Presentation is loading. Please wait.

Presentation is loading. Please wait.

Dumps: Read’em and Weep Presented at Black Lodge Research www.blacklodgeresearch.orgwww.blacklodgeresearch.org.

Published byHarry Harrison Modified over 9 years ago

Similar presentations

Presentation on theme: "Dumps: Read’em and Weep Presented at Black Lodge Research www.blacklodgeresearch.orgwww.blacklodgeresearch.org."— Presentation transcript:

1 Dumps: Read’em and Weep Presented at Black Lodge Research www.blacklodgeresearch.orgwww.blacklodgeresearch.org

2 Legal This presentation is for information and educational use only. None of the techniques described in the following should be used for illegal communications interception. Please be aware of: US Code 18, part 1, section 119: http://uscode.house.gov/download/pls/18C119.txt

3 Covering Today: 1.What 2.Why 3.When 4.How 5.Where 6.Use more Fiber.. 7.Tcp Poké Ball go!

4 What Network dumps tell the truth, the whole truth (if done right) and nothing but the truth, so help them Bruce. Contains the raw data going across the pipes. Troubleshooters best friend and worst nightmare Variety of tools: Tcpdump, wireshark, tshark, CACE pipe,

5 Why Shows what application level analysis can’t, the real data on the wire Makes segmentation of troubleshooting easier For client/support relationship, great way to prove the network is not the problem.

6 When When ever there is trouble, dumps will be there.. Slow network Unexplained behavior Connectivity issues Security Breach Pen Testing Wifi access.. To retrieve your forgotten wifi password. For the fun of it.

7 How Not OS dependant, there is a capture engine for anything Are you Promiscuous? How big can you get? Splitsville? Remote Execution

8 Where Know your network type: Hub - Easy to cap on, tough to find Switch - Easy to find, require different approach to capture on (SPAN, TAP, Mac Flood, MiTM) Wireless - Everywhere, each security type requires a slightly different approach.

9 Where Hub -On same Hub, start capture promiscuous mode - Half duplex ( since all packets go to all ports) Switch -Standard uni-cast, meaning packets go where they should (based on Mac table/arps) - Bummer, can’t listen to all traffic - Solution 1: MaC Flood - Solution 2: Span port - Solution 2: TAP (http://www.lovemytool.com/blog/2007/08/span-ports-or- t.html)

10 Where Wireless - Like dust in the wind, open wifi is free to snag on a promiscuous capable adapter.

11 Use more fiber Filters -Capture Filters http://wiki.wireshark.org/CaptureFilters -Display Filters http://www.wireshark.org/docs/dfref/ - Difference?

12 Tcp Poké Ball go! Capture HTTP Filter Handshake Filter Http Find the photo Capture SSL Version Cipher used? Resume or New? Capture FTP Active or Passive? Determine Ports, filter by port Find the photo Capture Wireless Find HTTP Filter out beacons General: Layer 2 arps, macs, tcp handshakes, windows,

Download ppt "Dumps: Read’em and Weep Presented at Black Lodge Research www.blacklodgeresearch.orgwww.blacklodgeresearch.org."

Similar presentations

Hands-On Ethical Hacking and Network Defense Lecture 15 Man in the Middle Attack to get Passwords from HTTPS Sessions.

Hands-On Ethical Hacking and Network Defense Lecture 15 Man in the Middle Attack to get Passwords from HTTPS Sessions.
Sniffing, Spoofing, Hijacking This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added.

Sniffing, Spoofing, Hijacking This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added.
Introduction to Network Analysis and Sniffer Pro

Introduction to Network Analysis and Sniffer Pro
Packet Analyzers, a Threat to Network Security. Agenda Introduction The background of packet analyzers LAN technologies & network protocols Communication.

Packet Analyzers, a Threat to Network Security. Agenda Introduction The background of packet analyzers LAN technologies & network protocols Communication.
Chapter 14 Wireless Attacks, Intrusion Monitoring and Policy

Chapter 14 Wireless Attacks, Intrusion Monitoring and Policy
Man in the Middle Paul Box Beatrice Wilds Will Lefevers.

Man in the Middle Paul Box Beatrice Wilds Will Lefevers.
Sniffing the sniffers - detecting passive protocol analysers John Baldock, Intel Corp Craig Duffy, Bristol UWE.

Sniffing the sniffers - detecting passive protocol analysers John Baldock, Intel Corp Craig Duffy, Bristol UWE.
Network Analyzer Example

Network Analyzer Example
McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 Application Layer PART VI.

McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 Application Layer PART VI.
Adrian Crenshaw.  I run Irongeek.com  I have an interest in InfoSec education  I don’t know everything - I’m.

Adrian Crenshaw.  I run Irongeek.com  I have an interest in InfoSec education  I don’t know everything - I’m.
Transport Layer Flow. Socket Connections UDP Segment Structure.

Transport Layer Flow. Socket Connections UDP Segment Structure.
ITIS3100 By Fei Xu. Acknowledge This document is basically a digest from “Wireshark User's Guide 25114 for Wireshark 1.0.0” You can download the software.

ITIS3100 By Fei Xu. Acknowledge This document is basically a digest from “Wireshark User's Guide for Wireshark 1.0.0” You can download the software.
Hubs & Switches Ethernet Basics -10. There is only so much available bandwidth, in some instances it can be dynamic An overabundance of data on the network,

Hubs & Switches Ethernet Basics -10. There is only so much available bandwidth, in some instances it can be dynamic An overabundance of data on the network,
Introduction to InfoSec – Recitation 12 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)

Introduction to InfoSec – Recitation 12 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)
Troubleshooting Software Tools vs. Professional Test Equipment.

Troubleshooting Software Tools vs. Professional Test Equipment.
Chapter 11 Extending LANs: Fiber Modems, Repeaters, Bridges, & Switches Hub Bridge Switch.

Chapter 11 Extending LANs: Fiber Modems, Repeaters, Bridges, & Switches Hub Bridge Switch.
Drinking straight from the network hose. So What is WireShark? Packet sniffer/protocol analyzer Open Source Network Tool Latest version of the ethereal.

Drinking straight from the network hose. So What is WireShark? Packet sniffer/protocol analyzer Open Source Network Tool Latest version of the ethereal.
1 Chapter 6 Network Security Threats. 2 Objectives In this chapter, you will: Learn how to defend against packet sniffers Understand the TCP, UDP, and.

1 Chapter 6 Network Security Threats. 2 Objectives In this chapter, you will: Learn how to defend against packet sniffers Understand the TCP, UDP, and.
Wireshark Presented By: Hiral Chhaya, Anvita Priyam.

Wireshark Presented By: Hiral Chhaya, Anvita Priyam.
CSCD433 Advanced Networks Fall 2011 Raw vs. Cooked Sockets.

CSCD433 Advanced Networks Fall 2011 Raw vs. Cooked Sockets.

Similar presentations

Ads by Google