200 likes | 441 Views
Wireshark. and TCP/IP Basics ACM SIG-Security Lance Pendergrass. Network Concepts. Protocol - set of rules and procedures agreed upon for communication Ex: USPS mailing network Letter contained in envelope Standard Source/Destination Address Format Postage Based on Package Weight
E N D
Wireshark and TCP/IP Basics ACM SIG-Security Lance Pendergrass
Network Concepts Protocol - set of rules and procedures agreed upon for communication Ex: USPS mailing network • Letter contained in envelope • Standard Source/Destination Address Format • Postage Based on Package Weight • Packaging->Addressing->Payment->Sending Network Packets are like small digital envelopes
Transport Layer Protocols Transmission Control Protocol • Provides reliable data flow control • Stateful - connection established first • 3-Way Handshake • Sequencing • Checksums • Src/Dest Ports
Transport Layer Protocols User Datagram Protocol • Stateless connection • No guarantee of delivery • Low overhead • Good for simple query & response, streaming • Used by: DHCP, DNS, streaming, VoIP
Internet Layer Protocols Internet Protocol (IPv4) • Encapsulates Data Payload • Defines node addressing • Routes packets from source to destination Address Resolution Protocol (ARP) • Resolves IP address into Ethernet address Internet Control Message Protocol (ICMP) • Diagnostic and error messaging
Common Application Protocols • HyperText Transfer Protocol • Domain Name System • File Transfer Protocol • Secure SHell • Simple Mail Transfer Protocol
IP Addresses Used to identify network and host interface IPv4 • 32bit address comprised of 4 binary octets • Dec Representation: 172.16.254.1 • Subnet Masks IPv6 • 128bit address comprised of 8 16-bit fields • ex: 2001:0db8:0:1234:0:567:8:1
Wireshark • Open Source Packet Analyzer • Places interface in Promiscuous Mode • Ability to parse most common protocols • Support for filters, graphing, plugins, etc Traffic can be captured via: Switch Port Mirroring, Arp Cache Poisoning, UTM Router, LAN Tap
Demo • Capture Interfaces • Filtering by Address • Following Streams: SendervsReceiver • Extracting Files • Statistics • Protocol Hierarchy for traffic usage • Endpoints for host Tx/Rx bytes • Conversations for traffic flows • IO Graph usage, exporting images