• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Network Forensic   Packet Analysis Using Wireshark

Network Forensic Packet Analysis Using Wireshark






Total Views
Views on SlideShare
Embed Views



21 Embeds 540

http://tamahawk-techguru.blogspot.in 247
http://tamahawk-techguru.blogspot.com 180
http://www.linkedin.com 60
https://www.linkedin.com 12
http://tamahawk-techguru.blogspot.co.uk 8
http://tbasu.com 5
http://tamahawk-techguru.blogspot.com.br 5
http://tamahawk-techguru.blogspot.it 4
http://tamahawk-techguru.blogspot.se 3
http://tamahawk-techguru.blogspot.de 2
http://tamahawk-techguru.blogspot.tw 2
http://tamahawk-techguru.blogspot.co.il 2
http://tamahawk-techguru.blogspot.sg 2
http://tamahawk-techguru.blogspot.com.au 1
http://tamahawk-techguru.blogspot.ae 1
http://tamahawk-techguru.blogspot.fr 1
http://tamahawk-techguru.blogspot.co.nz 1
http://tamahawk-techguru.blogspot.ca 1
http://tamahawk-techguru.blogspot.hk 1
http://www.tamahawk-techguru.blogspot.in 1
http://tamahawk-techguru.blogspot.ie 1



Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

    Network Forensic   Packet Analysis Using Wireshark Network Forensic Packet Analysis Using Wireshark Presentation Transcript

    • Network S niffing and P acket Analysis Using Wireshark C ombined null and O W A S P meet B angalore 1101/0011/1010 ta m a g hna .ba s u@g m a il.c om ta m a ha w k -tec hg uru.blo g s pot.c om tw itter.c om /tita nla m bda
    • • D ifficult to put all thesethings together• E xisting sessions – 100 –150 slides• Time C onstraint
    • Topics • Why? • What? • How ? • B as ic sniffing techniques • Intro to wireshark • C losure look at protocols • C ase S tudies
    • P rerequisite:• P atience• P atience• P atienceAND Or M ay be...
    • Why sniffing/packet analysis • Why you? • Why M e? • Why O thers?
    • P urpose of sniffing and packet analysis● A million different things can go wrong with a computer network,from a simple spyware infection to a complex router configurationerror.● P acket level is the most basic level where nothing is hidden.●Understand the network, who is on a network, whom yourcomputer is talking to, What is the network us age, any s uspiciouscommunication (D O S , botnet, Intrus ion attempt etc)●Find uns ecured and bloated applications – FTP sends cleartextauthentication data●O ne phase of computer forensic - could reveal data otherwisehidden s omewhere in a 150 G B HD D .
    • What is this?• Also known as packet sniffing, protocol analysis etc.• Three P hases - • C ollection – promiscuous mode • C onversion – UI based tools are better • Analysis – P rotocol level, setting rules etc• G et various data like text content, files, clear textauthentication details etc.• Tools •S niffer – wireshark, cain and abel, tcpdump (commnd line tool), networkminer • P acket Analysis – wireshark, networkminer, xplico etc
    • S niffing Techniques• P romiscuous mode• Hub environment• S witch environment • P ort mirroring • Hubbing out the target network/machine • AR P cache poisoning /AR P spoofing
    • Wireshark: History G erald C ombs , a computer science graduate ofthe University of M iss ouri at Kansas C ity,originally developed it out of necessity.The very firs t version of C ombs’ application,called E thereal, was releas ed in 1998 under theG NU P ublic Licens e (GP L).E ight years after releasing E thereal, C ombs lefthis job and rebranded the project as Wiresharkin mid-2006.
    • Wireshark: Features • GPL • Available in all platform • Both live and offline analysis • Understands almost all protocols, if not, add it – open source • Filter/search packets, E xperts comment, Follow TC P S tream, Flow G raph etc • P lenty of tutorials /documentation available • G et sample captured packets for study - http:/ wiki.wireshark.org/ ampleC aptures / S• D em o: L ets s ta rt ea ting . Feed yo ur bra in. :)
    • S tarters: P rotocol diagnosis • AR P • D HC P •HTTP / PTC • D NS • FTP • Telnet • IC M P • S M TP
    • D eserts: C ase S tudies • FTP C rack • B las ter worm • OS fingerprinting • P ort S canning • IC M P C overt C hannel • B rowser Hijacking - spyware
    • M outh Freshner: Honeynet C hallenge • C hallenge 1 • P roblem S tatement • Analysis • Tools used • S olution
    • M ainC ourse? ? ? ?“Tell me and I forget. Showme and I remember. Involveme and I understand.” -chinese proverb
    • Thank you for witnessing thishistorical moment...A ns w ers a nd D is c us s io ns ? ta m a g hna .ba s u@g m a il.c om ta m a ha w k -tec hg uru.blo g s pot.c om tw itter.c om /tita nla m bda