1 / 12

Wireshark

Wireshark. and TCP/IP Basics ACM SIG-Security Lance Pendergrass. Network Concepts. Protocol - set of rules and procedures agreed upon for communication Ex: USPS mailing network Letter contained in envelope Standard Source/Destination Address Format Postage Based on Package Weight

lev-pugh
Download Presentation

Wireshark

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Wireshark and TCP/IP Basics ACM SIG-Security Lance Pendergrass

  2. Network Concepts Protocol - set of rules and procedures agreed upon for communication Ex: USPS mailing network • Letter contained in envelope • Standard Source/Destination Address Format • Postage Based on Package Weight • Packaging->Addressing->Payment->Sending Network Packets are like small digital envelopes

  3. OSI ModelEvery layer adds/interprets additional information

  4. TCP/IP Protocol Stack

  5. Transport Layer Protocols Transmission Control Protocol • Provides reliable data flow control • Stateful - connection established first • 3-Way Handshake • Sequencing • Checksums • Src/Dest Ports

  6. Transport Layer Protocols User Datagram Protocol • Stateless connection • No guarantee of delivery • Low overhead • Good for simple query & response, streaming • Used by: DHCP, DNS, streaming, VoIP

  7. Internet Layer Protocols Internet Protocol (IPv4) • Encapsulates Data Payload • Defines node addressing • Routes packets from source to destination Address Resolution Protocol (ARP) • Resolves IP address into Ethernet address Internet Control Message Protocol (ICMP) • Diagnostic and error messaging

  8. Common Application Protocols • HyperText Transfer Protocol • Domain Name System • File Transfer Protocol • Secure SHell • Simple Mail Transfer Protocol

  9. IP Addresses Used to identify network and host interface IPv4 • 32bit address comprised of 4 binary octets • Dec Representation: 172.16.254.1 • Subnet Masks IPv6 • 128bit address comprised of 8 16-bit fields • ex: 2001:0db8:0:1234:0:567:8:1

  10. Wireshark • Open Source Packet Analyzer • Places interface in Promiscuous Mode • Ability to parse most common protocols • Support for filters, graphing, plugins, etc Traffic can be captured via: Switch Port Mirroring, Arp Cache Poisoning, UTM Router, LAN Tap

  11. Demo • Capture Interfaces • Filtering by Address • Following Streams: SendervsReceiver • Extracting Files • Statistics • Protocol Hierarchy for traffic usage • Endpoints for host Tx/Rx bytes • Conversations for traffic flows • IO Graph usage, exporting images

More Related