Presentation is loading. Please wait.

Presentation is loading. Please wait.

Module 4: Packet analysis

Published byEdwina Schumacher Modified over 5 years ago

Similar presentations

Presentation on theme: "Module 4: Packet analysis"— Presentation transcript:

1 Module 4: Packet analysis

2 A packet analyzer is a computer application used to track, intercept and log network traffic that passes over a digital network. It analyzes network traffic and generates a customized report to assist organizations in managing their networks. Packet analyzers also may be used by hackers to intrude on networks and steal information from network transmissions. A packet analyzer is also known as a sniffer, network analyzer or protocol analyzer.

3 A network manager must be vigilant to analyze and protect network traffic from threats and low performance. Managers should troubleshoot the network often to ensure that it provides an efficient and fast network traffic environment. A packet analyzer shows the complete status of all network activities by providing a complete picture of bandwidth and resources utilization. If a resource is using too much bandwidth, the network manager can release the resource by interrupting the process. However, newly deployed applications and network nodes may have some configuration and working issues, but these can be solved within seconds using the packet analyzer. Every action of a packet analyzer is performed in real time.

4 The key functions and uses of packet analyzers include:
Analyzing network issues and problems Monitoring network security by detecting unauthorized attempts to hack the network Isolating elements causing harm Monitoring overall WAN bandwidth (and individual user consumption) Generating a complete report of network statistics organized in tabular form, graphic charts or as straight data Monitoring data being transferred or in motion Monitoring the overall WAN/LAN and user/endpoint security issues and statuses

5 Filtering unwanted contents and preventing unauthorized access
Performing debugging operations on the client/server side for communication errors/issues Monitoring proxy server configuration, firewall status and configuration, spam protection and other security aspects Serving as the primary data source for day-to-day network monitoring and management Reverse engineering proprietary protocols over the network

6

7 Why include packet analysis?
Network packet analysis is included in this module to help you understand networks, network communication, and specifically the Open Systems Interconnection (OSI) model better. When you understand the construction of network packets on a bit level, everything you have learned about networks will make much more sense.

8 Network analysis can also be done in a practical manner using software specifically written for this purpose, such as Wireshark. This module, however, only aims to help you understand the construction of network packets on a theoretical level so that you gain a better understanding of the four selected protocols that we will focus on here, namely TCP, UDP, IP and ICMP. In short, you will examine examples of packets from each of the above-mentioned protocols on a bit level.

9 Where to listen for packets?
Network packets can be captured for analysis purposes from any part of physical or wireless transmissions/communications, but also simply on a computer connected to a network. What are some of the tools available for packet analysis? Tools available for packet analysis include: Wireshark Network Packet Analyzer CAPSA – Javvin Technologies, Inc. NetScout Network Packet Analysis Fluke Networks Analyzers.

10 What is a packet? A packet is a unit of data that is routed between an origin and a destination on the Internet or any other packet-switched network. The individual packets for a given file may travel different routes through the Internet. When they have all arrived, they are reassembled into the original file (by the TCP layer at the receiving end).

11 What is a frame? TCP/IP does not define any specific protocol for the data link layer. It supports all of the standard and proprietary protocols. At this level, the communication is also between two hops or nodes. The unit of communication, however, is a packet called a frame . A frame is a packet that encapsulates the data received from the network layer with an added header and sometimes a trailer.

12 In networking, a frame is a unit of data
In networking, a frame is a unit of data. A frame works to help identify data packets used in networking and telecommunications structures. Frames also help to determine how data receivers interpret a stream of data from a source. In addition to other communication information, the header includes the source and destination of the frame. The destination address is needed to define the right recipient of the frame because many nodes may have been connected to the link. The source address is needed for possible response or acknowledgment as may be required by some protocols.

13

14

15

16 A more appropriate generic term would be protocol data unit, or PDU
A more appropriate generic term would be protocol data unit, or PDU. The specific name for a PDU depends on which layer of the OSI model the data unit is in. At layer 5, 6 or 7 of the OSI model, the actual construction of the PDU depends on the specific application. At these layers, you could simply refer to the PDU as data.

17 At layer 4, the transport layer of the OSI model, if the protocol stack is TCP, the PDU is called a segment. It is called a segment because at the transport layer, the data is segmented into chunks, and a TCP header is added. At layer 3, the network layer of the OSI model, if the protocol stack is TCP, the PDU is called a packet. The network layer encapsulates each TCP segment into an IP packet by adding a header that includes the destination IP address.

18 At layer 2, the data link layer, the PDU is called a frame
At layer 2, the data link layer, the PDU is called a frame. The data link layer encapsulates one or more packet(s) into a frame by adding the physical address of the source and destination, and adds a frame sequence number. At layer 1, the physical layer, the PDU is called a bit. The physical layer includes the electronic network circuitry and connection media like fibre optic cables. It is the layer where data is physically moved across the network.

19 Unit 1: User Datagram Protocol (UDP)
Introduction UDP is located between the application layer and the IP layer, and acts as the intermediary between the application programs and the network operations. UDP (User Datagram Protocol) is an alternative communications protocol to Transmission Control Protocol (TCP) used primarily for establishing low-latency and loss tolerating connections between applications on the Internet. Both UDP and TCP run on top of the Internet Protocol (IP) and are sometimes referred to as UDP/IP or TCP/IP. Both protocols send short packets of data, called datagrams.

20 Position of UDP in the TCP/IP protocol suite

21

22 Source Port: This field contains the port number used by the process running on the source host. It is 16 bits long, which means that the port number can range from 0 to 65,535. If the source host is the client (i.e. a client sending a request), the port number is, in most cases, an ephemeral port number requested by the process and chosen by the UDP software running on the source host. If the source host is the server (i.e. a server sending a response), the port number is, in most cases, a well-known port number. Destination Port: This field contains the port number used by the process running on the destination host. It is also 16 bits long. If the destination host is the server (i.e. a client sending a request), the port number is, in most cases, a well-known port number. If the destination host is the client (i.e. a server sending a response), the port number is, in most cases, an ephemeral port number. In the latter case, the server copies the ephemeral port number it received in the request packet.

23 Length: This is a 16-bit field that defines the total length of the user datagram (header plus data). The 16 bits can define a total length of 0 to 65,535 bytes. However, the total length needs to be much less because a UDP user datagram is stored in an IP datagram with the total length of 65,535 bytes. The Length field is not necessary in a UDP user datagram. A user datagram is encapsulated in an IP datagram. There is a field in the IP datagram that defines the total length. There is another field in the IP datagram that defines the length of the header. Therefore, if we subtract the value of the second field from the first, we can determine the length of the UDP datagram that is encapsulated in an IP datagram.

24 Checksum: This field is used to detect errors over the entire user datagram (header plus data).
Well-known ports used with UDP Below is a list of well-known ports that are used with UDP. Port Protocol Description Echo Echoes a received datagram back to the sender Discard Discards any datagram that is received Users Active users Daytime Returns the date and the time Quote Returns a quote of the day Chargen Returns a string of characters Domain Domain Name Service (DNS) Bootps Server port to download bootstrap information Bootpc Client port to download bootstrap information TFTP Trivial File Transfer Protocol RPC Remote Procedure Call NTP Network Time Protocol SNMP Simple Network Management Protocol SNMP Simple Network Management Protocol (trap) ________________________________________________________________________________________________________________

Download ppt "Module 4: Packet analysis"

Similar presentations

CCNA – Network Fundamentals

CCNA – Network Fundamentals
Chapter 7: Transport Layer

Chapter 7: Transport Layer
UDP - User Datagram Protocol UDP – User Datagram Protocol Author : Nir Shafrir Reference The TCP/IP Guide - (http://www.TCPIPGuide.com) Version 3.0 - Version.

UDP - User Datagram Protocol UDP – User Datagram Protocol Author : Nir Shafrir Reference The TCP/IP Guide - ( Version Version.
Securing TCP/IP Chapter 6. Introduction to Transmission Control Protocol/Internet Protocol (TCP/IP) TCP/IP comprises a suite of four protocols The protocols.

Securing TCP/IP Chapter 6. Introduction to Transmission Control Protocol/Internet Protocol (TCP/IP) TCP/IP comprises a suite of four protocols The protocols.
Process-to-Process Delivery:

Process-to-Process Delivery:
Lesson 24. Protocols and the OSI Model. Objectives At the end of this Presentation, you will be able to:

Lesson 24. Protocols and the OSI Model. Objectives At the end of this Presentation, you will be able to:
Chapter 9.

Chapter 9.
Presentation on Osi & TCP/IP MODEL

Presentation on Osi & TCP/IP MODEL
Lecture 2 TCP/IP Protocol Suite Reference: TCP/IP Protocol Suite, 4 th Edition (chapter 2) 1.

Lecture 2 TCP/IP Protocol Suite Reference: TCP/IP Protocol Suite, 4 th Edition (chapter 2) 1.
What is a Protocol A set of definitions and rules defining the method by which data is transferred between two or more entities or systems. The key elements.

What is a Protocol A set of definitions and rules defining the method by which data is transferred between two or more entities or systems. The key elements.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Network Services Networking for Home and Small Businesses – Chapter.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Network Services Networking for Home and Small Businesses – Chapter.
Hyung-Min Lee©Networking Lab., 2001 Chapter 11 User Datagram Protocol (UDP)

Hyung-Min Lee©Networking Lab., 2001 Chapter 11 User Datagram Protocol (UDP)
Jaringan Komputer Dasar OSI Transport Layer Aurelio Rahmadian.

Jaringan Komputer Dasar OSI Transport Layer Aurelio Rahmadian.
Huda AL_Omairl - Network 71 Protocols and Network Software.

Huda AL_Omairl - Network 71 Protocols and Network Software.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Network Services Networking for Home and Small Businesses – Chapter 6.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Network Services Networking for Home and Small Businesses – Chapter 6.
1 Microsoft Windows 2000 Network Infrastructure Administration Chapter 4 Monitoring Network Activity.

1 Microsoft Windows 2000 Network Infrastructure Administration Chapter 4 Monitoring Network Activity.
1 Pertemuan 5 Networking Models. Discussion Topics Using layers to analyze problems in a flow of materials Using layers to describe data communication.

1 Pertemuan 5 Networking Models. Discussion Topics Using layers to analyze problems in a flow of materials Using layers to describe data communication.
Page 12/9/2016 Chapter 10 Intermediate TCP : TCP and UDP segments, Transport Layer Ports CCNA2 Chapter 10.

Page 12/9/2016 Chapter 10 Intermediate TCP : TCP and UDP segments, Transport Layer Ports CCNA2 Chapter 10.
1 Kyung Hee University Chapter 11 User Datagram Protocol.

1 Kyung Hee University Chapter 11 User Datagram Protocol.
Network Models. The OSI Model Open Systems Interconnection (OSI). Developed by the International Organization for Standardization (ISO). Model for understanding.

Network Models. The OSI Model Open Systems Interconnection (OSI). Developed by the International Organization for Standardization (ISO). Model for understanding.

Similar presentations

Ads by Google