Your SlideShare is downloading. ×
Packet analysis (Basic)
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Introducing the official SlideShare app

Stunning, full-screen experience for iPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Packet analysis (Basic)

1,089
views

Published on


0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,089
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
147
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Network Packet Analysis (basic) Technical Workshop (25 Oktober 2012) Ahmad Muammar W.K. OSCPTuesday, January 22, 13
  • 2. Introduction • A.K.A y3dips • Pro. Bandwidth Hunter • IT(Sec) Consultant/Pentester/py.Coder • Founder echo.or.id, ubuntu-id, idsecconf • @y3dips, me@ammar.web.id Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13
  • 3. Packet Analysis • Captured Network Traffic • Analyze the protocols, carve out the files, search for strings Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13
  • 4. Packet Analysis • Analyze fileds within protocols • Analyze Protocols within packets • Analyze Packets within streams • Reconstruct higher-layer protocols Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13
  • 5. Issue Found • Too many stream packet • Packet corrupted or truncated • Contents encrypted at different layers • Unstandard protocols Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13
  • 6. Protocol Analysis • Examination of one or more fields within the protocol’s data structure. Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13
  • 7. Packet Analysis • Packet Analysis Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13
  • 8. WiresharkWorkshop Network Packet Analysis Technical (25 Oktober 2012) Ahmad Muammar W.K. OSCP Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13
  • 9. WireShark Advance Usage Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13
  • 10. Wireshark Display • Packet List • Packet Details • Packet Bytes Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13
  • 11. Packet List Packet List Packet Details Packet Bytes Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13
  • 12. Wireshark Coloring Rules Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13
  • 13. Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13
  • 14. Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13
  • 15. Wireshark Capture Filters Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13
  • 16. Capture Filters for the shake of the performance Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13
  • 17. Capture/BPF syntax • Type: host, net, port • Direction: src, dst • Proto: ether, ip, tcp, udp • Logical oepration: &&, ||, ! Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13
  • 18. Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13
  • 19. Capture Filters • Filtering the host • host ipv4/ipv6 • host hostname • ether host mac (00-11-22-33-44-55) • src/dst host 192.168.1.1 Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13
  • 20. Capture Filters • Filtering the Protocol/Port • port 443 • !port 443 • protocol name (e.g: icmp) • !protocol name (e.g !icmp) Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13
  • 21. Capture Filters • Protocol Field • icmp[0] == 3 (unreachable) • icmp[0] == 8 (echo request) • tcp[13] & 4 == 4 (RST) • tcp[13] & 1 == 1 (FIN) Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13
  • 22. Display Filters See only what you wanna see Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13
  • 23. Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13
  • 24. Display Filters • !tcp.port=443 • tcp.flag.syn=1 • !arp • tcp.port==21 || tcp.port==23 • smtp || pop || imap Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13
  • 25. Packet Analysis Wrong Dissector Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13
  • 26. Protocol Dissector • Allow Wireshark to automatically break down into various section so that it can be analyzed • Translator, decoder • Not work for non-standard/default port. Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13
  • 27. Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13
  • 28. Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13
  • 29. Wrong Dissector • So its an SSL traffic • But, why we able to see all info • FTP Traffic using port 443? • Decode it with FTP Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13
  • 30. Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13
  • 31. Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13
  • 32. Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13
  • 33. Packet Analysis Reconstruct File and Data Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13
  • 34. Reconstruct Data • nc -lv 110 > confidential.pdf • nc -vv 192.168.1.222 110 < confidential.pdf • non standard port send pdf and zip Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13
  • 35. Packet Analysis Reconstruct PDF File Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13
  • 36. Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13
  • 37. Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13
  • 38. Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13
  • 39. Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13
  • 40. Packet Analysis Reconstruct Zip File from NC file transfer Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13
  • 41. Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13
  • 42. Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13
  • 43. Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13
  • 44. Packet Analysis Reconstruct Zip File from FTP server Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13
  • 45. Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13
  • 46. Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13
  • 47. Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13
  • 48. Packet Analysis Decrypting and decode ssl packet Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13
  • 49. Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13
  • 50. Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13
  • 51. Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13
  • 52. Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13
  • 53. Network Packet Analysis Technical Workshop (25 Oktober 2012) Ahmad Muammar W.K. OSCP Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13