network concepts introduction wireshark workshop
play

Network concepts introduction & wireshark workshop @ - PowerPoint PPT Presentation

Oct 05, 2022 •360 likes •812 views

Network concepts introduction & wireshark workshop @ KirilsSolovjovs wireshark +4fd9 ISO/OSI+DoD model wireshark +4fd9 T opics for our workshop Network layer models Ethernet, WiFi Layer3: ARP, ICMP, IPv4, IPv6 Layer4:

  1. Network concepts introduction & wireshark workshop @ KirilsSolovjovs wireshark +4fd9

  2. ISO/OSI+DoD model wireshark +4fd9

  3. T opics for our workshop ● Network layer models ● Ethernet, WiFi ● Layer3: ARP, ICMP, IPv4, IPv6 ● Layer4: UDP, TCP ● Routjng ● Applicatjon level protocols: DNS, SMTP, FTP, HTTP, … ● Punching holes in fjrewalls, breaking WPA2 and much more wireshark +4fd9

  4. How is this difgerent? (from other networking courses) ● We'll be taking the academic approach and talking a lot: – about what we see – about why stufg happens ● We'll be taking the hacker approach and start the other way around: with the hands-on ● “Shoot fjrst, ask questjons later” wireshark +4fd9

  5. Getting to know wireshark wireshark +4fd9

  6. Capturing data locally ● Just make sure to enable promiscuous mode* and you’re all set. – * do not drop packets not addressed to you ● Network card drivers have to support this. ● PRO TIP: Can also be used to capture USB data, GSM data, etc...* – * may require additjonal tools wireshark +4fd9

  7. Capturing data remotely ● What if you’re not physically present on the wire? – port mirroring – TaZmen Snifger Protocol (TZSP) – capture with tcpdump and import a cap fjle later ● tcpdump -i eth0 -s 65535 -w blah wireshark +4fd9

  8. ISO/OSI+DoD model wireshark +4fd9

  9. Encapsulation wireshark +4fd9

  10. Physical layer ● Specifjes the electrical, mechanical, procedural, and functjonal requirements for actjvatjng, maintaining, and deactjvatjng a physical link between end systems. wireshark +4fd9

  11. Data Link Layer ● Delivers messages to the proper device. ● Formats the message into data frames and adds a header containing the hardware destjnatjon and source address – Ethernet = MAC addresses (6 bytes) ● Consists of two parts: – Media Access Control – Logical Link Control wireshark +4fd9

  12. Ethernet ● e.g. Manchester encoding ● MAC addresses = 6 bytes – e.g. 08:1e:c7:f8:ec:91 ● First 3 bytes = OUI – Organizatjonally Unique Identjfjer assigned by the IEEE – First byte usually xxxxxx00 ● Last 3 bytes = Vendor assigned wireshark +4fd9

  13. WiFi standards Standard Year Frequency Bandwidth Modulation Speeds 802.11-1997 1997 2.4 GHz 22 MHz DSSS & FHSS 1 – 2 Mbps 802.11a 1999 5 GHz 20 MHz OFDM 6 – 54 Mbps 802.11b 1999 2.4 GHz 22 MHz DSSS 1 – 11 Mbps 802.11g 2003 2.4 GHz 20 MHz OFDM 6 – 54 Mbps 802.11n 2009 2.4 & 5 GHz 40 MHz MIMO-OFDM 7.2 – 135 Mbps 802.11ac 2013 5 GHz 160 MHz MIMO-OFDM 7.2 – 780 Mbps 802.11ad 2012 60 GHz 2.16 GHz OFDM 626 – 6756.75 Mbps wireshark +4fd9

  14. WiFi security ● no encryptjon ● WEP ● WPA ● WPA2 ● 802.1x wireshark +4fd9

  15. Network layer ● Responsible for addressing and routjng between devices that are not locally atuached. wireshark +4fd9

  16. IP ● Internet Protocol checks the destjnatjon address of each packet, and, using a routjng table, decides where a packet is to be sent next, choosing the best path. ● IP addresses are assigned in a hierarchical system ● Network part and host part ● IPv4 vs IPv6 – NB! Addresses are by far not the only difgerence between IPv6 and IPv4. wireshark +4fd9

  17. IPv4 addresses ● 4 bytes, e.g. 216.39.106.163 ● Classes: – A 1.0.0.0 to 126.255.255.255 – B 128.0.0.0 to 191.255.255.255 – C 192.0.0.0 to 223.255.255.255 – D 224.0.0.0 to 239.255.255.255 multjcast ● – E 240.0.0.0 to 254.255.255.255 r&d ● wireshark +4fd9

  18. IPv4 addresses (cont.) ● CIDR notatjon /29 ● 0.0.0.0 – default route ● 127.0.0.1 – loopback network 216.39.106.160 ● 255.255.255.255 – all nodes on broadcast 216.39.106.167 the current network (broadcast) wireshark +4fd9

  19. Private IPv4 address space ● 10.0.0.0 to 10.255.255.255 ● 172.16.0.0 to 172.31.255.255 ● 192.168.0.0 to 192.168.255.255 ● Can be used with NAT – Network address translatjon intended to help limit the efgects of IPv4 address exhaustjon wireshark +4fd9

  20. ARP ● Address Resolutjon Protocol allows to fjnd the hardware address of a host from a known IP address. ● 10.0.1.254 → 08:1e:c7:f8:ec:91 wireshark +4fd9

  21. ICMP ● ICMP is a management protocol and messaging service provider for IP. ● e.g. – Destjnatjon unreachable – TTL exceeded – echo request and echo reply wireshark +4fd9

  22. IPv6 ● IPv6 essentjally creates a parallel, independent Layer3 network. ● 340282366920938463463374607431768211456 addresses ● 2001:14d8:fga2:0000:0000:0000:0312:7007 ● 2001:14d8:fga2::312:7007 wireshark +4fd9

  23. Transport layer ● Responsible for the reliable transfer of data, by ensuring that data arrives at its destjnatjon error-free and in order. – Connectjon-oriented – requires that a connectjon with specifjc agreed-upon parameters be established before data is sent. – Connectjonless – requires no connectjon before data is sent. wireshark +4fd9

  24. User Datagram Protocol ● Stateless, transactjon-oriented ● "Best efgort" transport ● Notable features include: – Minimalist design – No control – No retransmissions wireshark +4fd9

  25. Fun demo ● Punching holes in fjrewalls and NAT routers with UDP wireshark +4fd9

  26. Transport Control Protocol ● Stateful, connectjon-oriented ● "Reliable" transport ● Notable features include: – 3-way handshake – Error detectjon – Ordered transfer – Flow control wireshark +4fd9

  27. Three-way handshake wireshark +4fd9

  28. zmap ● Modular and open-source network scanner specifjcally designed for Internet-wide scans ● Scans the whole IPv4 address space in 45 minutes (1Gbps) ● How does it work? wireshark +4fd9

  29. Routing ● TTL decreased with every hop ● Routjng decisions taken based on the routjng table and route distance ● Routjng types – Statjc routjng – Default routjng – Dynamic routjng wireshark +4fd9

  30. Static routing ● Manually settjng up routes on each router ● Does not scale well wireshark +4fd9

  31. Default routing ● Used to send packets having a destjnatjon address in a remote network not in the routjng table to the next hop router. wireshark +4fd9

  32. Dynamic routing ● Dynamically updates routjng tables on the router using routjng protocols: – distance-vector protocols determine the route with the least number of hops to be the best route – RIP, IGRP, etc. – link state protocols (also called shortest path fjrst) use additjonal metrics and recreate the topology representatjon on each router; e.g. they can take congestjon into account – OSPF, etc. wireshark +4fd9

  33. Application level protocols ● DNS ● SMTP ● HTTP ● ... wireshark +4fd9

  34. DNS overview "zone delegation" NS RR ("resource record") names the nameserver = resource records authoritative for delegated subzone associated with name = "delegated subzone" zone of authority, managed by a name server When a system administrator wants to let another administrator manage a part of a zone, the fjrst see also: RFC 1034 4.2: administrator's nameserver delegates part of the zone to another How the database is divided into zones. nameserver. wireshark +4fd9

  35. (some) DNS record types ● A / AAAA– Address – Returns an IP address ● MX – Mail exchange – Maps a domain name to a list of message transfer agents ● NS – Name server – Delegates a DNS zone to use the given authoritatjve name servers ● PTR – Pointer – Pointer to a canonical name – Unlike a CNAME, DNS processing stops and just the name is returned wireshark +4fd9

  36. DNS queries ● dig @nameserver domain record-type +trace ● dig en.wikipedia.org ANY – pseudo-record – self explanatory ● dig @ns.example.com example.com AXFR – pseudo-record – authoritatjve transfer wireshark +4fd9

  37. SMTP Simple Mail Transfer Protocol @←→ ✉ wireshark +4fd9

  38. SMTP protocol – 220 mail.example.org ESMTP Sendmail; Fri, 15 Jan 2016 16:27:08 +0000 ● HELO relay.example.org – 250 mail.example.org Hello relay.example.org [192.168.2.3] (may be forged), pleased to meet you ● MAIL FROM: <alice@example.org> – 250 2.1.0 alice@example.org... Sender ok ● RCPT TO: <bob@example.com> – 250 2.1.5 bob@example.com... Recipient ok wireshark +4fd9

  39. SMTP protocol ● DATA – 354 Enter mail, end with "." on a line by itself ● From: "Alice Alice" <alice@example.com> To: "Bob Bob" <bob@example.org> Date: Fri, 15 Jan 2016 16:27:03 +0000 Subject: Test e-mail Testjng. . wireshark +4fd9

  40. SMTP protocol – 250 2.0.0 vB3DJ2cP000123 Message accepted for delivery ● QUIT – 221 2.0.0 mail.example.org closing connectjon wireshark +4fd9

  41. HTTP request GET /page HTTP/1.1 Host: example.com User-Agent: Mozilla/5.0 Gecko/20100101 Firefox/50.0 Accept: text/html,applicatjon/xhtml+xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, defmate Cookie: hell=o; data=1001090933 Connectjon: keep-alive wireshark +4fd9

  42. HTTP response HTTP/1.1 200 OK Date: Thu, 01 Aug 2016 12:02:57 GMT Server: Apache Content-Length: 2667 Keep-Alive: tjmeout=3, max=20 Connectjon: Keep-Alive Content-Type: text/html <html> wireshark +4fd9

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Wireshark Drinking straight from the network hose Wireshark Drinking straight from the network

Wireshark Drinking straight from the network hose Wireshark Drinking straight from the network

Wireshark Drinking straight from the network hose Wireshark Drinking straight from the network hose Md. Abdul Awal TEIN Application Workshop 2017 BdREN University of Dhaka awal@bdren.net.bd December 11, 2017 These materials are licensed

612 views • 31 slides
Wireshark network analyzing tool 19/03/2018 1 Wireshark network analyzing tool What?

Wireshark network analyzing tool 19/03/2018 1 Wireshark network analyzing tool What?

Wireshark network analyzing tool 19/03/2018 1 Wireshark network analyzing tool What? One of the best open source packet analyzers available today Captures network packets and tries to display content as detailed as possible

338 views • 5 slides
Wireshark Tutorial Chris Neasbitt UGA Dept. of Computer Science Contents Introduction

Wireshark Tutorial Chris Neasbitt UGA Dept. of Computer Science Contents Introduction

Wireshark Tutorial Chris Neasbitt UGA Dept. of Computer Science Contents Introduction What is a network trace? What is Wireshark? Basic UI Some of the most useful parts of the UI. Packet Capture How do we capture

1.05k views • 27 slides
Section 6: More Wireshark, advanced SSH CSE 461 Computer Networks Wireshark

Section 6: More Wireshark, advanced SSH CSE 461 Computer Networks Wireshark

Section 6: More Wireshark, advanced SSH CSE 461 Computer Networks Wireshark https://courses.cs.washington.edu/courses/cse461/20au/section-data/461-demo.pcap Open this file in wireshark

622 views • 26 slides
Visualizing Network Traffic with Wireshark TROUBLESHOOTING WITH THE I/O GRAPH Chris Greer

Visualizing Network Traffic with Wireshark TROUBLESHOOTING WITH THE I/O GRAPH Chris Greer

Visualizing Network Traffic with Wireshark TROUBLESHOOTING WITH THE I/O GRAPH Chris Greer NETWORK ANALYST @packetpioneer www.packetpioneer.com Why So Important? James Packets can be very detailed Network Engineer Visualizing Traffic

221 views • 11 slides
Section ?: More Wireshark, advanced SSH CSE 461 Computer Networks Wireshark (Not that) advanced

Section ?: More Wireshark, advanced SSH CSE 461 Computer Networks Wireshark (Not that) advanced

Section ?: More Wireshark, advanced SSH CSE 461 Computer Networks Wireshark (Not that) advanced SSH ssh user@server -p port SSH Keys SSH Encryption SSH uses symmetrical encryption The session key is negotiated securely under

530 views • 25 slides
W0RKSH0P @KirilsSolovjovs Why am I doing this? Many people atuending hacker conferences are

W0RKSH0P @KirilsSolovjovs Why am I doing this? Many people atuending hacker conferences are

Network concepts introduction &amp; wireshark W0RKSH0P @KirilsSolovjovs Why am I doing this? Many people atuending hacker conferences are not in fact experts, but come here to learn and have fun Opportunity to learn something new

942 views • 46 slides
IPv6/6LoWPAN with Wireshark March 2016 ICTP Alvaro Vives (alvaro.vives@nodo6.com) NODO6

IPv6/6LoWPAN with Wireshark March 2016 ICTP Alvaro Vives (alvaro.vives@nodo6.com) NODO6

IPv6/6LoWPAN with Wireshark March 2016 ICTP Alvaro Vives (alvaro.vives@nodo6.com) NODO6 (www.nodo6.com) Content 1 Introduction to Wireshark 2 Capturing IPv6 Traffic 3 Capturing 6Lowpan Traffic 2 Workshop on New Frontiers in IoT -

379 views • 17 slides
1 Introduction Introduction Communication System Baseband an adjective that describes

1 Introduction Introduction Communication System Baseband an adjective that describes

Introduction Introduction Physical Layer Mobile network Global ISP Provides the means to transmit bits Basic Concepts of from sender to receiver, Data Transmission Defines the mechanical, electrical, and Home network timing

463 views • 7 slides
Lab 1: Packet Sniffing and Wireshark Fengwei Zhang Wayne State University Course: Cyber

Lab 1: Packet Sniffing and Wireshark Fengwei Zhang Wayne State University Course: Cyber

Lab 1: Packet Sniffing and Wireshark Fengwei Zhang Wayne State University Course: Cyber Security Practice 1 Packet Sniffer Packet sniffer is a basic tool for observing network packet exchanges in a computer Capturing (sniffs)

593 views • 14 slides
Lab 1: Packet Sniffing and Wireshark Fengwei Zhang SUSTech CS 315 Computer Security 1 Packet

Lab 1: Packet Sniffing and Wireshark Fengwei Zhang SUSTech CS 315 Computer Security 1 Packet

Lab 1: Packet Sniffing and Wireshark Fengwei Zhang SUSTech CS 315 Computer Security 1 Packet Sniffer Packet sniffer is a basic tool for observing network packet exchanges in a computer Capturing (sniffs) packets being

485 views • 13 slides
Workshop Introduction Indigenizing Environmental Identities Organized by: Sustainability Network

Workshop Introduction Indigenizing Environmental Identities Organized by: Sustainability Network

Workshop Introduction Indigenizing Environmental Identities Organized by: Sustainability Network February 24-25, 2018 Toronto, Ontario Dr. Damien Lee Kat Ryan Facilitator introductions... Workshop outline This one and a half day workshop

733 views • 58 slides
Lab 1: Packet Sniffing and Wireshark Fengwei Zhang Wayne State University CSC 5991 Cyber

Lab 1: Packet Sniffing and Wireshark Fengwei Zhang Wayne State University CSC 5991 Cyber

Lab 1: Packet Sniffing and Wireshark Fengwei Zhang Wayne State University CSC 5991 Cyber Security Prac@ce 1 Packet Sniffer Packet sniffer is a basic tool for observing network packet exchanges in a computer Capturing (sniffs)

172 views • 14 slides
TCP/IP: ICMP, UDP Network Security Lecture 5 Recap and overview Looking at security of

TCP/IP: ICMP, UDP Network Security Lecture 5 Recap and overview Looking at security of

TCP/IP: ICMP, UDP Network Security Lecture 5 Recap and overview Looking at security of TCP/IP IP, Ethernet, ARP Sniffing the network and forging packets tcpdump, wireshark Today: ICMP and UDP Eike Ritter Network Security -

881 views • 38 slides
SOIAL PROJECT NETWORK DETAILS CONCEPTS ASSOCIATION ANALYSIS Social network parameters

SOIAL PROJECT NETWORK DETAILS CONCEPTS ASSOCIATION ANALYSIS Social network parameters

SOIAL PROJECT NETWORK DETAILS CONCEPTS ASSOCIATION ANALYSIS Social network parameters SOCIAL NETWORKS A feedback network is one where active nodes or agents send tokens or communications through their network to help locate potential

220 views • 21 slides
Recap and overview Looking at security of TCP/IP IP, Ethernet, ARP TCP/IP: ICMP, UDP

Recap and overview Looking at security of TCP/IP IP, Ethernet, ARP TCP/IP: ICMP, UDP

1/24/2012 Recap and overview Looking at security of TCP/IP IP, Ethernet, ARP TCP/IP: ICMP, UDP Sniffing the network and forging packets tcpdump, wireshark Today: ICMP and UDP Network Security Lecture 5 Eike Ritter Network

281 views • 7 slides
Agenda Introduction to ARP ARP functionality Proxy ARP RARP Applied

Agenda Introduction to ARP ARP functionality Proxy ARP RARP Applied

1/13 ARP: Address Resolution Protocol Surasak Sanguanpong nguan@ku.ac.th http://www.cpe.ku.ac.th/~nguan Last updated: July 3, 2002 Applied Network Research Group Department of Computer Engineering, Kasetsart

510 views • 7 slides
CS615 - Aspects of System Administration Networking II Department of Computer Science Stevens

CS615 - Aspects of System Administration Networking II Department of Computer Science Stevens

CS615 - Aspects of System Administration Slide 1 CS615 - Aspects of System Administration Networking II Department of Computer Science Stevens Institute of Technology Jan Schaumann jschauma@stevens.edu

578 views • 55 slides
Simple Internetworking Network 1 (Ethernet) Internetworking Network 2 (Ethernet) H1 H2 H3 H7

Simple Internetworking Network 1 (Ethernet) Internetworking Network 2 (Ethernet) H1 H2 H3 H7

Simple Internetworking Network 1 (Ethernet) Internetworking Network 2 (Ethernet) H1 H2 H3 H7 R3 H8 Network 4 (point-to-point) R1 R2 Kameswari Chebrolu H4 Network 3 (FDDI) Router Dept. of Electrical Engineering, IIT Kanpur H6 H5

543 views • 4 slides
A Proof of MITM Vulnerability in Public WLANs Guarded by Captive Portal Author: Wei-Lin Chen

A Proof of MITM Vulnerability in Public WLANs Guarded by Captive Portal Author: Wei-Lin Chen

A Proof of MITM Vulnerability in Public WLANs Guarded by Captive Portal Author: Wei-Lin Chen Po-Kang Chen Quincy Wu Outline Introduction Motivation Related Works Authentication of Public WLAN Implementation &amp;

426 views • 30 slides
Guide to Networking Essentials Fifth Edition Chapter 6 Network Communications and Protocols

Guide to Networking Essentials Fifth Edition Chapter 6 Network Communications and Protocols

Guide to Networking Essentials Fifth Edition Chapter 6 Network Communications and Protocols Objectives Explain the function of protocols in a network Describe common protocol suites Guide to Networking Essentials, Fifth Edition 2

916 views • 47 slides
Were glad youre here! Find a seat Begin the self-assessment you will find at the

Were glad youre here! Find a seat Begin the self-assessment you will find at the

Were glad youre here! Find a seat Begin the self-assessment you will find at the tables Learn as much about agile as you Learn as much about agile as you want and then try to apply it want and then try to apply it

554 views • 26 slides
Particle Pa ticle Ph Physi ysics cs Co Coll llid ide Jamie Dorey, Open University Richard

Particle Pa ticle Ph Physi ysics cs Co Coll llid ide Jamie Dorey, Open University Richard

Wh When n Pu Publ blic ic Re Rela lati tions ons an and d Particle Pa ticle Ph Physi ysics cs Co Coll llid ide Jamie Dorey, Open University Richard Holliman, Open University Eileen Scanlon, Open University James Gillies, CERN

427 views • 8 slides
Lars Groth Master in Dr. oecon., NHH organizational Norwegian School sociology, UiO of

Lars Groth Master in Dr. oecon., NHH organizational Norwegian School sociology, UiO of

Lars Groth Master in Dr. oecon., NHH organizational Norwegian School sociology, UiO of Economics 1970 1980 1990 2000 2010 2020 Prof. II Nylands Morgen- Media Avenir Verksted bladet Vision NTNU UiO Department of Department

1.67k views • 42 slides

More recommend