Network analysis Book

865 views

Published on

Network analysis Book

Published in: Education, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
865
On SlideShare
0
From Embeds
0
Number of Embeds
111
Actions
Shares
0
Downloads
13
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Network analysis Book

  1. 1. Copyright 2013 @ tcpipguru.com Network Testing and Analysis How to Guide for Networking Engineers
  2. 2. Copyright 2013 @ tcpipguru.com
  3. 3. Copyright 2013 @ tcpipguru.com Table of Contents How to Capture and Display traffic between two systems on a network How to craft a ping packet How to detect rogue DHCP servers on a network How to detect web servers on a network How to display bytes received and sent on the network card in an interval How to display ports in listening state on a Windows system How to find access points on a network How to find Active directory servers on a network How to find all subnet directed broadcast on a network How to find broadcast frames on a network How to find FTP servers on a network How to find a printer on a network How to find ports open on your internet router How to find proxy servers on a network How to find TCP applications running on a remote system How to find the IP address of an IP camera on a network How to find the number of hops taken by a packet to reach the destination. How to find the reason as to why an application is not working on a remote computer. How to find unicast packets sent to a gateway router from devices on the network How to find used IP addresses on a network How to passively monitor 802.11 packets on a network
  4. 4. Copyright 2013 @ tcpipguru.com How to route internet traffic through a specific network card How to scan a range of TCP ports on a system How to simulate TCP connections to a required server port number How to troubleshoot DNS connectivity issues How to troubleshoot internet with nmap. How to troubleshoot port forwarding issues How to troubleshoot remote desktop connectivity issues How to troubleshoot web communication connectivity issues. How to view received and sent bytes on a network card How to view TCP connection statistics on a Windows systems How to view TCP connections on a Window System How to view the data in bytes which is sent and received by a process in memory How to view the state of a network process on a Windows System How to find HTTP traffic passing through a router How to find http traffic to and from a PC on a network How to find the protocols which pass through the LAN interface of an internet router. How to detect eavesdropping vulnerable protocols on an IP address How to test an inbound ACL How to test cam flooding attack How to send IP packets in a loop with random IP addresses.
  5. 5. Copyright 2013 @ tcpipguru.com How to Capture and Display traffic between two systems on a network The wireshark tutorial shows how to capture and display traffic between two systems on a network. Setup and install wireshark on any one of the systems. Start the capture and stop as and when required. In the below screenshot, a filter is applied which would display the traffic between the systems 192.168.1.3 and 192.168.1.1 How to craft a ping packet The tutorial explains how to craft a ping packet. Ping is a tool, which is used for network troubleshooting. It is also used to test the availability of a system on the network. Ping uses the ICMP protocol at the network layer for communication. ICMP type 8 and code 0 packet is generated when a ping request is initiated. For crafting a ping packet, scapy is used. The following code creates a ping packet, which has the source IP address as 192.168.1.6 and the destination IP address as
  6. 6. Copyright 2013 @ tcpipguru.com 192.168.1.1. The ICMP packet is created , which is provided with the appropriate values, 8 and 0 for the type and code field. The packet is sent using the send(ip/icmp) command. from scapy.all import * ip=IP() icmp=ICMP() ip.src='192.168.1.6' ip.dst='192.168.1.1' icmp.type=8 icmp.code=0 send(ip/icmp) To test the functionality of the code, setup the lab with two systems with IP address as 192.168.1.6 and 192.168.1.1, both connected to a switch. Setup scapy, python and wireshark on the PC configured with the IP address, 192.168.1.6. Start wireshark on the PC and run the code. The ping request packet (Crafted packet) should be seen in wireshark as well as the response to the packet (Ping reply) How to detect rogue DHCP servers on a network In this tutorial, the mechanism to detect a rogue dhcp server with nmap is understood. Rogue dhcp servers are setup on the network by attackers to create disruption of services. nmap is installed on a system. nmap is used to scan, UDP port 67, which is used by DHCP servers on the network. As the network administrator would be aware of the IP address of the DHCP server on the network, any other IP address associated with UDP port 67 would be identified as a rogue DHCP server. The following screenshot shows the command which can be used for scanning the network 192.168.2.0/24 for udp port 67. The output of the command returns the dhcp servers on the network. In this network, there is only one valid dhcp server, which is 192.168.2.1.The status of the port 67 is shown as open.
  7. 7. Copyright 2013 @ tcpipguru.com Ebook Price - $5 Visit www.tcpipguru.com to buy the Ebook

×