Network S niffing and P acket Analysis Using Wireshark    C ombined null and O W A S P meet               B angalore      ...
• D ifficult to put all thesethings together• E xisting sessions – 100 –150 slides• Time C onstraint
Topics • Why? • What? • How ?    • B as ic sniffing techniques    • Intro to wireshark    • C losure look at protocols    ...
P rerequisite:• P atience• P atience• P atienceAND               Or              M ay              be...
Why sniffing/packet analysis • Why you? • Why M e? • Why O thers?
P urpose of sniffing and          packet analysis● A million different things can go wrong with a computer network,from a ...
What is this?• Also known as packet sniffing, protocol analysis etc.• Three P hases -   • C ollection – promiscuous mode  ...
S niffing Techniques• P romiscuous mode• Hub environment• S witch environment  • P ort mirroring  • Hubbing out the target...
Wireshark: History G erald C ombs , a computer science graduate ofthe University of M iss ouri at Kansas C ity,originally ...
Wireshark: Features   • GPL   • Available in all platform   • Both live and offline analysis   • Understands almost all pr...
S tarters: P rotocol diagnosis • AR P • D HC P •HTTP / PTC • D NS • FTP • Telnet • IC M P • S M TP
D eserts: C ase S tudies • FTP C rack • B las ter worm • OS fingerprinting • P ort S canning • IC M P C overt C hannel • B...
M outh Freshner: Honeynet C hallenge      • C hallenge 1        • P roblem S tatement        • Analysis        • Tools use...
M ainC ourse? ? ? ?“Tell me and I forget. Showme and I remember. Involveme and I understand.” -chinese proverb
Thank you for witnessing thishistorical moment...A ns w ers a nd D is c us s io ns ?                ta m a g hna .ba s u@g...
Network Forensic   Packet Analysis Using Wireshark
Upcoming SlideShare
Loading in …5
×

Network Forensic Packet Analysis Using Wireshark

3,854 views

Published on

Published in: Automotive
0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
3,854
On SlideShare
0
From Embeds
0
Number of Embeds
692
Actions
Shares
0
Downloads
13
Comments
0
Likes
3
Embeds 0
No embeds

No notes for slide

Network Forensic Packet Analysis Using Wireshark

  1. 1. Network S niffing and P acket Analysis Using Wireshark C ombined null and O W A S P meet B angalore 1101/0011/1010 ta m a g hna .ba s u@g m a il.c om ta m a ha w k -tec hg uru.blo g s pot.c om tw itter.c om /tita nla m bda
  2. 2. • D ifficult to put all thesethings together• E xisting sessions – 100 –150 slides• Time C onstraint
  3. 3. Topics • Why? • What? • How ? • B as ic sniffing techniques • Intro to wireshark • C losure look at protocols • C ase S tudies
  4. 4. P rerequisite:• P atience• P atience• P atienceAND Or M ay be...
  5. 5. Why sniffing/packet analysis • Why you? • Why M e? • Why O thers?
  6. 6. P urpose of sniffing and packet analysis● A million different things can go wrong with a computer network,from a simple spyware infection to a complex router configurationerror.● P acket level is the most basic level where nothing is hidden.●Understand the network, who is on a network, whom yourcomputer is talking to, What is the network us age, any s uspiciouscommunication (D O S , botnet, Intrus ion attempt etc)●Find uns ecured and bloated applications – FTP sends cleartextauthentication data●O ne phase of computer forensic - could reveal data otherwisehidden s omewhere in a 150 G B HD D .
  7. 7. What is this?• Also known as packet sniffing, protocol analysis etc.• Three P hases - • C ollection – promiscuous mode • C onversion – UI based tools are better • Analysis – P rotocol level, setting rules etc• G et various data like text content, files, clear textauthentication details etc.• Tools •S niffer – wireshark, cain and abel, tcpdump (commnd line tool), networkminer • P acket Analysis – wireshark, networkminer, xplico etc
  8. 8. S niffing Techniques• P romiscuous mode• Hub environment• S witch environment • P ort mirroring • Hubbing out the target network/machine • AR P cache poisoning /AR P spoofing
  9. 9. Wireshark: History G erald C ombs , a computer science graduate ofthe University of M iss ouri at Kansas C ity,originally developed it out of necessity.The very firs t version of C ombs’ application,called E thereal, was releas ed in 1998 under theG NU P ublic Licens e (GP L).E ight years after releasing E thereal, C ombs lefthis job and rebranded the project as Wiresharkin mid-2006.
  10. 10. Wireshark: Features • GPL • Available in all platform • Both live and offline analysis • Understands almost all protocols, if not, add it – open source • Filter/search packets, E xperts comment, Follow TC P S tream, Flow G raph etc • P lenty of tutorials /documentation available • G et sample captured packets for study - http:/ wiki.wireshark.org/ ampleC aptures / S• D em o: L ets s ta rt ea ting . Feed yo ur bra in. :)
  11. 11. S tarters: P rotocol diagnosis • AR P • D HC P •HTTP / PTC • D NS • FTP • Telnet • IC M P • S M TP
  12. 12. D eserts: C ase S tudies • FTP C rack • B las ter worm • OS fingerprinting • P ort S canning • IC M P C overt C hannel • B rowser Hijacking - spyware
  13. 13. M outh Freshner: Honeynet C hallenge • C hallenge 1 • P roblem S tatement • Analysis • Tools used • S olution
  14. 14. M ainC ourse? ? ? ?“Tell me and I forget. Showme and I remember. Involveme and I understand.” -chinese proverb
  15. 15. Thank you for witnessing thishistorical moment...A ns w ers a nd D is c us s io ns ? ta m a g hna .ba s u@g m a il.c om ta m a ha w k -tec hg uru.blo g s pot.c om tw itter.c om /tita nla m bda

×