Presentation is loading. Please wait.

Presentation is loading. Please wait.

Wireshark LAN Monitoring HaganFox.net/NetSec Originally presented at

Published byEleanor Norris Modified over 6 years ago

Similar presentations

Presentation on theme: "Wireshark LAN Monitoring HaganFox.net/NetSec Originally presented at"— Presentation transcript:

1 Wireshark LAN Monitoring HaganFox.net/NetSec Originally presented at
DeVry HackFest (with subsequent updates and improvements)

2 Wireshark and USB Creator Vocabulary Words
OSI protocol stack * dmesg * dd * cat * partition table * master boot record * GPT * shared Ethernet * switched Ethernet * promiscuous mode * monitor mode * breakout tap * aggregating tap * hub * unmanaged switch * smart switch * managed switch * mirror port * frame * packet * SQ3R * --help * collision domain * half-duplex * full-duplex * block device * pseudo device * SPAN * Ephemeral port * Privileged port * broadcast * multicast * unicast * MAC Address * OUI * 3-Way Handshake * RST

3 IP Service Broadcast (one-to-all) Multicast (one-to-many)
Hubs could only broadcast. Related topic: Promiscuous Mode Multicast (one-to-many) Special type of broadcast Only the ports interested in receiving the traffic Unicast (one-to-one) Port-to-port Full Duplex → bi-directional

4 Hubs and Switches Hubs Switches All broadcast Half-duplex
Collision domain Switches Efficient Full-duplex

5 Switches Hide Packets You only see packets destined for
the port you are sniffing on.

6 Sometimes written as TAP, for
Taps Sometimes written as TAP, for Test Access Port

7 Taps Effective, but expensive Breakout vs Aggregating
Potential point of failure Passively probe* (*) Sometimes passive taps allow injection of TCP resets.

8 Switches Enterprise: e.g. Cisco SPAN Ports SMB: Mirrored Ports
(Switched Port Analyzer) SMB: Mirrored Ports

9 Types of Switches Unmanaged Low-end Smart Premium Smart Fully Managed
Not helpful for sniffing Low-end Smart Helpful, Insecure Premium Smart Some security Features Fully Managed Powerful, with security features

10 Bandwidth Limitations Aggregating taps and mirror ports
are two-into-one*. 2 (RX&TX) → 1 (only TX) Not a problem when your switch is Gigabit and your Internet connection Is 100 megabit. (*) or many-into-one for a monitoring port

11 Packets will reach... A Host Running Wireshark A Single Host
(Learn.) A Single Host (Scrutinize a device.) → LAN Ingress / Egress Traffic ← (Watch for suspicious traffic going in and out.) All LAN Ports (It's too much and not necessary.)

12 Monitoring a Single Device

13 Monitoring Ingress / Egress Traffic

14 A Wireshark-Monitored LAN

15

16 Q & A

17 Wireshark LAN Monitoring HaganFox.net/NetSec

Download ppt "Wireshark LAN Monitoring HaganFox.net/NetSec Originally presented at"

Similar presentations

3 LAN Design Basics Computernetze 1 (CN1) Prof. Dr. Andreas Steffen

3 LAN Design Basics Computernetze 1 (CN1) Prof. Dr. Andreas Steffen
1 © 2004, Cisco Systems, Inc. All rights reserved. Chapter 3 Ethernet Technologies/ Ethernet Switching/ TCP/IP Protocol Suite and IP Addressing.

1 © 2004, Cisco Systems, Inc. All rights reserved. Chapter 3 Ethernet Technologies/ Ethernet Switching/ TCP/IP Protocol Suite and IP Addressing.
Growing the Network © 2004 Cisco Systems, Inc. All rights reserved. Maximizing the Benefits of Switching INTRO v3.0—3-1.

Growing the Network © 2004 Cisco Systems, Inc. All rights reserved. Maximizing the Benefits of Switching INTRO v3.0—3-1.
1 Version 3 Module 8 Ethernet Switching. 2 Version 3 Ethernet Switching Ethernet is a shared media –One node can transmit data at a time More nodes increases.

1 Version 3 Module 8 Ethernet Switching. 2 Version 3 Ethernet Switching Ethernet is a shared media –One node can transmit data at a time More nodes increases.
13.1 Chapter 13 Wired LANs: Ethernet Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

13.1 Chapter 13 Wired LANs: Ethernet Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Ethernet Network Fundamentals – Chapter 9.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Ethernet Network Fundamentals – Chapter 9.
Ethernet Frame PreambleDestination Address Source Address Length/ Type LLC/ Data Frame Check Sequence.

Ethernet Frame PreambleDestination Address Source Address Length/ Type LLC/ Data Frame Check Sequence.
© 2002, Cisco Systems, Inc. All rights reserved..

© 2002, Cisco Systems, Inc. All rights reserved..
Hubs & Switches Ethernet Basics -10. There is only so much available bandwidth, in some instances it can be dynamic An overabundance of data on the network,

Hubs & Switches Ethernet Basics -10. There is only so much available bandwidth, in some instances it can be dynamic An overabundance of data on the network,
Networking Components

Networking Components
NETWORKING COMPONENTS La’Trena Barrett CECS 5460-020.

NETWORKING COMPONENTS La’Trena Barrett CECS
Instructor & Todd Lammle

Instructor & Todd Lammle
Introduction to IT and Communications Technology Justin Champion C208 – 3292 Ethernet Switching CE00378-1.

Introduction to IT and Communications Technology Justin Champion C208 – 3292 Ethernet Switching CE
1 CISCO NETWORKING ACADEMY PROGRAM (CNAP) SEMESTER 1/ MODULE 8 Ethernet Switching.

1 CISCO NETWORKING ACADEMY PROGRAM (CNAP) SEMESTER 1/ MODULE 8 Ethernet Switching.
Network Devices.

Network Devices.
1/28/2010 Network Plus Network Device Review. Physical Layer Devices Repeater –Repeats all signals or bits from one port to the other –Can be used extend.

1/28/2010 Network Plus Network Device Review. Physical Layer Devices Repeater –Repeats all signals or bits from one port to the other –Can be used extend.
VLAN V irtual L ocal A rea N etwork VLAN Network performance is a key factor in the productivity of an organization. One of the technologies used to.

VLAN V irtual L ocal A rea N etwork VLAN Network performance is a key factor in the productivity of an organization. One of the technologies used to.
Switches 1RD-CSY1017. 2  In this lecture, we will learn about  Collision Domain and Microsegmentation  Switches – a layer two device ◦ MAC address.

Switches 1RD-CSY  In this lecture, we will learn about  Collision Domain and Microsegmentation  Switches – a layer two device ◦ MAC address.
N ETWORKING C OMPONENTS A-3 LTEC 4550 by Joe Garcia.

N ETWORKING C OMPONENTS A-3 LTEC 4550 by Joe Garcia.
© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—2-1 Ethernet LANs Exploring the Packet Delivery Process.

© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—2-1 Ethernet LANs Exploring the Packet Delivery Process.

Similar presentations

Ads by Google