1 / 41

Ethernet Sniffer: A Network Analyzer Program

An Ethernet Sniffer, also known as a network analyzer, is a program that monitors data traveling over a network. It can be used as a network management tool and for troubleshooting, but can also be used for unauthorized information gathering. This article provides an overview of sniffer tools and their various uses.

Download Presentation

Ethernet Sniffer: A Network Analyzer Program

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. More Ethernet

  2. Sniffer • A sniffer, a.k.a. a network analyzer: A program that monitors data traveling over a network. • One does not need new hardware, a standard NIC can be put into promiscuous mode in which it copies all packets instead of only those sent to it. • It can be used as a legitimate network management tool, for instance, to troubleshoot network traffic problems. • It can also be used for stealing information off a network.

  3. Good or Bad • A sniffer is one of the hacker’s favorite tools. It can be used to intercept all sorts of data not intended to be seen by any but the destination computer. Suppose for instance that password used to log on to some remote site was sent un-encrypted • A sniffer can be used to determine if network users are sending or receiving packets considered forbidden on the network, e.g. suppose the network administrator outlaws the use of Napster, a sniffer could be used to catch those still using it.

  4. Another NIC slot type • The PCMCIA (Personal Computer Memory Card International Association) created standards for credit-card sized cards for memory, hard drive or I/O purposes (e.g. a NIC). • There are different types (I, II and III) having different thicknesses.

  5. PCMCIA website

  6. Some wireless specs

  7. Standards • IEEE 802.3 are the standards for a wired Ethernet LAN. • IEEE 802.11 are the standards for a wireless LAN. • Varieties include 802.11a, 802.11b and 802.11g. • They differ in the carrier frequencies and encoding (modulation schemes). • They also differ in variations on spread spextrum (frequency hopping) they use.

  8. Frames Revisited • The data portion of a frame (a.k.a. the payload) may take on many forms (it may be intended for any number of applications) and the receiving computer must know the “type” of data coming in. • Framing schemes fall into two categories • Explicit (self-identifying): the frame header has a type field explicitly announcing the type of data. • Implicit (not self-identifying): there is no information in the header, any data typing required must be contained in the payload itself.

  9. General Frame Format

  10. Ethernet Frame Format Number of bytes Is self-identifying

  11. Ethernet Frame Format (Cont.) • Preamble: a pattern of 64 1’s and 0’s that ensure that the transmitter and receiver are synchronized (at the bit level and the byte level). • Destination Address: the receiver’s physical (MAC) address from its NIC card. • Source Address: the transmitter’s physical (MAC) address (so an acknowledgement can be sent).

  12. Ethernet Frame Format (Cont.) • Frame Type: two bytes that identify the format/protocol of the data that follows (what application will deal with it). • Data (Payload): 46 to 1500 bytes of the actual information one wanted to send in the first place. • Lower bound needed to guarantee reduce collisions. • CRC: A 32-bit cyclic redundancy check to ensure the information was not corrupted during transmission.

  13. Some Ethernet Type Field Values

  14. Non Self-Identifying Frames • In protocols that don’t have Data Type fields, there is one of two options • Sender and receiver must agree ahead of time on the data type. • Sender and receiver must agree to use the first part of the payload to serve in place of the data type field, to make up for this missing data type in the protocol.

  15. IEEE to the rescue • The IEEE stepped in and set up a standard way to announce the Type in a protocol that did not have a Type field. • LLC/SNAP Logical Link Control SubNetwork Attachment Point.

  16. LLC/SNAP Octet = byte OUI: Organizationally Unique Identifier

  17. Thick Ethernet Wiring • Known as Thick Coax, 10Base5 or “yellow cable” (because it was usually yellow in color) about ½” in diameter. • Not used much any more. • Pro: Less susceptible to interference, so it can be longer, the 5 in 10Base5 means a “segment” can be up to 500 meters • Segment: the cable measured from end to end (terminator to terminator)

  18. Thick Ethernet Wiring (Cont.) • Con: expensive • Con: not flexible, does not bend around corners easily • Computers connected to Thick Ethernet bus by transceivers (a transmitter and receiver combined into one unit) • In more modern ways of connecting to an Ethernet, the transceiver is built into the NIC.

  19. Thick Ethernet Wiring (Cont.) • Typically part of the transceiver is what is known as a vampire tap, a clamp that “bites” into the wire, providing a connection to the cable but not breaking it. • So one could add computers to the network without breaking any connections.

  20. The Terminator • A device attached to the end-points of a bus network or daisy-chain. • It prevents a signal from reflecting when it reaches the end of the bus. • “That’s what it does, that’s all it does.”

  21. AUI cable • The cable connecting the transceiver to the NIC is known as the Attachment Unit Interface cable. • It has a special 15-pin connector that attaches the AUI cable to the NIC (Ethernet card). • A connector is the part of a cable that plugs into a port or interface. • Typically categorized as • Male (containing one or more exposed pins) • Female (containing holes in which the male connector is inserted)

  22. Thick Ethernet Wiring (Fig. 10.3)

  23. Connection Multiplexor • A connection multiplexor (many-to-one) is a device used with thick Ethernet to connect a number of computers to one transceiver. • The device makes it seem as though each computer has its own transceiver. • The CSMA/CD (Carrier sense multiple access with collision detect) aspect of the protocol treats the signals identically whether the computer’s share a transceiver or not.

  24. Thin Ethernet Wiring • Known as thin coax cable, 10Base2, or thinnet • Pro: less expensive than thick • Pro: more flexible than thick • Con: more susceptible to interference than thick (segment has to be shorter, up to 185m) • Pro: transceivers are built onto the card

  25. Thin Ethernet Wiring (Cont.) • Con: while strictly speaking it has the bus topology and one should not have to disconnect the network to add a new computer, the way it is actually wired requires disconnecting the network. • A T-connector is used in conjunction with a BNC connector.

  26. Thin Ethernet Wiring (Cont.) T connector Connected to bus Connected to bus Connected to computer

  27. Thinnet (Fig. 10.5)

  28. BNC Connector • Short for British Naval Connector or Bayonet Nut Connector or Bayonet Neill Concelman, the connector used with thin coaxial cable such as the RG-58 A/U cable used with the 10Base-2 Ethernet system. • A (male) BNC connector is mounted at both ends of a cable. • The connector has a center pin connected to the cable’s center wire and a metal tube connected to the cable’s outer shield. • A rotating ring outside the tube locks the cable to any female connector.

  29. BNC Connector (Cont.) • BNC T-connectors are female devices for connecting two cables to a NIC. • A BNC barrel connector is used to connect two cables together. • BNC connectors are sometimes used to connect monitors, which increases the accuracy of the signals sent from the video adapter.

  30. UTP Ethernet Wiring • Uses Unshielded Twisted Pair (twisting reduces interference but not as well as coaxial cable’s shielding) • Pro: Even cheaper than thinnet • Pro: More flexible than thinnet • Con: Even more susceptible to interference than thinnet, a segment can only stretch 100 m • The T in 10BaseT means twisted

  31. RJ-45 • Registered Jack-45,an eight-wire connector used to connect computers to an Ethernet LAN using UTP wire. • RJ-45 connectors look similar to the RJ-11 connectors that are used for phones, but they are wider

  32. RJ-45 (LAN) and RJ-11 (phone)

  33. Hub • A common connection point for devices in a network. • Hubs are commonly used to connect segments of a LAN. A hub contains multiple ports. • When a packet arrives at one port, it is copied to the other ports so that all segments of the LAN can see all packets.

  34. Hub (Fig. 10.6)

  35. Segment • With the introduction of a hub, the definition of segment changes somewhat. • It is a section of a network that is bounded by bridges, routers, hubs, or switches. (More on that another day.) • Having multiple segments allows a network to uses more fully the bandwidth it has available (i.e. makes it faster)

  36. Patch panel • A patch panel is a mounted hardware unit holding a collection of port locations in a network. • Often the connection goes through a patch panel before getting to the hub. • Is more permanent than a hub and often higher quality (faster speed, etc.) • There may be more connections coming into the patch panel than go on to the hub, providing flexibility in which computers belong to the LAN at any one time

  37. Patch panel

  38. Logical Topology • The Ethernet protocol was designed for a bus topology, but the UTP wiring uses a hub which is part of the star topology • UTP Ethernet is thus physically a star (has the physical topology of a star) and is logically a bus (has the logical topology of a bus)

  39. References • Computer Networks and Internets (Comer) • Networking for Dummies (Doug Lowe) • A+ Certification Training Kit (Microsoft) • http://www.webopedia.com • http://www.whatis.com

More Related