190 likes | 327 Views
Ethereal: Network Security. Team Members: Anthony Anderson, Jerome Mitchell, and Napoleon Paxton Team Mentors: Mr. C. Edwards & Mr. K. Hayden. Abstract.
E N D
Ethereal: Network Security Team Members: Anthony Anderson, Jerome Mitchell, and Napoleon Paxton Team Mentors: Mr. C. Edwards & Mr. K. Hayden
Abstract The Office of Navel Research Network Team actively listened to network traffic to fingerprint transmitted data packets that could potentially affect the availability of resources within the ONR Local Area Network (LAN) segment. Network traffic was examined using ethereal graphical user interface to identify and analyze Transmission Control and User Datagram Protocol packets to and from end-user hosts and Elizabeth City State University (ECSU) campus intranet servers. Captured packet frames were decoded to see if a problem exists with a packet. Capture statements were created to find out what traffic is crossing the network, identify unauthorized protocols, and identify the top talkers. During the 2004 – 2005 Network Research Program the ONR Network Team limited its research and discovery phase to understanding the various methods to observe, capture, identify, analyze, and decode packets within a packet switched Local Area Network. To further the analysis of packet capturing the ONR Network Research Team will expand its research and discovery during the 2005 - 2006 program to develop a network diagram to determine the best place to capture traffic for analysis campus wide monitoring during different times of the day instead of once a day two times a week during ONR mentoring sessions. The development of an active packet monitoring network team can help the ONR network mentoring program strengthen the capabilities of the team members, help the ECSU Math and Computer Science department develop a new course to its program, and/or turnover over the research to the ECSU IT department for them to develop an network analysis vulnerability prevention program using packet analyzers and sniffers.
What is Ethereal • Ethereal is a network packet analyzer. A network packet analyzer will try to capture network packets and tries to display that packet data as detailed as possible
Ethereal Intended Purposes • network administrators use it to troubleshoot network problems • network security engineers use it to examine security problems • developers use it to debug protocol implementations • people use it to learn network protocol internals
Ethereal Features • Available for UNIX and Windows. • Capture live packet data from a network interface. • Display packets with very detailed protocol information. • Open and Save packet data captured. • Import and Export packet data from and to a lot of other capture programs. • Filter packets on many criteria. • Search for packets on many criteria. • Colorize packet display based on filters. • Create various statistics.
Platforms Ethereal Runs On • Unix • Apple Mac OS X • BeOS • FreeBSD • HP-UX • IBM AIX • NetBSD • OpenBSD • SCO UnixWare/OpenUnix • SGI Irix • Sun Solaris/Intel • Sun Solaris/Sparc • Tru64 UNIX (formerly Digital UNIX) • Linux • Debian GNU/Linux • Gentoo Linux • IBM S/390 Linux (Red Hat) • Mandrake Linux • PLD Linux • Red Hat Linux • Rock Linux • Slackware Linux • Suse Linux • Microsoft Windows • Windows Me / 98 / 95 • Windows Server 2003 / XP / 2000 / NT 4.0
What is a packet? A piece of a message transmitted over a packet-switching network. The messages are divided into packets before they are sent. Each packet is then transmitted individually and can even follow different routes to its destination. Once all the packets forming a message arrive at the destination, they are recompiled into the original message.
Using Ethereal or Another Packer Analyzer: • Formulate a “capture statement.” What do you want to find out? • Do you want to identify what traffic is crossing your network? • Identify unauthorized protocols? • Identify top talkers? • Other? • Create a network diagram and determine the best place to capture traffic that is related to your “statement.” • Create and save three capture files. • Limit capture files to 1000 packets. • Capture network traffic during different times of the day. • Analyze the traffic you captured. • What protocols do you see? • Can you find any unauthorized traffic? • Can you identify the two top talkers? • Follow a TCP stream (HTTP) and save it as a file. • Write a brief description of what you found through network analysis.
“The "User Interface: Columns • No. The number of the packet in the capture file. This number won't change, even if a display filter is used. • Time The timestamp of the packet. The presentation format of this timestamp can be changed, see the section called “Time display formats and time references”. • Source The address where this packet is coming from. • Destination The address where this packet is going to. • Protocol The protocol name in a short (perhaps abbreviated) version. • Info Additional information about the packet content.
The "Packet Details" Pane This pane shows the protocols and protocol fields of the packet selected in the "Packet List" pane. The protocols and fields of the packet are displayed using a tree, which can be expanded and collapsed.
The "Packet Bytes" Pane The packet bytes pane shows the data of the current packet (selected in the "Packet List" pane) in a hexdump style. the left side shows the offset in the packet data, in the middle the packet data is shown in a hexadecimal representation and on the right the corresponding ASCII characters (or . if not appropriate) are displayed.
Following TCP Streams To see the data from a TCP session in the order that the application layer sees it, such as, passwords in a Telnet stream, or just trying to make sense of a data stream. Ethereal has the capability to follow a TCP stream.