Presentation is loading. Please wait.

Presentation is loading. Please wait.

Hot Tools for Analyzing Networks Laura Chappell Sr. Protocol Analyst, Founder Protocol Analysis Institute

Published byHelen Watts Modified over 8 years ago

Similar presentations

Presentation on theme: "Hot Tools for Analyzing Networks Laura Chappell Sr. Protocol Analyst, Founder Protocol Analysis Institute"— Presentation transcript:

1 www.novell.com Hot Tools for Analyzing Networks Laura Chappell Sr. Protocol Analyst, Founder Protocol Analysis Institute lchappell@packet-level.com

2 Vision…one Net A world where networks of all types—corporate and public, intranets, extranets, and the Internet—work together as one Net and securely connect employees, customers, suppliers, and partners across organizational boundaries Mission To solve complex business and technical challenges with Net business solutions that enable people, processes, and systems to work together and our customers to profit from the opportunities of a networked world

3

4 Tool Types Cheap tools Cool tools worth paying for Basic/Simple v. Advanced/Complex These tools can be used to analyze, secure and test your network

5 Tools to Get NetScanTools Pro $ Ethereal Sam Spade Snort nMap Nessus GRC’s tools Dsniff et al Netcat Whisker Firewalk LC3 (L0phtCrack) LANGuard$ NetStumbler Invisible Secrets$ HexWorkshop$ EtherPeek$ Sniffer$ … and more

6 NetScanTools Pro OS Fingerprinting IP-to-MAC mapping Port probing TCP Term … and more HOT!

7 Ethereal: Network Analyzer Win32 version on Laura’s Lab Kit 1. Ethereal: Packet analyzer/decoder tool 2. WinPcap: architecture for packet capture and network analysis for the Win32 platforms Kernal-level packet filter Low-level dll (PACKET.DLL) High-level library (WPCAP.DLL) Worth the time to install/setup! Get winpcap at netgroup-serv.polito.it/winpcap/ Link: www.ethereal.com

8 Sam Spade (Multifunction Tool) www.samspade.org  Traceroute  Ping  DNS lookups  DIG  Whois  Finger  Etc. Link: www.samspade.org

9 Snort IDS Network Intruder Detection System (NIDS) Rules-based Plug-ins available Sample snort rule alert tcp $EXTERNAL_NET any -> $HOME_NET 3128 (msg:"INFO - Possible Squid Scan"; flags:S; classtype:attempted-recon; sid:618; rev:1;) Link: www.snort.org

10 Where Do You Put Your Pig? Off a hub Off a spanned/mirrored switch port Client A Server 1 Switch Hub Client B 1 2

11 Nmap Tester Port scanner  UDP  TCP (including Xmas, null scans, etc.) OS fingerprinter Ping sweeper … and more Link: www.insecure.org/nmap

12 Nessus Tester Port scanner Fingerprinter Vulnerabilities tester Client/server set  Client collects data  Server sends attacks  Server OS: Solaris, FreeBSD, GNU/Linux, etc.— not Windows Link: www.nessus.org

13 GRC’s Tools Shields Up (test vulnerabilities) Portscan (check open ports) UnPlug ‘n Pray (shut down PnP function) IDServe (ID Internet Servers) Great reading Link: www.grc.com

14 Dsniff, et al. Testers Passive tools  Dsniff  Filesnarf  Mailsnarf  Msgsnarf  Urlsnarf  Webspy Active attack tools  Arpspoof  Dnsspoof  Macof (fail open/duplicate MACs) Target: MAC address table Link: www.monkey.org/~dugsong/dsniff/

15 Netcat Connecter Setup connections  TCP  UDP Now included in the Red Hat Power Tools collection and comes standard on SuSE Linux, Debian Linux, NetBSD and OpenBSD distributions Link: www.atstake.com/research/tools/index.html#network_utilities TCP

16 Whisker CGI Scanner Whisker (by rain.forest.puppy)  www.wiretrip.net  Checks for CGI directory and CGI  Checks for server type and version  Can test vulnerabilities in sub-domains  Uses URL coding (see next slide)  Written in Perl  See RFP2K01: “How I hacked PacketStorm” Link: www.wiretrip.net/rfp/

17 Mutant traceroute Learn gateway access filters  No answer = blocked  ICMP TTL answer = open Block outgoing ICMP TTL messages Router with ACL Port 21 TTL=2 ICMP: TTL exceeded in transit Block all outgoing ICMP TTL messages Link: www.packetfactory.net/Projects/Firewalk/ Discovery Tool

18 LC3 Password Cracker Password cracking tool— excellent Uh…er…I mean Password auditing and recovery tool Also check out John the Ripper  www.openwall.com/john/ Link: www.atstake.com/research/lc3/

19 LANGuard Scanner Bulk vulnerability scanner  NetBIOS scanner  SNMP scanner  Ping sweeper  Port prober and more Link: www.gfi.com/languard/ HOT!

20 NetStumbler Eavesdropper Wireless scanner “MiniStumbler” Yipes Link: www.netstumbler.com/ HOT!

21 Invisible Secrets Steganography Hide files within files Check out www.packet-level.com’s banner Password = hide Encryption = blowfish + + = = Link: www.neobytesolutions.com/invsecr/

22 Hex Workshop Decoder Open files (without executing them) Change file contents Base converter Link: www.bpsoft.com/

23 EtherPeek Analyzer One of the best packet analyzers around NX has an expert system and lots of added filtering capabilities Link: www.wildpackets.com

24 Sniffer Analyzer Another great protocol analyzer Link: www.sniffer.com

25 In Summary Scary, eh? Learn to use the tools to test your network Keep up on the vulnerabilities Join me on the 2002 US/Canada roadshow—hands-on courses

26 Register NOW www.nuihotlabs.org/cybercrime Laura Chappell’s US/Canada Hands-On Roadshow Get hands-on experience with many tools and analysis techniques for analysis and security Washington, DCApril 1-2 ChicagoApril 4-5 SeattleApril 8-9 AtlantaApril 15-16 BostonMay 2-3 DallasMay 13-14 HoustonMay 16-17 San JoseMay 23-24 San FranciscoJune 4-5 MinneapolisJune 10-11 PhoenixJune 24-25 San DiegoJune 27-28 TorontoJuly 8-9 VancouverJuly 11-12 St. LouisJuly 22-23 Los AngelesJuly 25-26 HonoluluJuly 29-30 New York CityAugust 5-6 Hands-On Classes

27

Download ppt "Hot Tools for Analyzing Networks Laura Chappell Sr. Protocol Analyst, Founder Protocol Analysis Institute"

Similar presentations

Ethical Hacking Module VII Sniffers.

Ethical Hacking Module VII Sniffers.
Overview The TCP/IP Stack. The Link Layer (L2). The Network Layer (L3). The Transport Layer (L4). Port scanning & OS/App detection techniques. Evasion.

Overview The TCP/IP Stack. The Link Layer (L2). The Network Layer (L3). The Transport Layer (L4). Port scanning & OS/App detection techniques. Evasion.
 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,

 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,
1 Modul 2 Footprinting Scanning Enumeration Isbat Uzzin Nadhori Informatical Engineering PENS-ITS Politeknik Elektronika Negeri Surabaya ITS - Surabaya.

1 Modul 2 Footprinting Scanning Enumeration Isbat Uzzin Nadhori Informatical Engineering PENS-ITS Politeknik Elektronika Negeri Surabaya ITS - Surabaya.
Penetration Testing & Countermeasures Paul Fong & Cai Yu CS691 5 May 2003.

Penetration Testing & Countermeasures Paul Fong & Cai Yu CS691 5 May 2003.
Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 Port Scanning.

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 Port Scanning.
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.

Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Scanning.

CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Scanning.
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning Last updated 9-18-08.

Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning Last updated
Scanning Determining if the system is alive IP Scanning Port Scanning War Dialing.

Scanning Determining if the system is alive IP Scanning Port Scanning War Dialing.
Hacking Exposed 7 Network Security Secrets & Solutions Chapter 2 Scanning 1.

Hacking Exposed 7 Network Security Secrets & Solutions Chapter 2 Scanning 1.
Forces that Have Brought the world to it’s knees over the centuries.

Forces that Have Brought the world to it’s knees over the centuries.
IS 247 Introduction to Web Application Development Tim Wu.

IS 247 Introduction to Web Application Development Tim Wu.
Information Networking Security and Assurance Lab National Chung Cheng University COUNTER HACK Chapter 6 Scanning Information Networking Security and Assurance.

Information Networking Security and Assurance Lab National Chung Cheng University COUNTER HACK Chapter 6 Scanning Information Networking Security and Assurance.
Hands-On Ethical Hacking and Network Defense Second Edition Chapter 6 Enumeration.

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 6 Enumeration.
SSL Man-in-the-Middle Attacks with Dsniff Rochester OWASP & ISSA Chapters Ralph Durkee Durkee Consulting, Inc.

SSL Man-in-the-Middle Attacks with Dsniff Rochester OWASP & ISSA Chapters Ralph Durkee Durkee Consulting, Inc.
Chapter 6 Enumeration Modified 9-28-09. Objectives  Describe the enumeration step of security testing  Enumerate Microsoft OS targets  Enumerate NetWare.

Chapter 6 Enumeration Modified Objectives  Describe the enumeration step of security testing  Enumerate Microsoft OS targets  Enumerate NetWare.
MASNET GroupXiuzhen ChengFeb 8, 2006 CSCI388 Project 1 Crack the WEP key Liran Ma Department of Computer Science The George Washington University

MASNET GroupXiuzhen ChengFeb 8, 2006 CSCI388 Project 1 Crack the WEP key Liran Ma Department of Computer Science The George Washington University
Ana Chanaba Robert Huylo

Ana Chanaba Robert Huylo
Lab #2 CT1406 By Asma AlOsaimi. Security has been a major concern in today’s computer networks. There has been various exploits of attacks against companies,

Lab #2 CT1406 By Asma AlOsaimi. "Security has been a major concern in today’s computer networks. There has been various exploits of attacks against companies,

Similar presentations

Ads by Google