Presentation is loading. Please wait.

Presentation is loading. Please wait.

Traffic Analysis with Ethereal

Published byAlbert Mosley Modified over 5 years ago

Similar presentations

Presentation on theme: "Traffic Analysis with Ethereal"— Presentation transcript:

1 Traffic Analysis with Ethereal

2 Traffic Analysis What is Traffic Analysis?
Network analysis is the process of capturing network traffic and inspecting it closely to determine what is happening on the network. -Ethereal Packet Sniffing. Rockland, MA: Syngress Publishing, Inc., 2004 Traffic analysis, network analysis, protocol analysis, packet analysis and packet sniffing all typically refer to the same thing

3 Traffic Analysis Reason to analyze traffic Legitimate Illegitimate
Identify network or communication issues Monitor network performance Verify network security Track communication transactions Log network traffic Discover source of unwanted traffic Discover compromised workstations Ensure users are adhering to AUP Illegitimate Capture passwords Capture network information Read confidential information Determine network information

4 Network Analyzers – What’s Available?
Differences are usually in the features. EtherPeek Windows 2000/NT Server Network Monitor Network Associates Sniffer and SnifferPro Network Instruments Observer Ethereal Packetyzer Features can include: Number of protocols supported User interface Graphing and statistical analysis Expert analysis features

5 Ethereal Features Installation Free (Open source software)
Runs on multiple platforms Supports over 480 protocols Reads capture files from other products (MS Network Monitor, TCPdump, Sniffer, Novell Lanalyzer) Installation 1. WinPcap : 2. Ethereal :

6 Exercise 1: Installing ethereal
Install WinPcap and Ethereal to your PC. Files to download WinPcap_3_0.exe ethereal-setup a.exe Run Ethereal.

7 Exercise 2: Capturing packets
1.From the main window, select "Capture:Start ". 2.This displays the following “Capture Preferences” window: • Select "Capture packets in promiscuous mode". • Select "Update list of packets in real time". • Select "Automatic scrolling in live capture". 3. Starting the traffic capture: Start the packet capture by clicking “OK” in the “Capture Preferences” window. 4. Generating traffic: In a separate window on your PC, execute a ping command to a target. ping –c <local network address> Observe the output in the ethereal main window. Click and highlight a captured packet in the ethereal window, and view the headers of the captured traffic. 5. Stopping the traffic capture: Click "Stop" in the window "Ethernet Capture". 6. Saving captured traffic

8 Understanding ethereal
Overview of Packet Info Click on one of these lines or fields and watch the packet being highlighted below. Details about header of Packet highlighted. Info about packet and Its contents.

9 Exercise 3: Filtering Ethereal uses the libpcap filter lanaguage for capture filters. Example 1: A capture filter for telnet traffic to and from a particular host tcp port 23 and host Example 2: A capture filter for all udp traffic from non-local udp and src net ! Filtering rules

Download ppt "Traffic Analysis with Ethereal"

Similar presentations

Ubiquitous Computing Technology Research Institute Sungkyunkwan University Using Ethereal - Packet Capturing & Analysis Tool 2006. 4. 12 Sungkyunkwan University.

Ubiquitous Computing Technology Research Institute Sungkyunkwan University Using Ethereal - Packet Capturing & Analysis Tool Sungkyunkwan University.
Tactics to Discover “Passive” Monitoring Devices

Tactics to Discover “Passive” Monitoring Devices
Snort & ACID. UTSA IS 6973 Computer Forensics SNORT.

Snort & ACID. UTSA IS 6973 Computer Forensics SNORT.
TCPDUMP Network-Based Intrusion Detection. Description  Packet sniffing is the heart of intrusion detection and of understanding what is actually occurring.

TCPDUMP Network-Based Intrusion Detection. Description  Packet sniffing is the heart of intrusion detection and of understanding what is actually occurring.
Troubleshooting.

Troubleshooting.
Network Analyzer Example

Network Analyzer Example
Packet Capture Using Ethereal. Definition for Sniffer: A program and/or device that monitors data traveling over a network. Sniffers can be used both.

Packet Capture Using Ethereal. Definition for Sniffer: A program and/or device that monitors data traveling over a network. Sniffers can be used both.
Lesson 19: Configuring Windows Firewall

Lesson 19: Configuring Windows Firewall
Passive traffic measurement Capturing actual Internet packets in order to measure: –Packet sizes –Traffic volumes –Application utilisation –Resource utilisation.

Passive traffic measurement Capturing actual Internet packets in order to measure: –Packet sizes –Traffic volumes –Application utilisation –Resource utilisation.
© 2006, The Technology Firm WWW.THETECHFIRM.COM Ethereal The Technology Firm.

© 2006, The Technology Firm Ethereal The Technology Firm.
Cisco Confidential 1 © 2011 Cisco and/or its affiliates. All rights reserved.

Cisco Confidential 1 © 2011 Cisco and/or its affiliates. All rights reserved.
PROJECT IN COMPUTER SECURITY MONITORING BOTNETS FROM WITHIN FINAL PRESENTATION – SPRING 2012 Students: Shir Degani, Yuval Degani Supervisor: Amichai Shulman.

PROJECT IN COMPUTER SECURITY MONITORING BOTNETS FROM WITHIN FINAL PRESENTATION – SPRING 2012 Students: Shir Degani, Yuval Degani Supervisor: Amichai Shulman.
Wireshark Presented By: Hiral Chhaya, Anvita Priyam.

Wireshark Presented By: Hiral Chhaya, Anvita Priyam.
1 Ethereal.  Freeware sniffing tool.  Captures live network traffic.  The user interface separates it from other sniffers.

1 Ethereal.  Freeware sniffing tool.  Captures live network traffic.  The user interface separates it from other sniffers.
University of Calgary – CPSC 441.  Wireshark (originally named Ethereal)is a free and open-source packet analyzer.  It is used for network troubleshooting,

University of Calgary – CPSC 441.  Wireshark (originally named Ethereal)is a free and open-source packet analyzer.  It is used for network troubleshooting,
NMS LAB2 EXPENSES  Software  Hardware and OS for software  Training  Extra usage of work time (active use of SNMP - software etc.)  New SNMP enabled.

NMS LAB2 EXPENSES  Software  Hardware and OS for software  Training  Extra usage of work time (active use of SNMP - software etc.)  New SNMP enabled.
CPSC 441 Tutorial TA: Fang Wang The content of these slides are taken from CPSC 526 TUTORIAL by Nashd Safa (Extended and partially modified)

CPSC 441 Tutorial TA: Fang Wang The content of these slides are taken from CPSC 526 TUTORIAL by Nashd Safa (Extended and partially modified)
COEN 252 Computer Forensics

COEN 252 Computer Forensics
Lab How to Use WANem Last Update 2011.08.01 1.1.0 Copyright 2011 Kenneth M. Chipps Ph.D. www.chipps.com 1.

Lab How to Use WANem Last Update Copyright 2011 Kenneth M. Chipps Ph.D. 1.
Firewall and Internet Access Mechanism that control (1)Internet access, (2)Handle the problem of screening a particular network or an organization from.

Firewall and Internet Access Mechanism that control (1)Internet access, (2)Handle the problem of screening a particular network or an organization from.

Similar presentations

Ads by Google