wireshark
play

Wireshark Drinking straight from the network hose Wireshark - PDF document

Jun 15, 2023 •285 likes •612 views

Wireshark Drinking straight from the network hose Wireshark Drinking straight from the network hose Md. Abdul Awal TEIN Application Workshop 2017 BdREN University of Dhaka awal@bdren.net.bd December 11, 2017 These materials are licensed

  1. Wireshark Drinking straight from the network hose

  2. Wireshark Drinking straight from the network hose Md. Abdul Awal TEIN Application Workshop 2017 BdREN University of Dhaka awal@bdren.net.bd December 11, 2017 These materials are licensed under the Creative Commons Attribution-NonCommercial 4.0 International license. https://creativecommons.org/licenses/by-nc/4.0/

  3. Agenda • Wireshark Intro • Monitoring port using Wireshark • Demo/Lab • Discussion awal@bdren.net.bd TEIN Application Workshop 2017, University of Dhaka 2

  4. Motivation for Network Monitoring • Essential for Network Management • Router and Firewall policy • Detecting abnormal/error in networking • Access control • Security Management • Detecting abnormal traffic • Traffic log for future forensic analysis awal@bdren.net.bd TEIN Application Workshop 2017, University of Dhaka 3

  5. What is Wireshark? • Packet sniffer/protocol analyzer • Open Source Network Tool • Latest version of the ethereal tool awal@bdren.net.bd TEIN Application Workshop 2017, University of Dhaka 4

  6. Installation • Windows/MacOS Download: https://www.wireshark.org/#download • Linux: CentOS – yum install wireshark Ubuntu – apt-get install wireshark Red Hat – rpm –iv wireshark*rpm awal@bdren.net.bd TEIN Application Workshop 2017, University of Dhaka 5

  7. Wireshark Interface Command Menu Display Filter Menu Captured Packet List Selected Packet’s Info Packet’s Content in ASCII and Hex Format Status Bar awal@bdren.net.bd TEIN Application Workshop 2017, University of Dhaka 6

  8. Where do I put the Wireshark?

  9. Hub awal@bdren.net.bd TEIN Application Workshop 2017, University of Dhaka 8

  10. Switch awal@bdren.net.bd TEIN Application Workshop 2017, University of Dhaka 9

  11. Switch with SPAN Port awal@bdren.net.bd TEIN Application Workshop 2017, University of Dhaka 10

  12. Tap awal@bdren.net.bd TEIN Application Workshop 2017, University of Dhaka 11

  13. Lab 1 • Open Wireshark • Select your LAN/WLAN interface to capture traffic • Select to stop Wireshark after 5MB • Run Capture • Open your browser and log on to tein.asia • Ping tein.asia to identify the IP address • Find the IP from the captured packets awal@bdren.net.bd TEIN Application Workshop 2017, University of Dhaka 12

  14. Display Filter (Post Filter) awal@bdren.net.bd TEIN Application Workshop 2017, University of Dhaka 13

  15. Display Filter Examples • ip.src == 10.1.11.24 • ip.addr == 192.168.1.10 && ip.addr==192.168.1.20 • tcp.dstport== 80 • tcp.port == 80 || tcp.port == 3389 • !(ip.addr == 192.168.1.10 && ip.addr == 192.168.1.20) • (ip.addr == 192.168.1.10 && ip.addr == 192.168.1.20) && (tcp.port == 445 || tcp.port == 139) • (ip.addr == 192.168.1.10 && ip.addr == 192.168.1.20) && (udp.port == 67 || udp.port == 68) awal@bdren.net.bd TEIN Application Workshop 2017, University of Dhaka 14

  16. Statistics>Protocol Hierarchy awal@bdren.net.bd TEIN Application Workshop 2017, University of Dhaka 15

  17. Export HTTP Object awal@bdren.net.bd TEIN Application Workshop 2017, University of Dhaka 16

  18. Analyze>Follow>TCP Stream RED: Stuff you sent BLUE: Stuff you get awal@bdren.net.bd TEIN Application Workshop 2017, University of Dhaka 17

  19. Statistics>Conversations awal@bdren.net.bd TEIN Application Workshop 2017, University of Dhaka 18

  20. Statistics>Flow Graph awal@bdren.net.bd TEIN Application Workshop 2017, University of Dhaka 19

  21. Statistics>Packet Lengths awal@bdren.net.bd TEIN Application Workshop 2017, University of Dhaka 20

  22. Statistics>TCP Stream Graphs>RTT awal@bdren.net.bd TEIN Application Workshop 2017, University of Dhaka 21

  23. Lab 2 • Open GNS3 and prepare the following lab • Configure interfaces with IP addresses • Configure VTY interface for telnet awal@bdren.net.bd TEIN Application Workshop 2017, University of Dhaka 22

  24. Example: R2 interface fa0/0 no shutdown ip address 10.10.10.2 255.255.255.252 ! line vty 0 4 password abc123 login awal@bdren.net.bd TEIN Application Workshop 2017, University of Dhaka 23

  25. Open Wireshark awal@bdren.net.bd TEIN Application Workshop 2017, University of Dhaka 24

  26. Ping R2 from R1 ping 10.10.10.2 repeat 50 awal@bdren.net.bd TEIN Application Workshop 2017, University of Dhaka 25

  27. Telnet to R2 from R1 telnet 10.10.10.2 awal@bdren.net.bd TEIN Application Workshop 2017, University of Dhaka 26

  28. Analyze>Follow>TCP Stream awal@bdren.net.bd TEIN Application Workshop 2017, University of Dhaka 27

  29. Homework Do it for SSH awal@bdren.net.bd TEIN Application Workshop 2017, University of Dhaka 28

  30. Improve Wireshark Performance • Don’t use capture filters • Increase your read buffer size • Get a faster computer • Use a TAP • Don’t resolve names awal@bdren.net.bd TEIN Application Workshop 2017, University of Dhaka 29

  31. Questions? awal@bdren.net.bd TEIN Application Workshop 2017, University of Dhaka 30

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Section 6: More Wireshark, advanced SSH CSE 461 Computer Networks Wireshark

Section 6: More Wireshark, advanced SSH CSE 461 Computer Networks Wireshark

Section 6: More Wireshark, advanced SSH CSE 461 Computer Networks Wireshark https://courses.cs.washington.edu/courses/cse461/20au/section-data/461-demo.pcap Open this file in wireshark

622 views • 26 slides
Network concepts introduction & wireshark workshop @ KirilsSolovjovs wireshark +4fd9

Network concepts introduction & wireshark workshop @ KirilsSolovjovs wireshark +4fd9

Network concepts introduction & wireshark workshop @ KirilsSolovjovs wireshark +4fd9 ISO/OSI+DoD model wireshark +4fd9 T opics for our workshop Network layer models Ethernet, WiFi Layer3: ARP, ICMP, IPv4, IPv6 Layer4:

812 views • 44 slides
Section ?: More Wireshark, advanced SSH CSE 461 Computer Networks Wireshark (Not that) advanced

Section ?: More Wireshark, advanced SSH CSE 461 Computer Networks Wireshark (Not that) advanced

Section ?: More Wireshark, advanced SSH CSE 461 Computer Networks Wireshark (Not that) advanced SSH ssh user@server -p port SSH Keys SSH Encryption SSH uses symmetrical encryption The session key is negotiated securely under

530 views • 25 slides
Wireshark network analyzing tool 19/03/2018 1 Wireshark network analyzing tool What?

Wireshark network analyzing tool 19/03/2018 1 Wireshark network analyzing tool What?

Wireshark network analyzing tool 19/03/2018 1 Wireshark network analyzing tool What? One of the best open source packet analyzers available today Captures network packets and tries to display content as detailed as possible

338 views • 5 slides
Wireshark Tutorial Chris Neasbitt UGA Dept. of Computer Science Contents Introduction

Wireshark Tutorial Chris Neasbitt UGA Dept. of Computer Science Contents Introduction

Wireshark Tutorial Chris Neasbitt UGA Dept. of Computer Science Contents Introduction What is a network trace? What is Wireshark? Basic UI Some of the most useful parts of the UI. Packet Capture How do we capture

1.05k views • 27 slides
CSE 484 / CSE M 584 Computer Security: SQL, Wireshark, and Policy TA: Thomas Crosley

CSE 484 / CSE M 584 Computer Security: SQL, Wireshark, and Policy TA: Thomas Crosley

CSE 484 / CSE M 584 Computer Security: SQL, Wireshark, and Policy TA: Thomas Crosley tcrosley@cs SQL Review Structured Query Language (SQL) used to communicate with databases Standard SQL commands SELECT, INSERT, UPDATE, DELETE, DROP

771 views • 12 slides
CSE 484 / CSE M 584 Computer Security: iOS, Wireless Security & Wireshark TA: Adrian Sham

CSE 484 / CSE M 584 Computer Security: iOS, Wireless Security & Wireshark TA: Adrian Sham

CSE 484 / CSE M 584 Computer Security: iOS, Wireless Security & Wireshark TA: Adrian Sham adrsham@cs With material from Franzi and Bens slides Logistics / Reminders Tomorrow Ian will introduce more tools you will need for Lab #3

318 views • 11 slides
UC.yber; Meeting 24 Meet New Leadership and Wireshark If Youre New! Join our Slack

UC.yber; Meeting 24 Meet New Leadership and Wireshark If Youre New! Join our Slack

UC.yber; Meeting 24 Meet New Leadership and Wireshark If Youre New! Join our Slack ucyber.slack.com Follow us on Twitter @UCyb3r and Facebook UC.yber; University of Cincinnati OWASP Chapter Feel free to get involved with one of

502 views • 19 slides
Cyber@UC Meeting 34 Wireshark, Packets, PCAPs, and Pings If Youre New! Join our Slack

Cyber@UC Meeting 34 Wireshark, Packets, PCAPs, and Pings If Youre New! Join our Slack

Cyber@UC Meeting 34 Wireshark, Packets, PCAPs, and Pings If Youre New! Join our Slack ucyber.slack.com Follow us on Twitter @UCyb3r and Facebook UC.yber; University of Cincinnati OWASP Chapter Feel free to get involved with one

464 views • 9 slides
Cyber@UC Meeting 55 Wireshark Demo If Youre New! Join our Slack: ucyber.slack.com SIGN

Cyber@UC Meeting 55 Wireshark Demo If Youre New! Join our Slack: ucyber.slack.com SIGN

Cyber@UC Meeting 55 Wireshark Demo If Youre New! Join our Slack: ucyber.slack.com SIGN IN! (Slackbot will post the link in #general) Feel free to get involved with one of our committees: Content Finance Public Affairs Outreach

261 views • 14 slides
IPv6/6LoWPAN with Wireshark March 2016 ICTP Alvaro Vives (alvaro.vives@nodo6.com) NODO6

IPv6/6LoWPAN with Wireshark March 2016 ICTP Alvaro Vives (alvaro.vives@nodo6.com) NODO6

IPv6/6LoWPAN with Wireshark March 2016 ICTP Alvaro Vives (alvaro.vives@nodo6.com) NODO6 (www.nodo6.com) Content 1 Introduction to Wireshark 2 Capturing IPv6 Traffic 3 Capturing 6Lowpan Traffic 2 Workshop on New Frontiers in IoT -

379 views • 17 slides
Mininet 3+4 and Wireshark Running GUI Apps through Mininet VM Can you SSH into your VM?

Mininet 3+4 and Wireshark Running GUI Apps through Mininet VM Can you SSH into your VM?

Mininet 3+4 and Wireshark Running GUI Apps through Mininet VM Can you SSH into your VM? Yes, I can SSH into my Mininet VM Install and run X11 Server Mac users: XQuartz: https://www.xquartz.org/ Windows users: Use

560 views • 15 slides
Lab 1: Packet Sniffing and Wireshark Fengwei Zhang Wayne State University Course: Cyber

Lab 1: Packet Sniffing and Wireshark Fengwei Zhang Wayne State University Course: Cyber

Lab 1: Packet Sniffing and Wireshark Fengwei Zhang Wayne State University Course: Cyber Security Practice 1 Packet Sniffer Packet sniffer is a basic tool for observing network packet exchanges in a computer Capturing (sniffs)

593 views • 14 slides
Lab 1: Packet Sniffing and Wireshark Fengwei Zhang SUSTech CS 315 Computer Security 1 Packet

Lab 1: Packet Sniffing and Wireshark Fengwei Zhang SUSTech CS 315 Computer Security 1 Packet

Lab 1: Packet Sniffing and Wireshark Fengwei Zhang SUSTech CS 315 Computer Security 1 Packet Sniffer Packet sniffer is a basic tool for observing network packet exchanges in a computer Capturing (sniffs) packets being

485 views • 13 slides
Scripting and Extending Nmap and Wireshark with Lua by Gerald Combs & Gordon Fyodor

Scripting and Extending Nmap and Wireshark with Lua by Gerald Combs & Gordon Fyodor

Insecure.Org Insecure.Org Scripting and Extending Nmap and Wireshark with Lua by Gerald Combs & Gordon Fyodor Lyon Sharkfest 2010 June 16, 1:15 PM http://insecure.org/presentations/Sharkfest10/ Insecure.Org Insecure.Org Nmap

278 views • 16 slides
Lab 1: Packet Sniffing and Wireshark Fengwei Zhang Wayne State University CSC 5991 Cyber

Lab 1: Packet Sniffing and Wireshark Fengwei Zhang Wayne State University CSC 5991 Cyber

Lab 1: Packet Sniffing and Wireshark Fengwei Zhang Wayne State University CSC 5991 Cyber Security Prac@ce 1 Packet Sniffer Packet sniffer is a basic tool for observing network packet exchanges in a computer Capturing (sniffs)

172 views • 14 slides
University of Calgary CPSC 329 Guest Lecture: Carey Williamson What is network

University of Calgary CPSC 329 Guest Lecture: Carey Williamson What is network

University of Calgary CPSC 329 Guest Lecture: Carey Williamson What is network security? Types of attacks Real-world examples Wrapup and questions 2 The field of network security is about: how the bad guys

482 views • 19 slides
Merging packets with System Events using eBPF Luca Deri <deri@ntop.org>, @lucaderi Samuele

Merging packets with System Events using eBPF Luca Deri <deri@ntop.org>, @lucaderi Samuele

Merging packets with System Events using eBPF Luca Deri <deri@ntop.org>, @lucaderi Samuele Sabella <sabella@ntop.org>, @sabellasamuele Brussels - 2/3 February 2019 About Us Luca: lecturer at the University of Pisa, CS

280 views • 26 slides
NAV NAV Project Update By: Meghan Allen and Peter McLachlan NAV Objectives Develop a tool

NAV NAV Project Update By: Meghan Allen and Peter McLachlan NAV Objectives Develop a tool

NAV NAV Project Update By: Meghan Allen and Peter McLachlan NAV Objectives Develop a tool for network visualization Focus on common protocols: TCP/IP UDP/IP ICMP Within these protocols focus on common services

431 views • 14 slides
dnstap : high speed DNS logging without packet capture Jeroen Massar Farsight Security, Inc.

dnstap : high speed DNS logging without packet capture Jeroen Massar Farsight Security, Inc.

dnstap : high speed DNS logging without packet capture Jeroen Massar Farsight Security, Inc. Unifying the Global Response to Cybercrime Credits & More Info Design & Implementation: Robert Edmonds <edmonds@fsi.io> Website:

786 views • 40 slides
Section 1: Threat Modeling TA Introduction Keanu Vestil, he/him (keanu@cs.washington.edu) Eric

Section 1: Threat Modeling TA Introduction Keanu Vestil, he/him (keanu@cs.washington.edu) Eric

CSE 484 / CSE M 584 Section 1: Threat Modeling TA Introduction Keanu Vestil, he/him (keanu@cs.washington.edu) Eric Zeng, he/him (ericzeng@cs.washington.edu) Office Hours TBD - stay tuned! Icebreaker In breakout rooms, share your answers to

689 views • 23 slides
Cost Efficient Hardware Timestamping Intermediate Presentation Alexander Frank June 6, 2018

Cost Efficient Hardware Timestamping Intermediate Presentation Alexander Frank June 6, 2018

Chair of Network Architectures and Services Department of Informatics Technical University of Munich Cost Efficient Hardware Timestamping Intermediate Presentation Alexander Frank June 6, 2018 Chair of Network Architectures and Services

531 views • 13 slides
IOT Platform Vulnerabilities & Remedies ComputerWorld Survey Source: http://postscapes.com

IOT Platform Vulnerabilities & Remedies ComputerWorld Survey Source: http://postscapes.com

IOT Platform Vulnerabilities & Remedies ComputerWorld Survey Source: http://postscapes.com Recent IOT Hacks: Disassociation/ De-authorization Pre-installed keys managed by the controller via OTA commands Each node has copy of keys

333 views • 10 slides
Introduction to Networking 14-740: Fundamentals of Computer Networks Bill Nace Material from

Introduction to Networking 14-740: Fundamentals of Computer Networks Bill Nace Material from

Introduction to Networking 14-740: Fundamentals of Computer Networks Bill Nace Material from Computer Networking: A Top Down Approach, 7 th edition. J.F. Kurose and K.W. Ross Introduction to Networking Our goal: Get a feel for

698 views • 35 slides

More recommend