Wireshark Drinking straight from the network hose Wireshark - - PDF document

wireshark
SMART_READER_LITE
LIVE PREVIEW

Wireshark Drinking straight from the network hose Wireshark - - PDF document

Jun 15, 2023 285 likes •618 views

Wireshark Drinking straight from the network hose Wireshark Drinking straight from the network hose Md. Abdul Awal TEIN Application Workshop 2017 BdREN University of Dhaka awal@bdren.net.bd December 11, 2017 These materials are licensed

slide-1
SLIDE 1

Wireshark

Drinking straight from the network hose

slide-2
SLIDE 2

Wireshark

Drinking straight from the network hose

  • Md. Abdul Awal

BdREN awal@bdren.net.bd TEIN Application Workshop 2017 University of Dhaka December 11, 2017

These materials are licensed under the Creative Commons Attribution-NonCommercial 4.0 International license. https://creativecommons.org/licenses/by-nc/4.0/

slide-3
SLIDE 3

Agenda

  • Wireshark Intro
  • Monitoring port using Wireshark
  • Demo/Lab
  • Discussion

TEIN Application Workshop 2017, University of Dhaka awal@bdren.net.bd 2

slide-4
SLIDE 4

Motivation for Network Monitoring

  • Essential for Network Management
  • Router and Firewall policy
  • Detecting abnormal/error in networking
  • Access control
  • Security Management
  • Detecting abnormal traffic
  • Traffic log for future forensic analysis

TEIN Application Workshop 2017, University of Dhaka awal@bdren.net.bd 3

slide-5
SLIDE 5

What is Wireshark?

  • Packet sniffer/protocol analyzer
  • Open Source Network Tool
  • Latest version of the ethereal tool

TEIN Application Workshop 2017, University of Dhaka awal@bdren.net.bd 4

slide-6
SLIDE 6

Installation

  • Windows/MacOS Download:

https://www.wireshark.org/#download

  • Linux:

CentOS – yum install wireshark Ubuntu – apt-get install wireshark Red Hat – rpm –iv wireshark*rpm

TEIN Application Workshop 2017, University of Dhaka awal@bdren.net.bd 5

slide-7
SLIDE 7

Wireshark Interface

TEIN Application Workshop 2017, University of Dhaka awal@bdren.net.bd 6

Command Menu Display Filter Menu Captured Packet List Selected Packet’s Info Packet’s Content in ASCII and Hex Format Status Bar

slide-8
SLIDE 8

Where do I put the Wireshark?

slide-9
SLIDE 9

Hub

TEIN Application Workshop 2017, University of Dhaka awal@bdren.net.bd 8

slide-10
SLIDE 10

Switch

TEIN Application Workshop 2017, University of Dhaka awal@bdren.net.bd 9

slide-11
SLIDE 11

Switch with SPAN Port

TEIN Application Workshop 2017, University of Dhaka awal@bdren.net.bd 10

slide-12
SLIDE 12

Tap

TEIN Application Workshop 2017, University of Dhaka awal@bdren.net.bd 11

slide-13
SLIDE 13

Lab 1

  • Open Wireshark
  • Select your LAN/WLAN interface to capture traffic
  • Select to stop Wireshark after 5MB
  • Run Capture
  • Open your browser and log on to tein.asia
  • Ping tein.asia to identify the IP address
  • Find the IP from the captured packets

TEIN Application Workshop 2017, University of Dhaka awal@bdren.net.bd 12

slide-14
SLIDE 14

Display Filter (Post Filter)

TEIN Application Workshop 2017, University of Dhaka awal@bdren.net.bd 13

slide-15
SLIDE 15

Display Filter Examples

  • ip.src == 10.1.11.24
  • ip.addr == 192.168.1.10 && ip.addr==192.168.1.20
  • tcp.dstport== 80
  • tcp.port == 80 || tcp.port == 3389
  • !(ip.addr == 192.168.1.10 && ip.addr == 192.168.1.20)
  • (ip.addr == 192.168.1.10 && ip.addr == 192.168.1.20)

&& (tcp.port == 445 || tcp.port == 139)

  • (ip.addr == 192.168.1.10 && ip.addr == 192.168.1.20)

&& (udp.port == 67 || udp.port == 68)

TEIN Application Workshop 2017, University of Dhaka awal@bdren.net.bd 14

slide-16
SLIDE 16

Statistics>Protocol Hierarchy

TEIN Application Workshop 2017, University of Dhaka awal@bdren.net.bd 15

slide-17
SLIDE 17

Export HTTP Object

TEIN Application Workshop 2017, University of Dhaka awal@bdren.net.bd 16

slide-18
SLIDE 18

Analyze>Follow>TCP Stream

TEIN Application Workshop 2017, University of Dhaka awal@bdren.net.bd 17

RED: Stuff you sent BLUE: Stuff you get

slide-19
SLIDE 19

Statistics>Conversations

TEIN Application Workshop 2017, University of Dhaka awal@bdren.net.bd 18

slide-20
SLIDE 20

Statistics>Flow Graph

TEIN Application Workshop 2017, University of Dhaka awal@bdren.net.bd 19

slide-21
SLIDE 21

Statistics>Packet Lengths

TEIN Application Workshop 2017, University of Dhaka awal@bdren.net.bd 20

slide-22
SLIDE 22

Statistics>TCP Stream Graphs>RTT

TEIN Application Workshop 2017, University of Dhaka awal@bdren.net.bd 21

slide-23
SLIDE 23

Lab 2

  • Open GNS3 and prepare the following lab
  • Configure interfaces with IP addresses
  • Configure VTY interface for telnet

TEIN Application Workshop 2017, University of Dhaka awal@bdren.net.bd 22

slide-24
SLIDE 24

Example: R2

interface fa0/0 no shutdown ip address 10.10.10.2 255.255.255.252 ! line vty 0 4 password abc123 login

TEIN Application Workshop 2017, University of Dhaka awal@bdren.net.bd 23

slide-25
SLIDE 25

Open Wireshark

TEIN Application Workshop 2017, University of Dhaka awal@bdren.net.bd 24

slide-26
SLIDE 26

Ping R2 from R1

ping 10.10.10.2 repeat 50

TEIN Application Workshop 2017, University of Dhaka awal@bdren.net.bd 25

slide-27
SLIDE 27

Telnet to R2 from R1

telnet 10.10.10.2

TEIN Application Workshop 2017, University of Dhaka awal@bdren.net.bd 26

slide-28
SLIDE 28

Analyze>Follow>TCP Stream

TEIN Application Workshop 2017, University of Dhaka awal@bdren.net.bd 27

slide-29
SLIDE 29

Homework

TEIN Application Workshop 2017, University of Dhaka awal@bdren.net.bd 28

Do it for SSH

slide-30
SLIDE 30

Improve Wireshark Performance

  • Don’t use capture filters
  • Increase your read buffer size
  • Get a faster computer
  • Use a TAP
  • Don’t resolve names

TEIN Application Workshop 2017, University of Dhaka awal@bdren.net.bd 29

slide-31
SLIDE 31

Questions?

TEIN Application Workshop 2017, University of Dhaka awal@bdren.net.bd 30