Presentation is loading. Please wait.

Presentation is loading. Please wait.

@packetjay Fun and games until someone uses IPv6 or TCP.

Published byLaurel King Modified over 8 years ago

Similar presentations

Presentation on theme: "@packetjay Fun and games until someone uses IPv6 or TCP."— Presentation transcript:

1 @packetjay Fun and games until someone uses IPv6 or TCP

2

3  PCAP = Packet CAPture binary log of network packets binary log of network packets old format, being replaced by PCAPng old format, being replaced by PCAPng  Written by tcpdump, Wireshark (using dumpcap), Snort, and other tools

4  Similar to editing packets for packet replay  Removing sensitive details User Credentials User Credentials Network topology (IP addresses etc.) Network topology (IP addresses etc.) Device & software version information Device & software version information Vulnerable protocols Vulnerable protocols Payloads Payloads

5

6  Network analysts often require to keep packets only up to the TCP layer often require to keep packets only up to the TCP layer look at packet loss, timings, TCP being messed up by obscure middle boxes look at packet loss, timings, TCP being messed up by obscure middle boxes sometimes need details like FQDNs or URLs sometimes need details like FQDNs or URLs

7  Security Analysts/Researchers usually don't care that much about Ethernet / ARP / IPv4 / TCP / UDP headers usually don't care that much about Ethernet / ARP / IPv4 / TCP / UDP headers Need to keep the malware / exploit delivery process intact: FQDNs, URLs, binary payloads Need to keep the malware / exploit delivery process intact: FQDNs, URLs, binary payloads

8  Balance between removing details and remaining usefulness  One packet vs. many  Protocol complexity  Procotol dependencies  Defensive Transformation

9  Hex Editors  Wireshark Edit Feature only in GTK at this time only in GTK at this time  WireEdit

10  bittwiste, tcprewrite  pktanon http://www.tm.uka.de/software/pktanon/ http://www.tm.uka.de/software/pktanon/ http://www.tm.uka.de/software/pktanon/  pcaplib http://sourceforge.net/projects/pcaplib/ http://sourceforge.net/projects/pcaplib/ http://sourceforge.net/projects/pcaplib/  TraceWrangler https://www.tracewrangler.com https://www.tracewrangler.com https://www.tracewrangler.com

11  Example: replacing an IPv4 Address Generate a new 32bit value and assign it Generate a new 32bit value and assign it Random, 1:1 rule, network rule Random, 1:1 rule, network rule  Problems: Special IP addresses (0.0.0.0, 127.0.0.0/8) Special IP addresses (0.0.0.0, 127.0.0.0/8) Multicast range (224.0.0.0/4) Multicast range (224.0.0.0/4) Mapping to the same replacement Mapping to the same replacement

12  Well known vs. arbitrary ports  Payloads may be split across multiple packets (uh oh!) Reassembly may be neccessary Reassembly may be neccessary What about missing packets & retransmissions? What about missing packets & retransmissions?  Replacement size differences matter

13  Example: IPv6 Neighbor Solicitation  Address dependencies: MAC MAC IPv6 IPv6 Multicast Multicast

14  Even DNS can be complicated Runs on UDP (mostly) but TCP sometimes, too Runs on UDP (mostly) but TCP sometimes, too Contains FQDNs in most cases Contains FQDNs in most cases  Replacing FQDNs is not easy Subelements need be consistently replaced Subelements need be consistently replaced „test.packet-foo.com“ -> „something.secret.com“ „test.packet-foo.com“ -> „something.secret.com“ „abc.def.packet-foo.com“ -> „wut.xyz.secret.com“ „abc.def.packet-foo.com“ -> „wut.xyz.secret.com“

15

16  Mail:jasper@packet-foo.com jasper@packet-foo.com  Web:blog.packet-foo.com  Twitter:@packetjay

Download ppt "@packetjay Fun and games until someone uses IPv6 or TCP."

Similar presentations

CST 415 - Computer Networks NAT CST 415 4/10/2017 CST 415 - Computer Networks.

CST Computer Networks NAT CST 415 4/10/2017 CST Computer Networks.
TCP/IP Protocol Suite 1 Chapter 27 Upon completion you will be able to: Next Generation: IPv6 and ICMPv6 Understand the shortcomings of IPv4 Know the IPv6.

TCP/IP Protocol Suite 1 Chapter 27 Upon completion you will be able to: Next Generation: IPv6 and ICMPv6 Understand the shortcomings of IPv4 Know the IPv6.
Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.

Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.
IPv6. Major goals 1.support billions of hosts, even with inefficient address space allocation. 2.reduce the size of the routing tables. 3.simplify the.

IPv6. Major goals 1.support billions of hosts, even with inefficient address space allocation. 2.reduce the size of the routing tables. 3.simplify the.
Network Layer IPv6 Slides were original prepared by Dr. Tatsuya Suda.

Network Layer IPv6 Slides were original prepared by Dr. Tatsuya Suda.
2: Comparing IPv4 and IPv6 Rick Graziani Cabrillo College

2: Comparing IPv4 and IPv6 Rick Graziani Cabrillo College
Umut Girit 200535027.  One of the core members of the Internet Protocol Suite, the set of network protocols used for the Internet. With UDP, computer.

Umut Girit  One of the core members of the Internet Protocol Suite, the set of network protocols used for the Internet. With UDP, computer.
Introduction to TCP/IP TCP / IP –including 2 protocols Protocol : = a set of rules that govern the communication between different devices Protocol : =

Introduction to TCP/IP TCP / IP –including 2 protocols Protocol : = a set of rules that govern the communication between different devices Protocol : =
© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—1-1 Building a Simple Network Understanding the TCP/IP Internet Layer.

© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—1-1 Building a Simple Network Understanding the TCP/IP Internet Layer.
IS333, Ch. 26: TCP Victor Norman Calvin College 1.

IS333, Ch. 26: TCP Victor Norman Calvin College 1.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Communicating over the Network Network Fundamentals – Chapter 2.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Communicating over the Network Network Fundamentals – Chapter 2.
The Network Layer Chapter 5. The IP Protocol The IPv4 (Internet Protocol) header.

The Network Layer Chapter 5. The IP Protocol The IPv4 (Internet Protocol) header.
Chapter 5 The Network Layer.

Chapter 5 The Network Layer.
Chapter 14 TCP/IP and Routing Part #1 Unix System Administration.

Chapter 14 TCP/IP and Routing Part #1 Unix System Administration.
Oct 21, 2004CS573: Network Protocols and Standards1 IP: Addressing, ARP, Routing Network Protocols and Standards Autumn 2004-2005.

Oct 21, 2004CS573: Network Protocols and Standards1 IP: Addressing, ARP, Routing Network Protocols and Standards Autumn
Understanding Networks. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.

Understanding Networks. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.
IP Routing: an Introduction. Quiz 0-31 32-63 64-95 96-127 128-159 160-191 192-223 224-255.

IP Routing: an Introduction. Quiz
What Can IP Do? Deliver datagrams to hosts – The IP address in a datagram header identify a host IP treats a computer as an endpoint of communication Best.

What Can IP Do? Deliver datagrams to hosts – The IP address in a datagram header identify a host IP treats a computer as an endpoint of communication Best.
Wireshark Presented By: Hiral Chhaya, Anvita Priyam.

Wireshark Presented By: Hiral Chhaya, Anvita Priyam.
Protocol Headers Pre DA SA 0800h … version H L 6 TCP Header Data FCS

Protocol Headers Pre DA SA 0800h … version H L 6 TCP Header Data FCS

Similar presentations

Ads by Google