1 / 26

Packet Sniffing

Packet Sniffing. We will look at…. What is a protocol? What exactly is a packet? Some of the protocols that make TCP/IP work Internet Protocol (IP) User Datagram Protocol (UDP) Transmission Control Protocol (TCP) Introduce tools such as Wireshark Examine a PCAP file. What is a Protocol?.

true
Download Presentation

Packet Sniffing

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Packet Sniffing

  2. We will look at… • What is a protocol? • What exactly is a packet? • Some of the protocols that make TCP/IP work • Internet Protocol (IP) • User Datagram Protocol (UDP) • Transmission Control Protocol (TCP) • Introduce tools such as Wireshark • Examine a PCAP file

  3. What is a Protocol? • An agreed upon mechanism of doing something • E.g. shaking hands

  4. First look at a PCAP file

  5. What Exactly is a Packet?

  6. What Happens when you Access the Web? • You request data on your local computer • Data sent to home router (WIFI or wired connection) • Router sends data to your ISP (Internet Service Provider) • Data then enters the ISPs WAN (Wide Area Network) • In turn data passes to WAN for your area / city • Data now on the wider Internet using high bandwidth connections and routers • Data then has to find its way to the server • Trace route is a command line tool allowing you to view all of the machines involved between client and server • Software and hardware needs to be designed in such a way to enable all of the above to happen

  7. Layered Network Architectures • ISO OSI Reference Model • (International Standards Organisation, Open Systems Interconnection model) • Organises network software into layers that focus on specific tasks

  8. Top Most Layers

  9. The Sub Net

  10. Why Layers? • As developers we can concentrate on specific networking problems one at a time • Physical layer concerned solely with how data is represented on the cable • Data link layer concerned with what to do if data is lost or corrupted • 7 Layer model is aspirational. Many implementations ignore the upper layers completely

  11. TCP/IP and the OSI Model

  12. Morse Code and “Layers” • The message “Hello” will be represented in different ways at different parts of the system “.... . .-.. .-.. ---”

  13. Computer Networks use Binary Rather than Morse Code • For example the text “hello” represented in binary using UTF-8 would be “0110100001100101011011000110110001101111” • As an electrical signal it might look something like this… • https://www.youtube.com/watch?v=ckc6XSSh52w

  14. Imposing Order • To make sense of the zeros and ones we need to impose some order • Where does a section of data start? • Where does a section of data end? • Who is the sender of the data? • Who is the recipient? • Which port/application is communicating? • How do we send large files without clogging up the network? • What do we do if data is lost or damaged?

  15. Internet Protocol (IP) • Take the zeros and ones and organise them into “frames” • Original data split into smaller chunks • The first set of binary data makes up the header • The second set of binary data is a small section of the original data • So a large video file would split down into lots of individual frames • The frames only indicate which machine the data is intended for • To do the job properly we need to identify which application (port) the data is destined for • Need to organise the data into packets

  16. User Datagram Protocol (UDP) • Rather than only identifying the destination machine the packet also identifies the port number the data is intended for too • The packets make up the data component of a frame • Still very small so a large video file would be split up into many packets of data • UDP contains simple error checking via a checksum • Simply ignores damaged data • Absence of error correction makes it fast • But why would we want a protocol like this? • Consider for example Skype

  17. Transmission Control Protocol (TCP) • If Skype loses our data we may not care • Would we be happy with… • 50% of an email? • 25% of a banking transaction? • For other applications we need some sort of error correction as well as detection • Internet originally designed to survive a nuclear attack • TCP addresses this problem • By giving each packet a sequence number the receiver now knows two things: • What order the packets are supposed to go in • If any packets are missing when they are assembled

  18. Sliding Windows Protocol • Transmitter sends a packet of data but the receiver is busy – what might happen?

  19. Acknowledgment (ACK)

  20. Data Loss The same would be true if the ACK was destroyed in transit – repeated packet would be ignored!

  21. Improving Bandwidth Usage Other type of packets exist in the process too!

  22. The Problem with Packets • WIFI – intercept the packets “in the air” • Free WIFI in pubs/bars/airports • Wired – intercept the packets on the cable • Using a machine linked to the network • Cutting the cable and adding your own machine • Using packet sniffing software e.g. Wireshark • https://www.wireshark.org/ • Used for fixing network problems • May be used for “other things” too!

  23. Generates a PCAP file • This file allows you to see the packets on the network • Gives lots of clues as to • Network configuration • Hardware connected to the network

  24. Inspect the Data in HTML Form POST requests Login Wireshark PCAP File

  25. Improving Security • Use SSL between client and server • HTTP – plain text • HTTPS – secure on port 443 • Use a VPN (especially on public networks) • Masks the IP address of the client • May give illusion of being in a different country • Packets may be encrypted • Also allows for bypassing of firewall restrictions e.g. BitTorrent sites

  26. We have looked at… • What is a protocol? • What is a packet? • Some of the protocols that make TCP/IP work • Internet Protocol (IP) • User Datagram Protocol (UDP) • Transmission Control Protocol (TCP) • Introduce tools such as Wireshark • Examined a PCAP file • Considered additional security issues of TCP/IP

More Related