Network Forensics: Packet Analysis Using Wireshark
Upcoming SlideShare
Loading in...5
×
 

Network Forensics: Packet Analysis Using Wireshark

on

  • 6,705 views

Talk on the recent IE8 exploit for pwn2own 2010

Talk on the recent IE8 exploit for pwn2own 2010

Statistics

Views

Total Views
6,705
Views on SlideShare
6,597
Embed Views
108

Actions

Likes
2
Downloads
143
Comments
0

5 Embeds 108

http://null.co.in 74
http://www.slideshare.net 25
http://nullpresentations.blogspot.com 7
http://translate.googleusercontent.com 1
http://nullpresentations.blogspot.fr 1

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Network Forensics: Packet Analysis Using Wireshark Network Forensics: Packet Analysis Using Wireshark Presentation Transcript

    • Network S niffing and P acket Analysis Using Wireshark C ombined null and O W A S P meet B angalore 1101/0011/1010 ta m a g hna .ba s u@g m a il.c om ta m a ha w k -tec hg uru.blo g s pot.c om tw itter.c om /tita nla m bda
    • • D ifficult to put all these things together • E xisting sessions – 100 – 150 slides • Time C onstraint
    • Topics • Why? • What? • How ? • B as ic sniffing techniques • Intro to wireshark • C losure look at protocols • C ase S tudies
    • P rerequisite: • P atience • P atience • P atience AND Or M ay be...
    • Why sniffing/packet analysis • Why you? • Why M e? • Why O thers?
    • P urpose of sniffing and packet analysis ● A million different things can go wrong with a computer network, from a simple spyware infection to a complex router configuration error. ● P acket level is the most basic level where nothing is hidden. ●Understand the network, who is on a network, whom your computer is talking to, What is the network us age, any s uspicious communication (D O S , botnet, Intrus ion attempt etc) ●Find uns ecured and bloated applications – FTP sends cleartext authentication data ●O ne phase of computer forensic - could reveal data otherwise hidden s omewhere in a 150 G B HD D .
    • What is this? • Also known as packet sniffing, protocol analysis etc. • Three P hases - • C ollection – promiscuous mode • C onversion – UI based tools are better • Analysis – P rotocol level, setting rules etc • G et various data like text content, files, clear text authentication details etc. • Tools •S niffer – wireshark, cain and abel, tcpdump (commnd line tool), networkminer • P acket Analysis – wireshark, networkminer, xplico etc
    • S niffing Techniques • P romiscuous mode • Hub environment • S witch environment • P ort mirroring • Hubbing out the target network/machine • AR P cache poisoning /AR P spoofing
    • Wireshark: History G erald C ombs , a computer science graduate of the University of M iss ouri at Kansas C ity, originally developed it out of necessity. The very firs t version of C ombs’ application, called E thereal, was releas ed in 1998 under the G NU P ublic Licens e (GP L). E ight years after releasing E thereal, C ombs left his job and rebranded the project as Wireshark in mid-2006.
    • Wireshark: Features • GPL • Available in all platform • Both live and offline analysis • Understands almost all protocols, if not, add it – open source • Filter/search packets, E xpert's comment, Follow TC P S tream, Flow G raph etc • P lenty of tutorials /documentation available • G et sample captured packets for study - http:/ wiki.wireshark.org/ ampleC aptures / S • D em o: L et's s ta rt ea ting . Feed yo ur bra in. :)
    • S tarters: P rotocol diagnosis • AR P • D HC P •HTTP / PTC • D NS • FTP • Telnet • IC M P • S M TP
    • D eserts: C ase S tudies • FTP C rack • B las ter worm • OS fingerprinting • P ort S canning • IC M P C overt C hannel • B rowser Hijacking - spyware
    • M outh Freshner: Honeynet C hallenge • C hallenge 1 • P roblem S tatement • Analysis • Tools used • S olution
    • M ainC ourse? ? ? ? “Tell me and I forget. Show me and I remember. Involve me and I understand.” - chinese proverb
    • Thank you for witnessing this historical moment... A ns w ers a nd D is c us s io ns ? ta m a g hna .ba s u@g m a il.c om ta m a ha w k -tec hg uru.blo g s pot.c om tw itter.c om /tita nla m bda