => "saybye", -shortcut => 2, -onpress => \&saybye } ] ); sub sayhello { $cui->dialog('Hello'); } sub saybye my $choice = $cui->dialog( -message => 'Are you going to leave?', -buttons => ['yes','no'] ); exit(0) if $choice; $cui->mainloop();

14 CPAN (5)

15 pack and unpack (1) Usage Ex: pack TEMPLATE, LIST
Takes a LIST of values and Converts it into a string using the rules Ex: $foo = pack("CCCC", 65, 66, 67, 68); // $foo = “ABCD” $foo = pack("C4", 65, 66, 67, 68); // $foo = “ABCD” ($a, $b, $c, $d) = unpack(“CCCC”, $foo); // $a = 66 C means unsigned char value (c means signed) 4 means repeat 4 times

16 pack and unpack (2) open (FD, "ethereal_example") || die "Can't open file:$!"; binmode(FD); read(FD, $buffer, 24); while( read(FD, $buffer, 12) != 0){ read(FD, $buffer, 4); $length = unpack("l", $buffer); read(FD, $buffer, 6); $dstMAC = unpack("H*", $buffer); $srcMAC = unpack("H*", $buffer); printf("length is $length\n"); printf("dstMAC is $dstMAC, srcMAC is $srcMAC\n"); read(FD, $buffer, $length - 12); } close(FD); length is 74 dstMAC is 00d0b7177b07, srcMAC is 000fea86ddd0 dstMAC is 000fea86ddd0, srcMAC is 00d0b7177b07 length is 82 length is 202

Download ppt "Network Administration Homework1 Perl Programming Exercises"

Similar presentations

MS-Access XP Lesson 1. Introduction to MS-Access Database Management System Software (DBMS) Store data in databases Database is a collection of table.

MS-Access XP Lesson 1. Introduction to MS-Access Database Management System Software (DBMS) Store data in databases Database is a collection of table.
Tactics to Discover “Passive” Monitoring Devices

Tactics to Discover “Passive” Monitoring Devices
Snort & ACID. UTSA IS 6973 Computer Forensics SNORT.

Snort & ACID. UTSA IS 6973 Computer Forensics SNORT.
TCPDUMP Network-Based Intrusion Detection. Description  Packet sniffing is the heart of intrusion detection and of understanding what is actually occurring.

TCPDUMP Network-Based Intrusion Detection. Description  Packet sniffing is the heart of intrusion detection and of understanding what is actually occurring.
1 Fall 2005 Hardware Addressing and Frame Identification Qutaibah Malluhi CSE Department Qatar University.

1 Fall 2005 Hardware Addressing and Frame Identification Qutaibah Malluhi CSE Department Qatar University.
CCNA 1 v3.1 Module 8 Review.

CCNA 1 v3.1 Module 8 Review.
Honeynet/Honeypot Project - Leslie Cherian - Todd Deshane - Patty Jablonski - Creighton Long May 2, 2006.

Honeynet/Honeypot Project - Leslie Cherian - Todd Deshane - Patty Jablonski - Creighton Long May 2, 2006.
TRANSPORT and NETWORK LAYERS - Part 1 Dr. V.T. Raja Oregon State University.

TRANSPORT and NETWORK LAYERS - Part 1 Dr. V.T. Raja Oregon State University.
Packet Capture & Analyze

Packet Capture & Analyze
1. ---------------------- Integrity Check ---------------------- As You Well Know, It Is A Violation Of Academic Integrity To Fake The Results On Any.

Integrity Check As You Well Know, It Is A Violation Of Academic Integrity To Fake The Results On Any.
Connecting LANs, Backbone Networks, and Virtual LANs

Connecting LANs, Backbone Networks, and Virtual LANs
1 ADVANCED MICROSOFT WORD Lesson 15 – Creating Forms and Working with Web Documents Microsoft Office 2003: Advanced.

1 ADVANCED MICROSOFT WORD Lesson 15 – Creating Forms and Working with Web Documents Microsoft Office 2003: Advanced.
1 Lab 3 Transport Layer T.A. Youngjoo Han. 2 Transport Layer  Providing logical communication b/w application processes running on different hosts 

1 Lab 3 Transport Layer T.A. Youngjoo Han. 2 Transport Layer  Providing logical communication b/w application processes running on different hosts 
1 Ethereal.  Freeware sniffing tool.  Captures live network traffic.  The user interface separates it from other sniffers.

1 Ethereal.  Freeware sniffing tool.  Captures live network traffic.  The user interface separates it from other sniffers.
University of Calgary – CPSC 441.  Wireshark (originally named Ethereal)is a free and open-source packet analyzer.  It is used for network troubleshooting,

University of Calgary – CPSC 441.  Wireshark (originally named Ethereal)is a free and open-source packet analyzer.  It is used for network troubleshooting,
More on the IP Internet Protocol. Internet Layer Process Transport layer process passes EACH TCP segment to the internet layer process for delivery Transport.

More on the IP Internet Protocol. Internet Layer Process Transport layer process passes EACH TCP segment to the internet layer process for delivery Transport.
Software Quality Assurance 2/20 WELCOME Graphic User Interface Testing.

Software Quality Assurance 2/20 WELCOME Graphic User Interface Testing.
CPSC 441 Tutorial TA: Fang Wang The content of these slides are taken from CPSC 526 TUTORIAL by Nashd Safa (Extended and partially modified)

CPSC 441 Tutorial TA: Fang Wang The content of these slides are taken from CPSC 526 TUTORIAL by Nashd Safa (Extended and partially modified)
COEN 252 Computer Forensics

COEN 252 Computer Forensics
Lecture 2 TCP/IP Protocol Suite Reference: TCP/IP Protocol Suite, 4 th Edition (chapter 2) 1.

Lecture 2 TCP/IP Protocol Suite Reference: TCP/IP Protocol Suite, 4 th Edition (chapter 2) 1.

Similar presentations

Ads by Google