© 2010 Cisco Systems, Inc. All rights reserved. 1 CREATE Re-Tooling Exploring Protocols with Wireshark March 12, 2011 CREATE CATC and Ohlone College.

Slides:



Advertisements
Similar presentations
DSL-2730B, DSL-2740B, DSL-2750B.
Advertisements

Ubiquitous Computing Technology Research Institute Sungkyunkwan University Using Ethereal - Packet Capturing & Analysis Tool Sungkyunkwan University.
SYSTEM ADMINISTRATION Chapter 19
Module 10: Troubleshooting Network Access. Overview Troubleshooting Network Access Resources Troubleshooting LAN Authentication Troubleshooting Remote.
MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 14: Troubleshooting Remote Connections.
Network Analyzer Example
(NHA) The Laboratory of Computer Communication and Networking Network Host Analyzer.
Module 6 Windows 2000 Professional 6.1 Installation 6.2 Administration/User Interface 6.3 User Accounts 6.4 Managing the File System 6.5 Services.
TSS Academy Troubleshooting with.
Activating Pilot Account ( first time users ) Web-based Activation Browse to 1. Click on the link on the lower right that says.
1 Chapter Overview Introduction to Windows XP Professional Printing Setting Up Network Printers Connecting to Network Printers Configuring Network Printers.
Virtual Private Network (VPN) © N. Ganesan, Ph.D..
TCP/IP Tools Lesson 5. Objectives Skills/ConceptsObjective Domain Description Objective Domain Number Using basic TCP/IP commands Understanding TCP/IP3.6.
Click to edit Master subtitle style Chapter 17: Troubleshooting Tools Instructor:
Cisco Confidential 1 © 2011 Cisco and/or its affiliates. All rights reserved.
Implementing RADIUS AAA Phil & Rick. Content Terms and Concepts Access Control What is AAA? Benefits of AAA What is RADIUS? Microsoft IAS Overview Installation.
VPN Scenarios © N. Ganesan, Ph.D.. Chapter Objectives.
Advanced Networking for DVRs
Ch 8-3 Working with domains and Active Directory.
2440: 141 Web Site Administration Remote Web Server Access Tools Instructor: Enoch E. Damson.
Ch 11 Managing System Reliability and Availability 1.
Module 1: Reviewing the Suite of TCP/IP Protocols.
1 Lab 3 Transport Layer T.A. Youngjoo Han. 2 Transport Layer  Providing logical communication b/w application processes running on different hosts 
1 Ethereal.  Freeware sniffing tool.  Captures live network traffic.  The user interface separates it from other sniffers.
University of Calgary – CPSC 441.  Wireshark (originally named Ethereal)is a free and open-source packet analyzer.  It is used for network troubleshooting,
© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Introduction to Eagle Server AsiaPac Academy Workshop Bangkok
1 ISA Server 2004 Installation & Configuration Overview By Nicholas Quinn.
Module 7: Configuring TCP/IP Addressing and Name Resolution.
Thrive Installation.
CPSC 441 Tutorial TA: Fang Wang The content of these slides are taken from CPSC 526 TUTORIAL by Nashd Safa (Extended and partially modified)
CHAPTER Protocols and IEEE Standards. Chapter Objectives Discuss different protocols pertaining to communications and networking.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 3: TCP/IP Architecture.
A+ Guide to Software: Managing, Maintaining, and Troubleshooting, 5e
Network Security: Lab#4-2 Packet Sniffers J. H. Wang Dec. 2, 2013.
Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.
Packet Analysis Fluke Protocol Expert & Misc Applications Brian D. Sterck.
Network Management Tool Amy Auburger. 2 Product Overview Made by Ipswitch Affordable alternative to expensive & complicated Network Management Systems.
Packet Analysis Using Wireshark for Beginners 22AF
Chapter 1: The Internet and the WWW CIS 275—Web Application Development for Business I.
How to configure DNS for a Windows 2000 domain? 1.Start the Install/Remove Programs Control Panel Applet (Start - Settings - Control Panel - Add/Remove.
Computer Networking From LANs to WANs: Hardware, Software, and Security Chapter 13 FTP and Telnet.
Networking in Linux. ♦ Introduction A computer network is defined as a number of systems that are connected to each other and exchange information across.
CNIT 124: Advanced Ethical Hacking Ch 7: Capturing Traffic.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network, Enhanced Chapter 3: TCP/IP Architecture.
Sniffer, tcpdump, Ethereal, ntop
Networks Part 3: Packet Paths + Wireshark NYU-Poly: HSWP Instructor: Mandy Galante.
1 Microsoft Windows 2000 Network Infrastructure Administration Chapter 4 Monitoring Network Activity.
Using Routing and Remote Access Chapter Five. Exam Objectives in this Chapter:  Plan a routing strategy Identify routing protocols to use in a specified.
Configuring Network Connectivity Lesson 7. Skills Matrix Technology SkillObjective DomainObjective # Using the Network and Sharing Center Use the Network.
Linux Operations and Administration
POSTECH 1/39 CSED702D: Internet Traffic Monitoring and Analysis James Won-Ki Hong Department of Computer Science and Engineering POSTECH, Korea
COMP2322 Lab 1 Introduction to Wireshark Weichao Li Jan. 22, 2016.
Ethereal/WireShark Tutorial Yen-Cheng Chen IM, NCNU April, 2006.
Integrity Check As You Well Know, It Is A Violation Of Academic Integrity To Fake The Results On Any.
INTERNET APPLICATIONS CPIT405 Install a web server and analyze packets.
Chapter 7: Using Network Clients The Complete Guide To Linux System Administration.
PuTTY Introduction to Web Programming Kirkwood Continuing Education by Fred McClurg © Copyright 2016, All Rights Reserved ssh client.
Click to edit Master subtitle style
IFIP-UNU ADVANCED COURSE ON NETWORKING AND SECURITY Module II-Wireless Communications Section 5 Access Points.
Lab 2: Packet Capture & Traffic Analysis with Wireshark
A Quick Guide to Ethereal/Wireshark
Traffic Analysis with Ethereal
Lecture 6: TCP/IP Networking By: Adal Alashban
Introduction to Packet Sniffing using Ethereal
Ethereal/WireShark Tutorial
Setting Up Firewall using Netfilter and Iptables
NETWORK SECURITY LAB Lab 8. Firewall and VPN.
Wireshark(Ethereal).
Lecture9: Embedded Network Operating System: cisco IOS
Presentation transcript:

© 2010 Cisco Systems, Inc. All rights reserved. 1 CREATE Re-Tooling Exploring Protocols with Wireshark March 12, 2011 CREATE CATC and Ohlone College

2 © 2010 Cisco Systems, Inc. All rights reserved.  Karen Stanton  College of the Canyons  Michael McKeever  Santa Rosa Junior College  Danijela Babic  Ohlone College  Laura Chappell  Wireshark University INTRODUCTIONS

3 © 2010 Cisco Systems, Inc. All rights reserved.  Parking  Restrooms  Other? Before we start…

4 © 2010 Cisco Systems, Inc. All rights reserved.  Introduction to Wireshark  Capturing Traffic  Filtering Examples  Analyzing Protocols AGENDA

5 © 2010 Cisco Systems, Inc. All rights reserved. INTRODUCTION TO WIRESHARK

6 © 2010 Cisco Systems, Inc. All rights reserved. What is wireshark? “Wireshark is a network packet analyzer. A network packet analyzer will try to capture network packets and tries to display that packet data as detailed as possible. You could think of a network packet analyzer as a measuring device used to examine what's going on inside a network cable, just like a voltmeter is used by an electrician to examine what's going on inside an electric cable (but at a higher level, of course). “ Source: Wireshark User’s Guide

7 © 2010 Cisco Systems, Inc. All rights reserved. Wireshark’s features  Available for UNIX and Windows.  Capture live packet data from a network interface.  Display packets with very detailed protocol information.  Open and Save packet data captured.  Import and Export packet data from and to a lot of other capture programs.  Filter packets on many criteria.  Search for packets on many criteria.  Colorize packet display based on filters.  Create various statistics. ... and a lot more!

8 © 2010 Cisco Systems, Inc. All rights reserved. Another Resource!  Wireshark Wiki 

9 © 2010 Cisco Systems, Inc. All rights reserved. Wireshark main window

10 © 2010 Cisco Systems, Inc. All rights reserved. CAPTURING TRAFFIC

11 © 2010 Cisco Systems, Inc. All rights reserved. Are you allowed to capture traffic?  Ensure that you are allowed to capture packets from the network you are working on! For example, corporate policies or applicable law might prevent you from capturing on the network you're using!  If you have to change network cabling to start a capture, ensure that you are allowed to do so! Network administrators and other people are usually not amused with re-arrangements to "their" network.

12 © 2010 Cisco Systems, Inc. All rights reserved. General setup  You need to have root / Administrator privileges to start a live capture.  You need to choose the right network interface to capture packet data from.  You need to capture at the right place in the network to see the traffic you want to see

13 © 2010 Cisco Systems, Inc. All rights reserved. Ways to start capturing traffic  You can get an overview of the available local interfaces using the " Capture Interfaces" dialog box. You can start a capture from this dialog box, using (one of) the "Capture" button(s).  You can start capturing using the " Capture Options" dialog box.  If you have selected the right capture options before, you can immediately start a capture using the " Capture Start" menu / toolbar item. The capture process will start immediately.  If you already know the name of the capture interface, you can start Wireshark from the command line and use the following: wireshark -i eth0 -k

14 © 2010 Cisco Systems, Inc. All rights reserved. Ways to start capturing traffic  Capture Interfaces Window

15 © 2010 Cisco Systems, Inc. All rights reserved. Ways to start capturing traffic  Capture Options

16 © 2010 Cisco Systems, Inc. All rights reserved. Ways to start capturing traffic Command Line  C:\program files\wireshark\wireshark.exe –i 1 -k C:\program files\wireshark\wireshark.exe –i 1 -k

17 © 2010 Cisco Systems, Inc. All rights reserved. Remote CAPTURE  Client Setup – Wireshark  Capture Options Daemon (remote) Setup  First install WinPcap on the remote machine. After that, the daemon can be found at:WinPcap  C:\Program Files\WinPcap\rpcapd.exe  The easiest is to start the deamon from the command line now: rpcapd -n  The -n will turn off authentication.

18 © 2010 Cisco Systems, Inc. All rights reserved. PRACTICE Capturing your own traffic 1.Start Wireshark 2.Select the correct interface 3.Start capture 4.Generate traffic 5.Stop capture

19 © 2010 Cisco Systems, Inc. All rights reserved. PRACTICE Capturing Remote Traffic Work with a partner on this exercise. You will need to computers. Computer 1, the remote daemon; and Computer 2, the Wireshark Client Computer 1 – Remote  Start the WinPCAP daemon  Go to command prompt  Go to the directory where WinPCAP is installed  Run the following command rpcapd -n

20 © 2010 Cisco Systems, Inc. All rights reserved. PRACTICE Capturing Remote Traffic Computer 2 - Wireshark 1.Start Wireshark 2.Go to Capture Options 3.For interface type, select Remote 4.Enter the IP address of Computer 1 for the Host IP address. 5.Select Null Authentication and then OK. 6.Select the correct remote interface and then click Start. 7.Generate traffic in Computer 1 Can you capture the remote traffic?

21 © 2010 Cisco Systems, Inc. All rights reserved. FILTERING TRAFFIC SquidSquid, a popular web proxy/cache server

22 © 2010 Cisco Systems, Inc. All rights reserved. Two Types of Filters  Display Filters  Capture Filters

23 © 2010 Cisco Systems, Inc. All rights reserved. Capture only traffic to or from IP address : host Capture traffic to or from a range of IP addresses: net /24 or net mask Capture traffic from a range of IP addresses: src net /24 or src net mask Capture traffic to a range of IP addresses: dst net /24 or dst net mask Capture only DNS (port 53) traffic: port 53 Capture non-HTTP and non-SMTP traffic on your server (both are equivalent): host and not (port 80 or port 25) host and not port 80 and not port 25 CAPTURE FILTERS

24 © 2010 Cisco Systems, Inc. All rights reserved. Capture except all ARP and DNS traffic: port not 53 and not arp Capture traffic within a range of ports (tcp[0:2] > 1500 and tcp[0:2] 1500 and tcp[2:2] < 1550) or, with newer versions of libpcap (0.9.1 and later): tcp portrange Capture only Ethernet type EAPOL: ether proto 0x888e Reject ethernet frames towards the Link Layer Discovery Protocol Multicast group: not ether dst 01:80:c2:00:00:0e Capture only IP traffic - the shortest filter, but sometimes very useful to get rid of lower layer protocols like ARP and STP: ip Capture only unicast traffic - useful to get rid of noise on the network if you only want to see traffic to and from your machine, not, for example, broadcast and multicast announcements: not broadcast and not multicast CAPTURE FILTERS (cont.)

25 © 2010 Cisco Systems, Inc. All rights reserved. Display Filter Comparison Operators Display filters

26 © 2010 Cisco Systems, Inc. All rights reserved. Show only SMTP (port 25) and ICMP traffic:SMTPICMP tcp.port eq 25 or icmp Show only traffic in the LAN ( x.x), between workstations and servers -- no Internet: ip.src== /16 and ip.dst== /16 Display filters

27 © 2010 Cisco Systems, Inc. All rights reserved. ANALYZING PROTOCOLS

28 © 2010 Cisco Systems, Inc. All rights reserved.  User needs to have a good understanding of the protocol  The protocol analyzer is just a tool Analyzing Protocols

29 © 2010 Cisco Systems, Inc. All rights reserved. File Transfer protocol  Characteristics -Application Protocol -TCP -Control – Port 21 -Data – Port 20 -Clear Text -Commands

30 © 2010 Cisco Systems, Inc. All rights reserved. Requirements  FTP server: ftp.sbccnetworking.com  User Authentication enable  Small image file Capturing FTP TRAFFIC

31 © 2010 Cisco Systems, Inc. All rights reserved.  Configure Wireshark to capture just FTP traffic  Start Wireshark Capturing FTP TRAFFIC Setup Wireshark

32 © 2010 Cisco Systems, Inc. All rights reserved.  Open the command prompt and connect to the ftp server as follow:  Enter the command: ftp ftp.sbccnetworking.com  Use the following name to authenticate:  Username: student#  Password: Studentftp#  Where # is a number assigned by instructor 1-20 Capturing FTP TRAFFIC Connect to FTP site

33 © 2010 Cisco Systems, Inc. All rights reserved.  From the ftp server, download the SecretImage.png Enter the command get secretimage.png Stop the capture after the download. Capturing FTP TRAFFIC Download an image file

34 © 2010 Cisco Systems, Inc. All rights reserved. Analyze traffic

35 © 2010 Cisco Systems, Inc. All rights reserved.  Locate a FTP-DATA frame and follow the TCP Stream Analyze traffic

36 © 2010 Cisco Systems, Inc. All rights reserved.  Save the stream as RAW data with a new name: capturedimage.png Analyze traffic

37 © 2010 Cisco Systems, Inc. All rights reserved. CAPTURED IMAGE

38 © 2010 Cisco Systems, Inc. All rights reserved. Practice FTP Capture

39 © 2010 Cisco Systems, Inc. All rights reserved. Analyzing other Protocols  Telnet  RIP v2  OSPF  EIGRP  VPN anyone? Got one somewhere?

40 © 2010 Cisco Systems, Inc. All rights reserved.

41 © 2010 Cisco Systems, Inc. All rights reserved.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.