SSL basics and SSL packet analysis using wiresharkAl Imran, CISA
1. Definition of SSL
2. component of SSL
3. Secure connection establishment process
4. Real SSL packet capture and analysis using Wireshark
5. Digital Certificate, digital signature, digital envelop
10 Things Every Developer Using RabbitMQ Should KnowVMware Tanzu
RabbitMQ is the most popular open-source message broker. It’s a de facto standard for message-based architectures. And yet, despite the abundant documentation and usage, developers and operators can still get tripped up on configuration and usage patterns.
Let’s face it: some of these best practices are hard to capture in docs. There’s a subtle difference between what RabbitMQ *can* do, and *how* you should use it in different scenarios. Now is your chance to hear from seasoned RabbitMQ whisperers, Jerry Kuch and Wayne Lund.
Join Pivotal’s Jerry, Senior Principal Software Engineer, and Wayne, Advisory Data Engineer, as they share their top ten RabbitMQ best practices. You’ll learn:
- How and when—and when *not*—to cluster RabbitMQ
- How to optimize resource consumption for better performance
- When and how to persist messages
- How to do performance testing
- And much more!
Speakers:
Jerry Kuch, Senior Principal Software Engineer
Wayne Lund, Advisory Data Engineer, Pivotal
SSL basics and SSL packet analysis using wiresharkAl Imran, CISA
1. Definition of SSL
2. component of SSL
3. Secure connection establishment process
4. Real SSL packet capture and analysis using Wireshark
5. Digital Certificate, digital signature, digital envelop
10 Things Every Developer Using RabbitMQ Should KnowVMware Tanzu
RabbitMQ is the most popular open-source message broker. It’s a de facto standard for message-based architectures. And yet, despite the abundant documentation and usage, developers and operators can still get tripped up on configuration and usage patterns.
Let’s face it: some of these best practices are hard to capture in docs. There’s a subtle difference between what RabbitMQ *can* do, and *how* you should use it in different scenarios. Now is your chance to hear from seasoned RabbitMQ whisperers, Jerry Kuch and Wayne Lund.
Join Pivotal’s Jerry, Senior Principal Software Engineer, and Wayne, Advisory Data Engineer, as they share their top ten RabbitMQ best practices. You’ll learn:
- How and when—and when *not*—to cluster RabbitMQ
- How to optimize resource consumption for better performance
- When and how to persist messages
- How to do performance testing
- And much more!
Speakers:
Jerry Kuch, Senior Principal Software Engineer
Wayne Lund, Advisory Data Engineer, Pivotal
Its an open source vulnerability scanner based on Nessus. Very useful in home and small scale companies to implement and check the system, network and devices vulnerabilities.
In this presentation, we will cover how the ArubaOS switch virtualization technologies can deliver high-performance and highly available switching while simplifying management and lowering costs. Check out the webinar recording where this presentation was used: https://community.arubanetworks.com/t5/Wired-Intelligent-Edge-Campus/Technical-Webinar-Switch-Stacking-ArubaOS-Switch/td-p/471348
Managing your network manually is of no use. Use advanced network monitoring tools to automate monitoring and troubleshooting. Here are the five reasons why you need a network monitoring tool.
Its an open source vulnerability scanner based on Nessus. Very useful in home and small scale companies to implement and check the system, network and devices vulnerabilities.
In this presentation, we will cover how the ArubaOS switch virtualization technologies can deliver high-performance and highly available switching while simplifying management and lowering costs. Check out the webinar recording where this presentation was used: https://community.arubanetworks.com/t5/Wired-Intelligent-Edge-Campus/Technical-Webinar-Switch-Stacking-ArubaOS-Switch/td-p/471348
Managing your network manually is of no use. Use advanced network monitoring tools to automate monitoring and troubleshooting. Here are the five reasons why you need a network monitoring tool.
fUML-Driven Performance Analysisthrough the MOSES Model LibraryLuca Berardinelli
The growing request for high-quality applications for em- bedded systems demands model-driven approaches that facilitate their design as well as the verification and validation activities.
In this paper we present MOSES, a model-driven performance analysis methodology based on Foundational UML (fUML). Implemented as an executable model library, MOSES provides data structures, as Classes, and algorithms, as Activities, which can be imported to instrument fUML models and then to carry out the performance analysis of the modeled system through fUML model simulation. An industrial case study is provided to show MOSES at work, its achievements and its future challenges.
This Tutorial gives a brief introduction to HDF5 for people who have never used it. It covers the HDF5 Data Model including HDF5 objects and their properties. It also briefly describes the HDF5 Programming Model and prepares participants for further self-study of HDF5 and hands-on sessions.
This talk is all about the Berkeley Packet Filters (BPF) and their uses in Linux.
Agenda:
* What is a BPF and why do we need it?
* Writing custom BPFs
* Notes on BPF implementation in the kernel
* Usage examples: SOCKET_FILTER & seccomp
Speaker:
Kfir Gollan, senior embedded software developer, Linux kernel hacker and software team leader.
Machine Learning and Data Mining: 03 Data RepresentationPier Luca Lanzi
Course "Machine Learning and Data Mining" for the degree of Computer Engineering at the Politecnico di Milano. This lecture overviews the data representation issues in Data Mining.
Packet Analysis - Course Technology Computing Conference
Presenter: Lisa Bock - Pennsylvania College of Technology
Most network administrators are well-versed in hardware, applications, operating systems, and network analysis tools. However, many are not trained in analyzing network traffic. Network administrators should be able to identify normal network traffic in order to determine unusual or suspicious activity. Network packet analysis is important in order to troubleshoot congestion issues, create firewall and intrusion detection system rules, and perform incident and threat detection. This hands-on presentation will review fundamental concepts necessary to analyze network traffic, beginning with an overview of network analysis, then a review the TCP/IP protocol suite and LAN operations. Participants will examine packet captures and understand the field values of the protocols and as to what is considered normal behavior, and then examine captures that show exploits, network reconnaissance, and signatures of common network attacks. The program will use Wireshark, a network protocol analyzer for Unix and Windows, to study network packets, look at basic features such as display and capture filters, and examine common protocols such as TCP, HTTP, DNS, and FTP. Time permitting, the presentation will provide suggestions on how to troubleshoot performance problems, conduct a network baseline, and how to follow a TCP or UDP stream and see HTTP artifacts. Participants should have a basic knowledge of computer networking and an interest in the subject.
Abandon Decades-Old TCPdump for Modern TroubleshootingAvi Networks
Are you tired of troubleshooting with TCPdump? The Avi Vantage Platform is here to help. Learn how you can abandon your decades-old CPU-intensive logging tools – and gain intuitive, real-time analytics, faster time-to-resolution, modern SSL encryption, and (most importantly) happy IT teams focused on delivering applications.
Watch this Avi webinar to #ByeByeTCPdump forever and learn:
- Why TCPdump should be your tool of last resort
- How headers compressed with HTTP/2, SSL leveraging PFS, and distributed systems have rendered certain tools useless
- How automation and visibility can help you troubleshoot more quickly
- How you can replace TCPdump with intelligent logs and analytics
Watch the full webinar: https://info.avinetworks.com/webinars-avi-tech-corner-episode-1
Empower yourself to see what's lurking on your network with our Nmap project presentation! This presentation delves into the world of port scanning with Nmap, the industry-standard tool. Explore how Nmap works, uncover different scanning techniques (SYN scan, UDP scan, etc.), and learn to identify open ports, potential vulnerabilities, and running services. Whether you're a network administrator, security professional, or simply curious about your network traffic, this presentation equips you with the skills to gain valuable insights into your network health. Visit us for more nmap project presentations, https://bostoninstituteofanalytics.org/cyber-security-and-ethical-hacking/
This gives an overall idea about wireshark design and how to capture packets using wireshark, tcpdump and tshark. It also covers basics behind measuring network performance and tools to use such as bmon and iperf.
The Slides deck contains Network penetration testing requirements & Tools used in real world pentesting. For Demo purposes, I had used a vulnhub machine called Metasploitable 2 for testing purposes. Looking into various Ports and Services Vulnerabilities using Kali open source tools.
Similar to Packet capture in network security (20)
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBrad Spiegel Macon GA
Brad Spiegel Macon GA’s journey exemplifies the profound impact that one individual can have on their community. Through his unwavering dedication to digital inclusion, he’s not only bridging the gap in Macon but also setting an example for others to follow.
This 7-second Brain Wave Ritual Attracts Money To You.!nirahealhty
Discover the power of a simple 7-second brain wave ritual that can attract wealth and abundance into your life. By tapping into specific brain frequencies, this technique helps you manifest financial success effortlessly. Ready to transform your financial future? Try this powerful ritual and start attracting money today!
1.Wireless Communication System_Wireless communication is a broad term that i...JeyaPerumal1
Wireless communication involves the transmission of information over a distance without the help of wires, cables or any other forms of electrical conductors.
Wireless communication is a broad term that incorporates all procedures and forms of connecting and communicating between two or more devices using a wireless signal through wireless communication technologies and devices.
Features of Wireless Communication
The evolution of wireless technology has brought many advancements with its effective features.
The transmitted distance can be anywhere between a few meters (for example, a television's remote control) and thousands of kilometers (for example, radio communication).
Wireless communication can be used for cellular telephony, wireless access to the internet, wireless home networking, and so on.
Italy Agriculture Equipment Market Outlook to 2027harveenkaur52
Agriculture and Animal Care
Ken Research has an expertise in Agriculture and Animal Care sector and offer vast collection of information related to all major aspects such as Agriculture equipment, Crop Protection, Seed, Agriculture Chemical, Fertilizers, Protected Cultivators, Palm Oil, Hybrid Seed, Animal Feed additives and many more.
Our continuous study and findings in agriculture sector provide better insights to companies dealing with related product and services, government and agriculture associations, researchers and students to well understand the present and expected scenario.
Our Animal care category provides solutions on Animal Healthcare and related products and services, including, animal feed additives, vaccination
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdfFlorence Consulting
Quattordicesimo Meetup di Milano, tenutosi a Milano il 23 Maggio 2024 dalle ore 17:00 alle ore 18:30 in presenza e da remoto.
Abbiamo parlato di come Axpo Italia S.p.A. ha ridotto il technical debt migrando le proprie APIs da Mule 3.9 a Mule 4.4 passando anche da on-premises a CloudHub 1.0.
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC
Ellisha Heppner, Grant Management Lead, presented an update on APNIC Foundation to the PNG DNS Forum held from 6 to 10 May, 2024 in Port Moresby, Papua New Guinea.
2. • It is the ultimate troubleshooting tool.
• If you really want to know what is happening on your
network, you will need to capture traffic.
• No other tool provides more information.
• If misused, it can compromise your system's security
and invade the privacy of your users.
4. Traffic capture tools
• Tools for the capture and analysis of traffic go by a
number of names including
- packet sniffers
-packet analyzers
-Protocol analyzers
-Traffic monitors.
5. • Packet sniffers ::generally do the least amount of
analysis. Eg..tcpdump
• protocol analyzers:: provide the greatest level of
interpretation. Eg..etbereal
• Packet analyzers :: typically lie somewhere in between.
• Traffic monitors:: typically are more concerned with
collecting statistical information.
• All have the capture of raw data as a core function.
• Difference is: how much data analysis provided after
packet is captured.
6. Access to Traffic
• You can capture traffic only on a link that you have access
to. Difficult to get access to some links on your network.
• If you can't get traffic to an interface, you can't capture it
with that interface.
• only a limited amount of traffic will normally be seen at
any interface.
• Lack of access to data can become a serious problem.
• Several solutions :First, you can try to physically go to the
traffic by using a portable computer to collect the data.
• Another approach is to have multiple probe computers
located throughout your network.
7. Capturing Data
• Packet capture may be done by
software running on a networked host or
By hardware/software combinations designed
specifically for that purpose.
• Devices designed specifically for capturing traffic often
have high-performance interfaces that can capture large
amounts of data without loss.
• Packet capture software works by placing the network
interface in promiscuous mode.
• In promiscuous mode, all packets are captured
regardless of their destination address.
8. tcpdump
• It’s a packet sniffer.
• It was originally developed to analyze TCP/IP
performance problems.
• It is freely available,
• runs on many Unix platforms, and has even been ported
to Microsoft Windows.
• tcpdump uses the libpcap library to capture packets
9. • Since tcpdump is text based, it is easy to run remotely
using a Telnet connection.
• Its biggest disadvantage is a lack of analysis.
• But you can easily capture traffic, move it to your local
machine, and analyze it with a tool like ethereal.
10. Using tcpdump
• Tcpdump prints the contents of network packets.
• It can read packets from a network interface card
• Tcpdump can write packets to standard output or a file.
• The output will appear on your screen. You can
terminate the program by typing Ctrl-C.
• The syntax for capturing a file with tee is:
{bsd1# tcpdump -l | tee outfile} for displaying output
• tcpdump must be placed in line mode to display output
with tee. This is done with the -l option.
• The tee command writes data to the output file as it
receives it.
11. • The simplest way to run tcpdump is interactively by simply
typing the program's name.
• Another alternative is to run tcpdump as a detached process
by including an & at the end of the command line. Here is an
example:
bsd1# tcpdump -w outfile &
[1] 70260
bsd1# tcpdump: listening on xl0
• The command starts tcpdump, prints a process number, and
returns the user prompt along with a message that tcpdump
has started.
• You can now enter commands to generate the traffic you are
interested in.
12. • Once you have generated the traffic of interest, you can
terminate tcpdump by issuing a kill command using the
process number reported when tcpdump was started.
• You can use the ps command if you have forgotten the
process number.
bsd1# kill 70260
153 packets received by filter
0 packets dropped by kernel
[1] Done tcpdump -w outfile
• You can now analyze the capture file.
13. • We use the -w option to write the captured data directly
to a file.
• This option has the advantage of collecting raw data in
binary format.
• The data can then be replayed with tcpdump using the
-r option. The binary format decreases the amount of
storage needed.
• To capture data you might type:
bsd1# tcpdump -w rawfile
• The data could be converted to a text file with:
bsd1# tcpdump -r rawfile > textfile
14. tcpdump Options
• A number of command-line options are available with
tcpdump.
• options can be separated into four broad categories—
1.commands that control the program operations
(excluding filtering)
2.commands that control how data is displayed,
3.commands that control what data is displayed
4.filtering commands.
15. 1.Controlling program behavior
• This class of command-line options affects program
behaviour.
• seen two examples of control commands, -r and –w
• The -w option allows us to redirect output to a file for
later analysis
• You can subsequently play back capture data using the -
r option.
• If you know how many packets you want to capture,
the -c option allows you to specify that number.
• The -p option says that the interface should not be put
into promiscuous mode. -s controls the amount of data
captured.
16. • If you know how many packets you want to capture or
• If you just have an upper limit on the number of
packets, the -c option allows you to specify that number.
• The program will terminate automatically when that
number is reached, eliminating the need to use a kill
command or Ctrl-C.
• In the next example, tcpdump will terminate after 100
packets are collected:
• bsd1# tcpdump -c100
17. 2.Controlling how information is displayed
• The -a, -n, -N, and -f options determine how address
information is displayed.
• The -a option attempts to force network addresses into
names.
• The -n option prevents the conversion of addresses into
names.
• The -N option prevents domain name qualification
• The -f option prevents remote name resolution.
• The -t and -tt options control the printing of timestamps
18. 3.Controlling what's displayed
• The verbose modes provided by -v and -vv options can
be used to print some additional information.
• For example, the -v option will print TTL fields.
• For less information, use the -q, or quiet, option.
• The -e option is used to display link-level header
information
19. 4.Filtering
• Filters permit you to specify what traffic you want to
capture, allowing you to focus on just what is of interest.
• If you are not interested in some kinds of traffic, you can
exclude traffic as you capture.
• If you are unclear of what traffic you want, you can
collect the raw data to a file and apply the filters as you
read back the file.
• Filters at their simplest are keywords added to the end
of the command line.
• However, extremely complex commands can be
constructed using logical and relational operators.
20. Address filtering.
• It should come as no surprise that filters can select
traffic based on addresses. For example,
• consider the command:
bsd1# tcpdump host 205.153.63.30
• This command captures all traffic to and from the host
with the IP address 205.153.63.30.
• Addresses can be specified and restricted in several
ways.
• Here is an example that uses the Ethernet address of a
computer to select traffic:
bsd1# tcpdump ether host 0:10:5a:e3:37:c
21. Analysis Tools
Analysis tools used by tcpdump are:
tools for sanitizing the data
tools for reformatting the data
tools for presenting and analyzing the data.
sanitize
• It contain collection of five Bourne shell scripts that
reduce or condense tcpdump trace files and eliminate
confidential information.
22. • The five scripts included in sanitize are
1.sanitize-tcp
2.sanitize-syn-fin
3.sanitize-udp
4.sanitize-encap
5.sanitize-other.
• This has two primary uses.
First, it reduces the size of the files you must deal with,
traffic that still contains the traffic of interest.
Second, it gives you data that can be distributed or made
public without compromising individual privacy or revealing
too much specific information about your network.
23. Other Packet Capture Programs
• We have discussed tcpdump in detail because it is the
most widely available packet capture program for Unix.
• One of packet capture program comparable with
tcpdump is “Sun Microsystems' Solaris provides snoop”.
• it is used pretty much the same way as tcpdump.
• The output has a slightly more readable format.
• snoop, like tcpdump, supports a wide range of options
and filters.
• Other packet capture program is.. “iptrace”
24. Packet Analyzers
• The real limitation with tcpdump is interpreting the data.
• That is if you want to examine the data within packets, a
packet sniffer is not enough.
• You need a packet analyzer.
• Ethereal is a packet analyzer.
25. ethereal
• ethereal is available both as an X Windows program for
Unix systems and as a Microsoft Windows program.
• It can be used as a capture tool and as an analysis tool.
• It uses the same capture engine and file format as
tcpdump.
• can use ethereal to analyze tcpdump files.
• ethereal supports two types of filters
• capture filters based on tcpdump
• display filters used to control what you are looking at.
26. Using ethereal
• Usually ethereal will be managed entirely from a
windowing environment.
• When you run ethereal, you are presented with a
window with three initially empty panes.
• The initial screen is similar to Figure 5-1 except the panes
are empty.
• If you have a file you want to analyze, you can select
“File-> Open”.
• You can either load a tcpdump file created with the -w
option or a file previously saved from ethereal.
27.
28. • To capture data, select Capture Start.
• You will be presented with a Capture Preferences screen
like the one shown in Figure 5-2.
• If you have multiple interfaces, you can select which one
you want to use with the first field.
• The Count: field is used to limit the number of packets
you will collect.
• You can enter a capture filter, using tcpdump syntax, in
the Filter: field.
• The fifth field allows you to limit the number of bytes
you collect from the packet.
30. • The first of the four buttons allows you to switch
between promiscuous and nonpromiscuous mode.
• Once you have everything set, click on OK to begin
capturing data.
• While you are capturing traffic, ethereal will display a
Capture window that will give you counts for the packets
captured in real time.
• This window is shown in Figure 5-3.
• you can use the Stop button to end capture.
31. • Once you have finished capturing data, you'll want to go
back to the main screen shown in Figure 5-1.
• The top pane displays a list of the captured packets.
• The lower panes display information for the packet
selected in the top pane.
• “Display ->Show Packet” in New Window to open a
separate window, allowing you to open several packets
at once.
• The “Tools->Summary” gives you the details for data you
are looking at.
• An example is shown in Figure 5-4.
33. Display filters
• Display filters allow you to selectively display data that
has been captured.
• At the bottom of the window shown in Figure 5-1, there
is a box for creating display filters.
• As previously noted, display filters have their own syntax.
• You can select a field from the center pane and then
select “Display-> Match Selected”, and ethereal will
construct and apply the filter for you.