Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lecture Materials for the John Wiley & Sons book: Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions April 14, 2015 DRAFT1.

Published byDiego Lyne Modified over 9 years ago

Similar presentations

Presentation on theme: "Lecture Materials for the John Wiley & Sons book: Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions April 14, 2015 DRAFT1."— Presentation transcript:

1 Lecture Materials for the John Wiley & Sons book: Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions April 14, 2015 DRAFT1 Chapter 6: Protocol Analysis and Network Programming

2 Networking Theory and Practice Open Systems Interconnection (OSI) defines the standard protocol stack –Out of the 7 layers, only 4 are used in practice: Physical (Layer 1) Data Link (Layer 2) Network (Layer 3) Transport (Layer 4) –The successor to OSI is Reference Model for Open Distributed Processing (RM-ODP), we encountered in Chapter 3, Row 3. 4/14/2015 DRAFT2 Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

3 Frequently Encountered Network Protocols IEEE 802.3 Ethernet protocol L2 IEEE 802.11 wireless protocols (commercially known as Wi-Fi) L2 Address Resolution Protocol (ARP) L2 IP Version 4 (IPv4) L3 IP Version 6 (IPv6) L3 Internet Control Message Protocol (ICMP) L3 User Datagram Protocol (UDP) L4 Transmission Control Protocol (TCP) L4 4/14/2015 DRAFT3 Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

4 Network Protocol Analysis Network protocol analysis can be performed automatically by Wireshark –Manual protocol analysis is outdated Each frame (L2) or packet (L3) has a header and a payload –L3 header/payload are attached before and after L2 header/payload, i.e. encapsulate –L4 headers/payload are attached before and after L3 header/payload 4/14/2015 DRAFT4 Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

5 Address Resolution Protocol (ARP) and Layer 2 Analysis 4/14/2015 DRAFT5 Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

6 ARP Frame 4/14/2015 DRAFT6 Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

7 Internet Protocol (IP) Analysis 4/14/2015 DRAFT7 Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

8 Internet Control Message Protocol (ICMP) 4/14/2015 DRAFT8 Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

9 User Datagram Protocol (UDP) Analysis 4/14/2015 DRAFT9 Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

10 Transmission Control Protocol (TCP) Analysis 4/14/2015 DRAFT10 Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

11 Network Programming: Bash Bash is an available command line shell for Linux and Unix systems –It is selected in the /etc/passwd file In network programming we are able to execute network commands in a script at the command line or from a script file During penetration tests, we frequently encounter raw shells (that do not support even backspace) where we can only submit 1 command line at a time –Use network programming to build security tools such as ping scans and banner grabbers (i.e. when services self identify) Network programming remains a rare but very useful skill among security pros 4/14/2015 DRAFT11 Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

12 Linux/Unix Bash Basics: Standard Input, Output, Error, Pipes Sorting reverse numerical –# sort /tmp/alertIPs | uniq –c | sort –nr Append to file including standard error –mount error >> log.txt 2>&1 Command sequence –# echo Hello Universe! > /tmp/tmp ; cd /tmp ; ls ; cat tmp ; rm tmp ; ls ; cd ~ 4/14/2015 DRAFT12 Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

13 Linux/Unix Bash for Basic Network Programming Ping an IP; returns ICMP response –# ping –c1 –w2 10.10.100.100 To ping an address range, i.e. a scan –# for i in `echo {1..254}`; do ping -c1 -w2 10.10.100.$i; done 4/14/2015 DRAFT13 Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

14 Linux/Unix Bash Network Sweep: Packaging a Script Package the ping sweep in a script file with Ctrl-C abort: –#!/bin/bash –trap bashtrap INT –bashtrap() { echo "Bashtrap Punt!"; exit; } –for i in `echo {1..254}`; do ping -c1 -w2 10.10.100.$i; done Use $1, $2, $3, … for command line arguments Use if statement for conditionality, e.g. –if $(test $# -eq 0 ); then network="10.10.100"; else network=$1; fi 4/14/2015 DRAFT14 Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

15 Linux/Unix Bash Network Scanning using While Read IP domains from a hosts file: –#!/bin/bash –trap bashtrap INT –bashtrap() { echo "Bashtrap Punt!"; exit; } –if $(test $# -eq 0 ); then network="10.10.100"; else network=$1; fi –while read n; do echo -e "\nSCANNING $network.$n"; nmap -O -sV --top-ports 9 -- reason $network.$n; done < hosts 4/14/2015 DRAFT15 Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

16 Bash Banner Grabbing #!/bin/bash trap t INT function t { echo -e "\nExiting!"; exit; } if $(test $# -eq 0 ); then network="192.168.1"; else network=$1; fi while read host; do echo –e "\nTESTING $network.$host PORTS..."; while read port; do echo -n " $port"; echo "" | nc -n -v -w1 $network.$host $port; done < ports done < hosts 4/14/2015 DRAFT16 Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

17 Windows Command Line Scripting In Windows Command Line the concepts are very similar to Bash Use.bat suffix for script (batch) files Batch file arguments are %1, %2, %3,… Script file variables use % prefix for /L for to iterate through numbers (i.e. counting) for /F to iterate through a set or file –Works like a while loop in Bash 4/14/2015 DRAFT17 Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

18 Windows Command Line : Standard IO, Pipes, and Sequences Example standard IO and pipes –C:\> type list.txt | sort /r >> sorted.txt & dir /b /s & type sorted.txt Command sequence (&), conditional (&&) –C:\> net use \\10.10.100.100 passw0rd /u:testuser && echo SUCCESS & net use \\10.10.100.100 /del 4/14/2015 DRAFT18 Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

19 Windows Command Line: Network Programming using For /L Ping sweep –set network=%1 –for /L %h in (2, 1, 255) do @ping –n 1 %network%.%h | find “byte=” > /nul && echo Host at %network%.%h 4/14/2015 DRAFT19 Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

20 Windows Command Line: Password Attack using For /F set ipaddr=%1 set usertarget=%2 for /F %p in (pass.txt) do @net use \\%ipaddr% %p /u:%usertarget% 2> /nul && echo PASS=%p & net use \\%ipaddr% /del 4/14/2015 DRAFT20 Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

21 Python Scripting There are various categories of programming languages from command line (Bash, Windows CLI) to interpreted/compiled scripting (Python, Ruby) to systems programming (C, C++, C#) –Categories vary by number of lines needed to implement a capability, typical multiplier is 8 –Lower levels provide more detailed accesses, faster execution –Python’s advantage is that it is highly portable and has an extensive function library 4/14/2015 DRAFT21 Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions

22 Python Programming for Accelerated Network Scanning #!/usr/bin/python import os from threading import Thread import time start=time.ctime() print start scan="ping -c1 -w1 " max=65 class threadclass(Thread): def __init__ (self,ip): Thread.__init__(self) self.ip = ip self.status = -1 def run(self): result = os.popen(scan+self.ip,"r") self.status=result.read() threadlist = [] for host in range(1,max): ip = "192.168.85."+str(host) current = threadclass(ip) threadlist.append(current) current.start() for t in threadlist: t.join() print "Status from ",t.ip,"is",repr(t.status) print start print time.ctime() 4/14/2015 DRAFT22 Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions Threaded scanning is about 60X faster than serial scans

23 REVIEW CHAPTER SUMMARY Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions 4/14/2015 DRAFT23

Download ppt "Lecture Materials for the John Wiley & Sons book: Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions April 14, 2015 DRAFT1."

Similar presentations

Lecture Materials for the John Wiley & Sons book: Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions October 8, 2014 DRAFT1.

Lecture Materials for the John Wiley & Sons book: Cyber Security: Managing Networks, Conducting Tests, and Investigating Intrusions October 8, 2014 DRAFT1.
Overview The TCP/IP Stack. The Link Layer (L2). The Network Layer (L3). The Transport Layer (L4). Port scanning & OS/App detection techniques. Evasion.

Overview The TCP/IP Stack. The Link Layer (L2). The Network Layer (L3). The Transport Layer (L4). Port scanning & OS/App detection techniques. Evasion.
21.1 Chapter 21 Network Layer: Address Mapping, Error Reporting, and Multicasting Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction.

21.1 Chapter 21 Network Layer: Address Mapping, Error Reporting, and Multicasting Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction.
ECE Department: University of Massachusetts, Amherst ECE 354 Lab 3: Transmitting and Receiving Ethernet Packets.

ECE Department: University of Massachusetts, Amherst ECE 354 Lab 3: Transmitting and Receiving Ethernet Packets.
Introduction1-1 message segment datagram frame source application transport network link physical HtHt HnHn HlHl M HtHt HnHn M HtHt M M destination application.

Introduction1-1 message segment datagram frame source application transport network link physical HtHt HnHn HlHl M HtHt HnHn M HtHt M M destination application.
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.

Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.
The Network Layer Chapter 5. The IP Protocol The IPv4 (Internet Protocol) header.

The Network Layer Chapter 5. The IP Protocol The IPv4 (Internet Protocol) header.
COS 420 Day 18. Agenda Assignment 4 Posted Chap 16-20 Due April 6 Group project program requirements Submitted but Needs lots of work Individual Project.

COS 420 Day 18. Agenda Assignment 4 Posted Chap Due April 6 Group project program requirements Submitted but Needs lots of work Individual Project.
CS 311 - Lecture 03 Outline Sed and awk from previous lecture Writing simple bash script Assignment 1 discussion 1CS 311 Operating SystemsLecture 03.

CS Lecture 03 Outline Sed and awk from previous lecture Writing simple bash script Assignment 1 discussion 1CS 311 Operating SystemsLecture 03.
Chapter 5 The Network Layer.

Chapter 5 The Network Layer.
Chapter 14 TCP/IP and Routing Part #1 Unix System Administration.

Chapter 14 TCP/IP and Routing Part #1 Unix System Administration.
Chapter 15 – Part 2 Networks The Internal Operating System The Architecture of Computer Hardware and Systems Software: An Information Technology Approach.

Chapter 15 – Part 2 Networks The Internal Operating System The Architecture of Computer Hardware and Systems Software: An Information Technology Approach.
Understanding Networks. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.

Understanding Networks. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.
Network Analyzer Example

Network Analyzer Example
Chapter 3 Review of Protocols And Packet Formats

Chapter 3 Review of Protocols And Packet Formats
Computer Security and Penetration Testing

Computer Security and Penetration Testing
Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition Chapter 2: Operating-System Structures Modified from the text book.

Silberschatz, Galvin and Gagne ©2009 Operating System Concepts – 8 th Edition Chapter 2: Operating-System Structures Modified from the text book.
TCP/IP Tools Lesson 5. Objectives Skills/ConceptsObjective Domain Description Objective Domain Number Using basic TCP/IP commands Understanding TCP/IP3.6.

TCP/IP Tools Lesson 5. Objectives Skills/ConceptsObjective Domain Description Objective Domain Number Using basic TCP/IP commands Understanding TCP/IP3.6.
Chapter Overview TCP/IP Protocols IP Addressing.

Chapter Overview TCP/IP Protocols IP Addressing.
CS 356 Systems Security Spring 2015 Dr. Indrajit Ray

CS 356 Systems Security Spring Dr. Indrajit Ray

Similar presentations

Ads by Google