Presentation is loading. Please wait.

Presentation is loading. Please wait.

Introduction to Packet Sniffing using Ethereal

Published byGary Dalton Modified over 5 years ago

Similar presentations

Presentation on theme: "Introduction to Packet Sniffing using Ethereal"— Presentation transcript:

1 Introduction to Packet Sniffing using Ethereal 0.10.9
Rob Bergin Network Engineer The Timberland Company

2 Non-Technical Currently Data just travels around your network like a train. With a packet sniffer, get the ability to capture the data and look inside the packets to see what is actually moving long the tracks.

3 Technical

4 Ethereal (and WinPcap)
Ethereal – Application for Sniffing Packets WinPcap – open source library for packet capture Operating System – Windows & Unix/Linux NPF device driver Network Driver (WinPcap runs as a protocol driver like TCP.SYS) Network Card Drivers

5 WinPcap Architecture WinPcap is an open source library for packet capture and network analysis for the Win32 platforms. It includes a kernel-level packet filter, a low-level dynamic link library (packet.dll), and a high-level and system-independent library (wpcap.dll, based on libpcap version 0.6.2). The packet filter is a device driver that adds to Windows 95, 98, ME,  NT, 2000, XP and 2003 the ability to capture and send raw data from a network card, with the possibility to filter and store in a buffer the captured packets.  Packet.dll is an API that can be used to directly access the functions of the packet driver, offering a programming interface independent from the Microsoft OS. Wpcap.dll exports a set of high level capture primitives that are compatible with libpcap, the well known Unix capture library. These functions allow to capture packets in a way independent from the underlying network hardware and operating system. WinPcap is released under a BSD-style license. Frame 1

6 Ethereal Application Requires WinPcap for Captures
Can run standalone to examine captures

7 A Capture Let’s define a capture as a period of time that Ethereal captured data frames. Frames can be assembled to examine application traffic Frame 1 Frame 2 Frame 3 Frame 4 Frame 5 Frame 6

8 Recap Packet Sniffing Ethereal Data Frame Architecture WinPcap
Network Capture

9 Basic TCP/IP Stuff

10 Interoperable TCP/IP TCP/IP is Transmission Control Protocol/Internet Protocol) is a suite of network protocols. TCP and IP are two separate protocols TCP handles the data (HTTP vs. FTP vs. Telnet) IP handles the data transmission (i.e. between routers). TCP/IP protocols were designed to allow different applications running on dissimilar operating systems to communicate across a network.

11 Watch your Headers TCP / UDP Ports not Addresses Layer 4 not 3
FTP uses 20 and 21 IP Addresses not Ports Layer 3 not 4 (octet)

12 TCP TCP is connection-oriented transport layer protocol designed to provide a reliable connection for data exchange between two systems. TCP ensures that all packets are properly sequenced and acknowledged and that a connection is established before data is sent. TCP provides it reliability through the use of an acknowledgement or ACK.

13 TCP If a receiving system had to send an ACK for every packet, the result would be an incredible amount of overhead for the network. To reduce the overhead, a mechanism called windowing is used. Windowing is a method of flow control.

14 TCP The receiving system advertises a certain number of packets that it can receive at a time (input buffer size.) The sending system watches for an ACK after the designated number of packets is sent. If an ACK is not received, data will be retransmitted from the point of the last ACK.

15 UDP UDP (User Datagram Protocol) provides an unreliable, connectionless protocol to deliver packets. This protocol allows messages, called datagrams, to be sent without the overhead of ACKs, established connections, and sequencing. Applications that use UDP as their communications mechanism include NFS (2049), TFTP (79), DNS (53) and Unreal Tournament (7777).

16 IPv4 IP (Internet Protocol) is used to handle datagram services between hosts. IP handles the addressing, routing, and reassembly IP addresses are 32 bits long, are organized into 4 octets (8 bits) separated by periods IPv4 address examples: IPv6 is a next generation form of addressing.

17 IPv6 IP (Internet Protocol) is used to handle datagram services between hosts. IP handles the addressing, routing, and reassembly IP addresses are 32 bits long, are organized into 4 octets (8 bits) separated by periods IPv4 address examples: IPv6 is a next generation form of addressing.

18 What will IPv6 look like? IPv6 Addresses:
CDFE:910A:2356:5709:8475:1024:3911:2021 2080:0000:0000:0000:0090:7AEB:1000:123A Combo IPv4 and IPv6 1800:0000:0000:7AEF:0000:0000: Compacted IPv6 Address: 2080:0:0:0:90:7AEB:1000:123A Legal compaction 2080::90:7AEB:1000:123A Legal compaction 1800::7AEF:0:0:1072: Legal compaction

19 IPv4 vs. IPv6 IPv4 RFC came out in 1981. IPv6 RFC came out in 1998.
Mobile Subscribers PCs Connected to Web Mobile Internet Users Sources: ABN AMRO/IDC/Ovum

20 Recap TCP vs. IP Headers TCP UDP IP IPv4 vs. IPv6

21 Ethereal Overview

22 View of Ethereal Packet List Packet Details Packet Bytes

23 Packet List Packet Order Time Order Destination IP Information
Source IP Protocol

24 Packet Details Source and Destination TCP Ports
Source and Destination IP Breakdown of the Frame, the Packet, the TCP portion

25 Packet Bytes View of the data – Hexidecimal and Raw Data

26 Ethereal Capture

27 Running Ethereal

28 Ethereal Analysis

29 Logging on to FTP Server

30 What Ethereal saw

31 What Ethereal saw

32 What Ethereal saw

33 What Ethereal saw

34 What Ethereal saw

35 Ethereal Filtering.

36 Filtering!!!!

37 Saving Captures Captured Views Range of Packets All Packets
Naming is critical: Was it the client? Was it the Server?

38 After Filter/Save/Open

39 Time Column & Delta

40 FTP Only Filter

41 Ethereal Packet Analysis

42 What Username?

43 Is Password Required?

44 What Password?

45 Why can’t I log in?

46 Follow the Stream

47 Advanced Filtering Filter for just that stream
(ip.addr eq and ip.addr eq ) and (tcp.port eq 21 and tcp.port eq 3511) Filter for traffic between two hosts ip.addr == and ip.addr == Filter for IP Traffic and removal of other traffic ip and !(nbns) and !(msnms) and !(browser) and !(rip)

48 Summary Info

49 Ethereal: Encryption

50 HTTP

51 HTTPS

52 HTTP vs. HTTPS

53 HTTP vs. HTTPS

54 HTTP vs. HTTPS

55 TCP Stream vs. HTML Source

56 Ethereal: Miscellaneous

57 Protocol Hierarchy

58 I/O Graphing

59 HTTP Breakdown

60 Coloring Packets

61 Commercial Sniffers Sniffer Pro OmniPeek Observer IT Guru and ACE

62

63 Final Words “If you can’t measure it, you can’t manage it”
- Peter Drucker

Download ppt "Introduction to Packet Sniffing using Ethereal"

Similar presentations

TCP/IP MODEL Maninder Kaur www.eazynotes.com.

TCP/IP MODEL Maninder Kaur
CCNA – Network Fundamentals

CCNA – Network Fundamentals
Lecture 7 Transport Layer

Lecture 7 Transport Layer
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 1 v3.0 Module 11 TCP/IP Transport and Application Layers.

1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 1 v3.0 Module 11 TCP/IP Transport and Application Layers.
Gursharan Singh Tatla Transport Layer 16-May-2011 1

Gursharan Singh Tatla Transport Layer 16-May
NETWORKING CONCEPTS. TCP/IP The TCPIIP protocol suite was developed prior to the OSI model TCP/IP protocol suite was defined as having four layers: Host-to-network,

NETWORKING CONCEPTS. TCP/IP The TCPIIP protocol suite was developed prior to the OSI model TCP/IP protocol suite was defined as having four layers: Host-to-network,
Process-to-Process Delivery:

Process-to-Process Delivery:
Hands-On Microsoft Windows Server 2003 Networking Chapter Three TCP/IP Architecture.

Hands-On Microsoft Windows Server 2003 Networking Chapter Three TCP/IP Architecture.
Chapter 17 Networking Dave Bremer Otago Polytechnic, N.Z. ©2008, Prentice Hall Operating Systems: Internals and Design Principles, 6/E William Stallings.

Chapter 17 Networking Dave Bremer Otago Polytechnic, N.Z. ©2008, Prentice Hall Operating Systems: Internals and Design Principles, 6/E William Stallings.
SEED Infotech Pvt. Ltd. 1 Networking in Java. SEED Infotech Pvt. Ltd. 2 Objectives of This Session Describe issues related to any type of network using.

SEED Infotech Pvt. Ltd. 1 Networking in Java. SEED Infotech Pvt. Ltd. 2 Objectives of This Session Describe issues related to any type of network using.
Www.ciscopress.com Copyright 2003 CCNA 1 Chapter 9 TCP/IP Transport and Application Layers By Your Name.

Copyright 2003 CCNA 1 Chapter 9 TCP/IP Transport and Application Layers By Your Name.
Jaringan Komputer Dasar OSI Transport Layer Aurelio Rahmadian.

Jaringan Komputer Dasar OSI Transport Layer Aurelio Rahmadian.
1 7-Oct-15 OSI transport layer CCNA Exploration Semester 1 Chapter 4.

1 7-Oct-15 OSI transport layer CCNA Exploration Semester 1 Chapter 4.
1 Version 3.0 Module 11 TCP Application and Transport.

1 Version 3.0 Module 11 TCP Application and Transport.
Chap 9 TCP/IP Andres, Wen-Yuan Liao Department of Computer Science and Engineering De Lin Institute of Technology

Chap 9 TCP/IP Andres, Wen-Yuan Liao Department of Computer Science and Engineering De Lin Institute of Technology
TCP : Transmission Control Protocol Computer Network System Sirak Kaewjamnong.

TCP : Transmission Control Protocol Computer Network System Sirak Kaewjamnong.
TCP/IP Transport and Application (Topic 6)

TCP/IP Transport and Application (Topic 6)
CCNA 1 v3.0 Module 11 TCP/IP Transport and Application Layers.

CCNA 1 v3.0 Module 11 TCP/IP Transport and Application Layers.
TCP/IP Honolulu Community College Cisco Academy Training Center Semester 2 Version 2.1.

TCP/IP Honolulu Community College Cisco Academy Training Center Semester 2 Version 2.1.
Www.ciscopress.com Networking Basics CCNA 1 Chapter 11.

Networking Basics CCNA 1 Chapter 11.

Similar presentations

Ads by Google