Presentation is loading. Please wait.

Presentation is loading. Please wait.

SHARKFEST '09 | Stanford University | June 15–18, 2009 Wireshark is divine! Network Forensics: Wireshark as Evidence Collector Laura Chappell Founder,

Similar presentations


Presentation on theme: "SHARKFEST '09 | Stanford University | June 15–18, 2009 Wireshark is divine! Network Forensics: Wireshark as Evidence Collector Laura Chappell Founder,"— Presentation transcript:

1 SHARKFEST '09 | Stanford University | June 15–18, 2009 Wireshark is divine! Network Forensics: Wireshark as Evidence Collector Laura Chappell Founder, Wireshark University | Presenter, Wireshark Jumpstart Series | SHARKFEST '09 Stanford University June 15 th, :45-12:15

2 SHARKFEST '09 | Stanford University | June 15–18, 2009 The OHHDL Case Planting the Seed of Social Malware

3 SHARKFEST '09 | Stanford University | June 15–18, 2009 Another Case of Interest Thank goodness they have WEP on this WLAN! Here’s your sense of false security… Enjoy your stay.

4 SHARKFEST '09 | Stanford University | June 15–18, 2009 In this Session Network Forensics 101 Evidence of Reconnaissance Evidence of Breaches LIVE ANALYSIS

5 SHARKFEST '09 | Stanford University | June 15–18, 2009 Evidence of Reconnaissance IP scans (excessive ICMP Type 3/Code 2) OS fingerprinting (ICMP type 13, 15 and 17) OS fingerprinting (ICMP type 13, 15 and 17) Address scans (‘dark IP’ or ‘dark MAC’ hits) Application scans (unusual responses) UDP scans (excessive ICMP Type 3/Code 3) TCP scans (excessive RSTs)

6 SHARKFEST '09 | Stanford University | June 15–18, 2009 Evidence of Breaches Unusual communication pairs Unusual protocols and ports Excessive failed connections Unusual inbound connections Unusual outbound connections Peer-to-peer traffic paths Check out… Statistics > Protocol Hierarchies Statistics > Conversations Filter on DNS Filter on ICMP

7 SHARKFEST '09 | Stanford University | June 15–18, 2009 Now… Enough of this slide stuff…

8 SHARKFEST '09 | Stanford University | June 15–18, 2009 Links High Technology Crime Investigation Association Snooping Dragon Report Hacked Hosts: Network Forensics Yes – I tweet – “laurachappell” Yes – I blog - feeds2.feedburner.com/InsideLaurasLab Yes – I Facebook – “laurachappell”

9 SHARKFEST '09 | Stanford University | June 15–18, 2009 Thank You! Check out Laura’s live seminars at chappellseminars.com. Help us spread the word! Thanks!


Download ppt "SHARKFEST '09 | Stanford University | June 15–18, 2009 Wireshark is divine! Network Forensics: Wireshark as Evidence Collector Laura Chappell Founder,"

Similar presentations


Ads by Google