Download presentation
Presentation is loading. Please wait.
Published byHelen Watts Modified over 8 years ago
1
www.novell.com Hot Tools for Analyzing Networks Laura Chappell Sr. Protocol Analyst, Founder Protocol Analysis Institute lchappell@packet-level.com
2
Vision…one Net A world where networks of all types—corporate and public, intranets, extranets, and the Internet—work together as one Net and securely connect employees, customers, suppliers, and partners across organizational boundaries Mission To solve complex business and technical challenges with Net business solutions that enable people, processes, and systems to work together and our customers to profit from the opportunities of a networked world
4
Tool Types Cheap tools Cool tools worth paying for Basic/Simple v. Advanced/Complex These tools can be used to analyze, secure and test your network
5
Tools to Get NetScanTools Pro $ Ethereal Sam Spade Snort nMap Nessus GRC’s tools Dsniff et al Netcat Whisker Firewalk LC3 (L0phtCrack) LANGuard$ NetStumbler Invisible Secrets$ HexWorkshop$ EtherPeek$ Sniffer$ … and more
6
NetScanTools Pro OS Fingerprinting IP-to-MAC mapping Port probing TCP Term … and more HOT!
7
Ethereal: Network Analyzer Win32 version on Laura’s Lab Kit 1. Ethereal: Packet analyzer/decoder tool 2. WinPcap: architecture for packet capture and network analysis for the Win32 platforms Kernal-level packet filter Low-level dll (PACKET.DLL) High-level library (WPCAP.DLL) Worth the time to install/setup! Get winpcap at netgroup-serv.polito.it/winpcap/ Link: www.ethereal.com
8
Sam Spade (Multifunction Tool) www.samspade.org Traceroute Ping DNS lookups DIG Whois Finger Etc. Link: www.samspade.org
9
Snort IDS Network Intruder Detection System (NIDS) Rules-based Plug-ins available Sample snort rule alert tcp $EXTERNAL_NET any -> $HOME_NET 3128 (msg:"INFO - Possible Squid Scan"; flags:S; classtype:attempted-recon; sid:618; rev:1;) Link: www.snort.org
10
Where Do You Put Your Pig? Off a hub Off a spanned/mirrored switch port Client A Server 1 Switch Hub Client B 1 2
11
Nmap Tester Port scanner UDP TCP (including Xmas, null scans, etc.) OS fingerprinter Ping sweeper … and more Link: www.insecure.org/nmap
12
Nessus Tester Port scanner Fingerprinter Vulnerabilities tester Client/server set Client collects data Server sends attacks Server OS: Solaris, FreeBSD, GNU/Linux, etc.— not Windows Link: www.nessus.org
13
GRC’s Tools Shields Up (test vulnerabilities) Portscan (check open ports) UnPlug ‘n Pray (shut down PnP function) IDServe (ID Internet Servers) Great reading Link: www.grc.com
14
Dsniff, et al. Testers Passive tools Dsniff Filesnarf Mailsnarf Msgsnarf Urlsnarf Webspy Active attack tools Arpspoof Dnsspoof Macof (fail open/duplicate MACs) Target: MAC address table Link: www.monkey.org/~dugsong/dsniff/
15
Netcat Connecter Setup connections TCP UDP Now included in the Red Hat Power Tools collection and comes standard on SuSE Linux, Debian Linux, NetBSD and OpenBSD distributions Link: www.atstake.com/research/tools/index.html#network_utilities TCP
16
Whisker CGI Scanner Whisker (by rain.forest.puppy) www.wiretrip.net Checks for CGI directory and CGI Checks for server type and version Can test vulnerabilities in sub-domains Uses URL coding (see next slide) Written in Perl See RFP2K01: “How I hacked PacketStorm” Link: www.wiretrip.net/rfp/
17
Mutant traceroute Learn gateway access filters No answer = blocked ICMP TTL answer = open Block outgoing ICMP TTL messages Router with ACL Port 21 TTL=2 ICMP: TTL exceeded in transit Block all outgoing ICMP TTL messages Link: www.packetfactory.net/Projects/Firewalk/ Discovery Tool
18
LC3 Password Cracker Password cracking tool— excellent Uh…er…I mean Password auditing and recovery tool Also check out John the Ripper www.openwall.com/john/ Link: www.atstake.com/research/lc3/
19
LANGuard Scanner Bulk vulnerability scanner NetBIOS scanner SNMP scanner Ping sweeper Port prober and more Link: www.gfi.com/languard/ HOT!
20
NetStumbler Eavesdropper Wireless scanner “MiniStumbler” Yipes Link: www.netstumbler.com/ HOT!
21
Invisible Secrets Steganography Hide files within files Check out www.packet-level.com’s banner Password = hide Encryption = blowfish + + = = Link: www.neobytesolutions.com/invsecr/
22
Hex Workshop Decoder Open files (without executing them) Change file contents Base converter Link: www.bpsoft.com/
23
EtherPeek Analyzer One of the best packet analyzers around NX has an expert system and lots of added filtering capabilities Link: www.wildpackets.com
24
Sniffer Analyzer Another great protocol analyzer Link: www.sniffer.com
25
In Summary Scary, eh? Learn to use the tools to test your network Keep up on the vulnerabilities Join me on the 2002 US/Canada roadshow—hands-on courses
26
Register NOW www.nuihotlabs.org/cybercrime Laura Chappell’s US/Canada Hands-On Roadshow Get hands-on experience with many tools and analysis techniques for analysis and security Washington, DCApril 1-2 ChicagoApril 4-5 SeattleApril 8-9 AtlantaApril 15-16 BostonMay 2-3 DallasMay 13-14 HoustonMay 16-17 San JoseMay 23-24 San FranciscoJune 4-5 MinneapolisJune 10-11 PhoenixJune 24-25 San DiegoJune 27-28 TorontoJuly 8-9 VancouverJuly 11-12 St. LouisJuly 22-23 Los AngelesJuly 25-26 HonoluluJuly 29-30 New York CityAugust 5-6 Hands-On Classes
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.