SlideShare a Scribd company logo

an_introduction_to_network_analyzers_new.ppt

Download as PPT, PDF
I
Iwan89629

PPT Network analyzer

Software
1 of 18
An introduction to Network Analyzers Dr. Farid Farahmand 3/23/2009
Network Analysis and Sniffing  Process of capturing, decoding, and analyzing network traffic  Why is the network slow  What is the network traffic pattern  How is the traffic being shared between nodes  Also known as  traffic analysis, protocol analysis, sniffing, packet analysis, eavesdropping*, etc. *Listen secretly to what is said in private!
Network Analyzer  A combination of hardware and software tools what can detect, decode, and manipulate traffic on the network  Passive monitoring (detection) - Difficult to detect  Active (attack)  Available both free and commercially  Mainly software-based (utilizing OS and NIC)  Also known as sniffer  A program that monitors the data traveling through the network passively  Common network analyzers  Wireshark / Ethereal  Windump  Etherpeak  Dsniff  And much more…. Read: Basic Packet-Sniffer Construction from the Ground Up! by Chad Renfro Checkout his program: sniff.c
Network Analyzer Components  Hardware  Special hardware devices  Monitoring voltage fluctuation  Jitter (random timing variation)  Jabber (failure to handle electrical signals)  CRC and Parity Errors  NIC Card  Capture driver  capturing the data  Buffer  memory or disk-based  Real-time analysis  analyzing the traffic in real time; detecting any intrusions  Decoder  making data readable Capturing the data is easy! The question is what to do with it!
Who Uses Network Analyzers  System administrators  Understand system problems and performance  Malicious individuals (intruders)  Capture cleartext data  Passively collect data on vulnerable protocols  FTP, POP3, IMAP, SMATP, rlogin, HTTP, etc.  Capture VoIP data  Mapping the target network  Traffic pattern discovery  Actively break into the network (backdoor techniques)
Basic Operation  Ethernet traffic is broadcasted to all nodes on the same segment  Sniffer can capture all the incoming data when the NIC is in promiscuous mode:  ifconfig eth0 promisc  ifconfig eth0 –promisc  Default setup is non-promiscuous (only receives the data destined for the NIC)  Remember: a hub receives all the data!  If switches are used the sniffer must perform port spanning  Also known as port mirroring  The traffic to each port is mirrored to the sniffer
Port Monitoring
Protecting Against Sniffers  Spoofing the MAC is often referred to changing the MAC address (in Linux:)  ifconfig eth0 down  ifconfig eth0 hw ether 00:01:02:03:04:05  ifconfig eth0 up  Register the new MAC address by broadcasting it  ping –c 1 –b 192.168.1.1  To detect a sniffer (Linux)  Download Promisc.c)  ifconfig -a (search for promisc)  ip link (search for promisc)  To detect a sniffer (Windows)  Download PromiscDetect Remember: 00:01:02:03:04:05 MAC address (HWaddr)= Vender Address + Unique NIC #
Protecting Against Sniffers  Using switches can help  Use encryption  Making the intercepted data unreadable  Note: in many protocols the packet headers are cleartext!  VPNn use encryption and authorization for secure communications  VPN Methods  Secure Shell (SSH): headers are not encrypted  Secure Sockets Layer (SSL): high network level packet security; headers are not encrypted  IPsec: Encrypted headers but does not used TCP or UDP Remember: Never use unauthorized Sniffers at wok!
What is Wireshark?  Formerly called Ethereal  An open source program  free with many features  Decodes over 750 protocols  Compatible with many other sniffers  Plenty of online resources are available  Supports command-line and GUI interfaces  TSHARK (offers command line interface) has three components  Editcap (similar to Save as..to translate the format of captured packets)  Mergecap (combine multiple saved captured files)  Text2pcap (ASCII Hexdump captures and write the data into a libpcap output file) Remember: You must have a good understanding of the network before you use Sniffers effectively!
Installing Wireshark  Download the program from  www.wireshark.org/download.html  Requires to install capture drivers (monitor ports and capture all traveling packets)  Linux: libpcap  Windows: winpcap (www.winpcap.org)  Typically the file is in TAR format (Linux)  To install in Linux  rpm –ivh libpcap-0.9.4-8.1.i.386.rpm (install lipcap RPM)  rpm –q libpcap (query lipcap RPM)  tar –zxvf libpcap-0.9.5.tar.gz  ./config  make  sudo make install
Installing Wireshark  Packages that are needed for Installation  Ethereal (available in Fedora Core 4 disk #4)  ethereal—0.10.11.-2.i386.rpm  Ethereal GNOME User Interface  ethereal-gnome-0.10.11-2.i386.rpm  Log in as the ‘root’ user  Insert Fedora Code 4 Disk #4  Navigate to the following folder in the disk /Fedora/RPMS  Locate packages  ethereal—0.10.11.-2.i386.rpm  ethereal-gnome-0.10.11-2.i386.rpm  Copy the above packages to your system  Change directory to the packages location  cd <package_dir>  Install Ethereal  rpm –ivh ethereal—0.10.11.-2.i386.rpm  Install Ethereal GNOME user Interface  rpm –ivh ethereal-gnome-0.10.11-2.i386.rpm
Wireshark Window Menu Bar Summary Window Tool Bar Filter Bar Info Field Disp. Info field Protocol Tree Window Data View Window
Packet number 8 – BGP (Boarder Gateway Prot) Protocol Tree Window: Details of the selected packet (#8) Raw data (content of packet # 8)
Filtering BGP packets only
We continue in the lab….  Download the following files and copy them in your HW:  bgp_test  tcp_stream_analysis  follow_tcp_stream
A Little about Protocols…  Protocols are standard for communications  Ethernet is the most popular protocol standard to enable computer communication  Based on shared medium and broadcasting  Ethernet address is called MAC address  48 bit HW address coded in the RON of the NIC card  The first 12 bits represent the vender  The second 12 bits represent the serial number  Use: arp –a  Remember: IP address is logical addressing  Network layer is in charge of routing  Use: ipconfig
OSI Model  Physical  Data link; sublayers:  MAC: Physical addressing: moving packets from one NIC card to another  LLC (Logical Link Control) Flow control and error control  Network  Logical addressing (IP protocol)  Transport  Provides reliable end-to-end transport  Can be connectionless (UDP) or connection oriented (TCP)  Connection oriented requires ACK

Recommended

Open source network forensics and advanced pcap analysis
Open source network forensics and advanced pcap analysisOpen source network forensics and advanced pcap analysis
Open source network forensics and advanced pcap analysisGTKlondike
 
Low cost multi-sensor IDS system
Low cost multi-sensor IDS systemLow cost multi-sensor IDS system
Low cost multi-sensor IDS systemRobert Schrack
 
Ccna Imp Guide
Ccna Imp GuideCcna Imp Guide
Ccna Imp Guideabhijitgnbbl
 
Unix Web servers and FireWall
Unix Web servers and FireWallUnix Web servers and FireWall
Unix Web servers and FireWallwebhostingguy
 
Unix Web servers and FireWall
Unix Web servers and FireWallUnix Web servers and FireWall
Unix Web servers and FireWallwebhostingguy
 
Wireshark
Wireshark Wireshark
Wireshark antivirusspam
 
Penetration Testing Boot CAMP
Penetration Testing Boot CAMPPenetration Testing Boot CAMP
Penetration Testing Boot CAMPShaikh Jamal Uddin l CISM, QRadar, Hack Card Recovery Expert
 
For your final step, you will synthesize the previous steps and la
For your final step, you will synthesize the previous steps and laFor your final step, you will synthesize the previous steps and la
For your final step, you will synthesize the previous steps and laShainaBoling829
 

Recommended

Open source network forensics and advanced pcap analysis
Open source network forensics and advanced pcap analysisOpen source network forensics and advanced pcap analysis
Open source network forensics and advanced pcap analysisGTKlondike
 
Low cost multi-sensor IDS system
Low cost multi-sensor IDS systemLow cost multi-sensor IDS system
Low cost multi-sensor IDS systemRobert Schrack
 
Ccna Imp Guide
Ccna Imp GuideCcna Imp Guide
Ccna Imp Guideabhijitgnbbl
 
Unix Web servers and FireWall
Unix Web servers and FireWallUnix Web servers and FireWall
Unix Web servers and FireWallwebhostingguy
 
Unix Web servers and FireWall
Unix Web servers and FireWallUnix Web servers and FireWall
Unix Web servers and FireWallwebhostingguy
 
Wireshark
Wireshark Wireshark
Wireshark antivirusspam
 
Penetration Testing Boot CAMP
Penetration Testing Boot CAMPPenetration Testing Boot CAMP
Penetration Testing Boot CAMPShaikh Jamal Uddin l CISM, QRadar, Hack Card Recovery Expert
 
For your final step, you will synthesize the previous steps and la
For your final step, you will synthesize the previous steps and laFor your final step, you will synthesize the previous steps and la
For your final step, you will synthesize the previous steps and laShainaBoling829
 
Wireshark Inroduction Li In
Wireshark Inroduction Li InWireshark Inroduction Li In
Wireshark Inroduction Li Inmhaviv
 
SOFTWARE TOOLS(Bhavik).pptx
SOFTWARE TOOLS(Bhavik).pptxSOFTWARE TOOLS(Bhavik).pptx
SOFTWARE TOOLS(Bhavik).pptxKaran216380
 
Freeware Security Tools You Need
Freeware Security Tools You NeedFreeware Security Tools You Need
Freeware Security Tools You Needamiable_indian
 
Linux Based Advanced Routing with Firewall and Traffic Control
Linux Based Advanced Routing with Firewall and Traffic ControlLinux Based Advanced Routing with Firewall and Traffic Control
Linux Based Advanced Routing with Firewall and Traffic Controlsandy_vasan
 
Unix Web servers and FireWall
Unix Web servers and FireWallUnix Web servers and FireWall
Unix Web servers and FireWallwebhostingguy
 
CCNA FUNDAMENTAL
CCNA FUNDAMENTALCCNA FUNDAMENTAL
CCNA FUNDAMENTALEr Aadarsh Srivastava
 
wireshark.pdf
wireshark.pdfwireshark.pdf
wireshark.pdfssuserafc27c
 
Chapter 02
Chapter 02Chapter 02
Chapter 02cclay3
 
Nmap & Network sniffing
Nmap & Network sniffingNmap & Network sniffing
Nmap & Network sniffingMukul Sahu
 
IDS_WK_Arsalan.pptx
IDS_WK_Arsalan.pptxIDS_WK_Arsalan.pptx
IDS_WK_Arsalan.pptxaskaripayalo
 
Sectools
SectoolsSectools
Sectoolssecuredome
 
aaa
aaaaaa
aaahungnhatban
 
Snort
SnortSnort
SnortRahul Jain
 
How to Use GSM/3G/4G in Embedded Linux Systems
How to Use GSM/3G/4G in Embedded Linux SystemsHow to Use GSM/3G/4G in Embedded Linux Systems
How to Use GSM/3G/4G in Embedded Linux SystemsToradex
 
Ceh V5 Module 07 Sniffers
Ceh V5 Module 07 SniffersCeh V5 Module 07 Sniffers
Ceh V5 Module 07 SniffersMina Fawzy
 
It04 roshan basnet
It04 roshan basnetIt04 roshan basnet
It04 roshan basnetrosu555
 
Network monotoring
Network monotoringNetwork monotoring
Network monotoringProgrammer
 
Basic Introduction to Technology (networking).pdf
Basic Introduction to Technology (networking).pdfBasic Introduction to Technology (networking).pdf
Basic Introduction to Technology (networking).pdftthind
 
Open Source Tools for the Systems Administrator
Open Source Tools for the Systems AdministratorOpen Source Tools for the Systems Administrator
Open Source Tools for the Systems AdministratorCharles Profitt
 
Modul 2 - Footprinting Scanning Enumeration.ppt
Modul 2 - Footprinting Scanning Enumeration.pptModul 2 - Footprinting Scanning Enumeration.ppt
Modul 2 - Footprinting Scanning Enumeration.pptcemporku
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software DevelopersVinodh Ram
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...soniya singh
 

More Related Content

Similar to an_introduction_to_network_analyzers_new.ppt

Wireshark Inroduction Li In
Wireshark Inroduction Li InWireshark Inroduction Li In
Wireshark Inroduction Li Inmhaviv
 
SOFTWARE TOOLS(Bhavik).pptx
SOFTWARE TOOLS(Bhavik).pptxSOFTWARE TOOLS(Bhavik).pptx
SOFTWARE TOOLS(Bhavik).pptxKaran216380
 
Freeware Security Tools You Need
Freeware Security Tools You NeedFreeware Security Tools You Need
Freeware Security Tools You Needamiable_indian
 
Linux Based Advanced Routing with Firewall and Traffic Control
Linux Based Advanced Routing with Firewall and Traffic ControlLinux Based Advanced Routing with Firewall and Traffic Control
Linux Based Advanced Routing with Firewall and Traffic Controlsandy_vasan
 
Unix Web servers and FireWall
Unix Web servers and FireWallUnix Web servers and FireWall
Unix Web servers and FireWallwebhostingguy
 
Chapter 02
Chapter 02Chapter 02
Chapter 02cclay3
 
Nmap & Network sniffing
Nmap & Network sniffingNmap & Network sniffing
Nmap & Network sniffingMukul Sahu
 
IDS_WK_Arsalan.pptx
IDS_WK_Arsalan.pptxIDS_WK_Arsalan.pptx
IDS_WK_Arsalan.pptxaskaripayalo
 
How to Use GSM/3G/4G in Embedded Linux Systems
How to Use GSM/3G/4G in Embedded Linux SystemsHow to Use GSM/3G/4G in Embedded Linux Systems
How to Use GSM/3G/4G in Embedded Linux SystemsToradex
 
Ceh V5 Module 07 Sniffers
Ceh V5 Module 07 SniffersCeh V5 Module 07 Sniffers
Ceh V5 Module 07 SniffersMina Fawzy
 
It04 roshan basnet
It04 roshan basnetIt04 roshan basnet
It04 roshan basnetrosu555
 
Network monotoring
Network monotoringNetwork monotoring
Network monotoringProgrammer
 
Basic Introduction to Technology (networking).pdf
Basic Introduction to Technology (networking).pdfBasic Introduction to Technology (networking).pdf
Basic Introduction to Technology (networking).pdftthind
 
Open Source Tools for the Systems Administrator
Open Source Tools for the Systems AdministratorOpen Source Tools for the Systems Administrator
Open Source Tools for the Systems AdministratorCharles Profitt
 
Modul 2 - Footprinting Scanning Enumeration.ppt
Modul 2 - Footprinting Scanning Enumeration.pptModul 2 - Footprinting Scanning Enumeration.ppt
Modul 2 - Footprinting Scanning Enumeration.pptcemporku
 

Similar to an_introduction_to_network_analyzers_new.ppt (20)

Wireshark Inroduction Li In
Wireshark Inroduction Li InWireshark Inroduction Li In
Wireshark Inroduction Li In
 
SOFTWARE TOOLS(Bhavik).pptx
SOFTWARE TOOLS(Bhavik).pptxSOFTWARE TOOLS(Bhavik).pptx
SOFTWARE TOOLS(Bhavik).pptx
 
Freeware Security Tools You Need
Freeware Security Tools You NeedFreeware Security Tools You Need
Freeware Security Tools You Need
 
Linux Based Advanced Routing with Firewall and Traffic Control
Linux Based Advanced Routing with Firewall and Traffic ControlLinux Based Advanced Routing with Firewall and Traffic Control
Linux Based Advanced Routing with Firewall and Traffic Control
 
Unix Web servers and FireWall
Unix Web servers and FireWallUnix Web servers and FireWall
Unix Web servers and FireWall
 
CCNA FUNDAMENTAL
CCNA FUNDAMENTALCCNA FUNDAMENTAL
CCNA FUNDAMENTAL
 
wireshark.pdf
wireshark.pdfwireshark.pdf
wireshark.pdf
 
Chapter 02
Chapter 02Chapter 02
Chapter 02
 
Nmap & Network sniffing
Nmap & Network sniffingNmap & Network sniffing
Nmap & Network sniffing
 
IDS_WK_Arsalan.pptx
IDS_WK_Arsalan.pptxIDS_WK_Arsalan.pptx
IDS_WK_Arsalan.pptx
 
Sectools
SectoolsSectools
Sectools
 
aaa
aaaaaa
aaa
 
Snort
SnortSnort
Snort
 
How to Use GSM/3G/4G in Embedded Linux Systems
How to Use GSM/3G/4G in Embedded Linux SystemsHow to Use GSM/3G/4G in Embedded Linux Systems
How to Use GSM/3G/4G in Embedded Linux Systems
 
Ceh V5 Module 07 Sniffers
Ceh V5 Module 07 SniffersCeh V5 Module 07 Sniffers
Ceh V5 Module 07 Sniffers
 
It04 roshan basnet
It04 roshan basnetIt04 roshan basnet
It04 roshan basnet
 
Network monotoring
Network monotoringNetwork monotoring
Network monotoring
 
Basic Introduction to Technology (networking).pdf
Basic Introduction to Technology (networking).pdfBasic Introduction to Technology (networking).pdf
Basic Introduction to Technology (networking).pdf
 
Open Source Tools for the Systems Administrator
Open Source Tools for the Systems AdministratorOpen Source Tools for the Systems Administrator
Open Source Tools for the Systems Administrator
 
Modul 2 - Footprinting Scanning Enumeration.ppt
Modul 2 - Footprinting Scanning Enumeration.pptModul 2 - Footprinting Scanning Enumeration.ppt
Modul 2 - Footprinting Scanning Enumeration.ppt
 

Recently uploaded

Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software DevelopersVinodh Ram
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...soniya singh
 
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)jennyeacort
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideChristina Lin
 
Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Hr365.us smith
 
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样umasea
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackVICTOR MAESTRE RAMIREZ
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...Christina Lin
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureDinusha Kumarasiri
 
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsAhmed Mohamed
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)OPEN KNOWLEDGE GmbH
 
Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Velvetech LLC
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataBradBedford3
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityNeo4j
 
Folding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesFolding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesPhilip Schwarz
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWave PLM
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantAxelRicardoTrocheRiq
 
chapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptchapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptkotipi9215
 
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEECloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEEVICTOR MAESTRE RAMIREZ
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxTier1 app
 

Recently uploaded (20)

Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software Developers
 
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
 
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
 
Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)
 
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
办理学位证(UQ文凭证书)昆士兰大学毕业证成绩单原版一模一样
 
Cloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStackCloud Management Software Platforms: OpenStack
Cloud Management Software Platforms: OpenStack
 
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
ODSC - Batch to Stream workshop - integration of Apache Spark, Cassandra, Pos...
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with Azure
 
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML Diagrams
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)
 
Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...Software Project Health Check: Best Practices and Techniques for Your Product...
Software Project Health Check: Best Practices and Techniques for Your Product...
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered Sustainability
 
Folding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesFolding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a series
 
What is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need ItWhat is Fashion PLM and Why Do You Need It
What is Fashion PLM and Why Do You Need It
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service Consultant
 
chapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptchapter--4-software-project-planning.ppt
chapter--4-software-project-planning.ppt
 
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEECloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEE
 
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptxKnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
KnowAPIs-UnknownPerf-jaxMainz-2024 (1).pptx
 

an_introduction_to_network_analyzers_new.ppt

  • 1. An introduction to Network Analyzers Dr. Farid Farahmand 3/23/2009
  • 2. Network Analysis and Sniffing  Process of capturing, decoding, and analyzing network traffic  Why is the network slow  What is the network traffic pattern  How is the traffic being shared between nodes  Also known as  traffic analysis, protocol analysis, sniffing, packet analysis, eavesdropping*, etc. *Listen secretly to what is said in private!
  • 3. Network Analyzer  A combination of hardware and software tools what can detect, decode, and manipulate traffic on the network  Passive monitoring (detection) - Difficult to detect  Active (attack)  Available both free and commercially  Mainly software-based (utilizing OS and NIC)  Also known as sniffer  A program that monitors the data traveling through the network passively  Common network analyzers  Wireshark / Ethereal  Windump  Etherpeak  Dsniff  And much more…. Read: Basic Packet-Sniffer Construction from the Ground Up! by Chad Renfro Checkout his program: sniff.c
  • 4. Network Analyzer Components  Hardware  Special hardware devices  Monitoring voltage fluctuation  Jitter (random timing variation)  Jabber (failure to handle electrical signals)  CRC and Parity Errors  NIC Card  Capture driver  capturing the data  Buffer  memory or disk-based  Real-time analysis  analyzing the traffic in real time; detecting any intrusions  Decoder  making data readable Capturing the data is easy! The question is what to do with it!
  • 5. Who Uses Network Analyzers  System administrators  Understand system problems and performance  Malicious individuals (intruders)  Capture cleartext data  Passively collect data on vulnerable protocols  FTP, POP3, IMAP, SMATP, rlogin, HTTP, etc.  Capture VoIP data  Mapping the target network  Traffic pattern discovery  Actively break into the network (backdoor techniques)
  • 6. Basic Operation  Ethernet traffic is broadcasted to all nodes on the same segment  Sniffer can capture all the incoming data when the NIC is in promiscuous mode:  ifconfig eth0 promisc  ifconfig eth0 –promisc  Default setup is non-promiscuous (only receives the data destined for the NIC)  Remember: a hub receives all the data!  If switches are used the sniffer must perform port spanning  Also known as port mirroring  The traffic to each port is mirrored to the sniffer
  • 8. Protecting Against Sniffers  Spoofing the MAC is often referred to changing the MAC address (in Linux:)  ifconfig eth0 down  ifconfig eth0 hw ether 00:01:02:03:04:05  ifconfig eth0 up  Register the new MAC address by broadcasting it  ping –c 1 –b 192.168.1.1  To detect a sniffer (Linux)  Download Promisc.c)  ifconfig -a (search for promisc)  ip link (search for promisc)  To detect a sniffer (Windows)  Download PromiscDetect Remember: 00:01:02:03:04:05 MAC address (HWaddr)= Vender Address + Unique NIC #
  • 9. Protecting Against Sniffers  Using switches can help  Use encryption  Making the intercepted data unreadable  Note: in many protocols the packet headers are cleartext!  VPNn use encryption and authorization for secure communications  VPN Methods  Secure Shell (SSH): headers are not encrypted  Secure Sockets Layer (SSL): high network level packet security; headers are not encrypted  IPsec: Encrypted headers but does not used TCP or UDP Remember: Never use unauthorized Sniffers at wok!
  • 10. What is Wireshark?  Formerly called Ethereal  An open source program  free with many features  Decodes over 750 protocols  Compatible with many other sniffers  Plenty of online resources are available  Supports command-line and GUI interfaces  TSHARK (offers command line interface) has three components  Editcap (similar to Save as..to translate the format of captured packets)  Mergecap (combine multiple saved captured files)  Text2pcap (ASCII Hexdump captures and write the data into a libpcap output file) Remember: You must have a good understanding of the network before you use Sniffers effectively!
  • 11. Installing Wireshark  Download the program from  www.wireshark.org/download.html  Requires to install capture drivers (monitor ports and capture all traveling packets)  Linux: libpcap  Windows: winpcap (www.winpcap.org)  Typically the file is in TAR format (Linux)  To install in Linux  rpm –ivh libpcap-0.9.4-8.1.i.386.rpm (install lipcap RPM)  rpm –q libpcap (query lipcap RPM)  tar –zxvf libpcap-0.9.5.tar.gz  ./config  make  sudo make install
  • 12. Installing Wireshark  Packages that are needed for Installation  Ethereal (available in Fedora Core 4 disk #4)  ethereal—0.10.11.-2.i386.rpm  Ethereal GNOME User Interface  ethereal-gnome-0.10.11-2.i386.rpm  Log in as the ‘root’ user  Insert Fedora Code 4 Disk #4  Navigate to the following folder in the disk /Fedora/RPMS  Locate packages  ethereal—0.10.11.-2.i386.rpm  ethereal-gnome-0.10.11-2.i386.rpm  Copy the above packages to your system  Change directory to the packages location  cd <package_dir>  Install Ethereal  rpm –ivh ethereal—0.10.11.-2.i386.rpm  Install Ethereal GNOME user Interface  rpm –ivh ethereal-gnome-0.10.11-2.i386.rpm
  • 13. Wireshark Window Menu Bar Summary Window Tool Bar Filter Bar Info Field Disp. Info field Protocol Tree Window Data View Window
  • 14. Packet number 8 – BGP (Boarder Gateway Prot) Protocol Tree Window: Details of the selected packet (#8) Raw data (content of packet # 8)
  • 16. We continue in the lab….  Download the following files and copy them in your HW:  bgp_test  tcp_stream_analysis  follow_tcp_stream
  • 17. A Little about Protocols…  Protocols are standard for communications  Ethernet is the most popular protocol standard to enable computer communication  Based on shared medium and broadcasting  Ethernet address is called MAC address  48 bit HW address coded in the RON of the NIC card  The first 12 bits represent the vender  The second 12 bits represent the serial number  Use: arp –a  Remember: IP address is logical addressing  Network layer is in charge of routing  Use: ipconfig
  • 18. OSI Model  Physical  Data link; sublayers:  MAC: Physical addressing: moving packets from one NIC card to another  LLC (Logical Link Control) Flow control and error control  Network  Logical addressing (IP protocol)  Transport  Provides reliable end-to-end transport  Can be connectionless (UDP) or connection oriented (TCP)  Connection oriented requires ACK