Ethernet-analyzer

    avatar
    Created by
    CGPS BSNL

    Cards (52)

    • An Intro to Network Analyzers
      View source
    • References
      • "Introduction to Wiresharkl", Dr. Farid Farahmand, Fall 2014
      • "Packet analyzer", Wikipedia, March 2013
      • "Wireshark User's Guide", For Wireshark 1.99
      • "Wireshark Installation & packet Chapter", August 2011
      View source
    • Network Analysis & Sniffing
      Process of capturing, decoding, & analyzing network traffic
      View source
    • Why network analysis & sniffing is done
      • Why is the network slow
      • What is the network traffic pattern
      • How is the traffic being shared between nodes
      View source
    • Other names for network analysis & sniffing
      • traffic analysis
      • protocol analysis
      • sniffing
      • packet analysis
      • eavesdropping
      View source
    • Network Analyzer
      A combination of hardware & software tools what can detect, decode, & manipulate traffic on the network
      View source
    • Types of network analyzer operation
      • Passive monitoring (detection) - Difficult to detect
      • Active (attack)
      View source
    • Examples of network analyzers
      • Wireshark / Ethereal
      • Windump
      • Etherpeak
      • Dsniff
      View source
    • Sniffer
      A program that monitors the data traveling through the network passively
      View source
    • Read: Basic Packet-Sniffer Construction from the Ground Up! by Chad Renfro
      View source
    • Checkout his program: sniff.c
      View source
    • Network Analyzer Components
      • Hardware
      • Capture driver
      • Buffer
      • Real-time analysis
      • Decoder
      View source
    • Capture driver
      NIC Card - capturing the data
      View source
    • Buffer
      • memory
      • Special hardware devices
      • CRC & Parity Errors
      • Monitoring voltage fluctuation
      • Jitter (random timing variation)
      • Jabber (failure to handle electrical signals)
      • or disk-based
      View source
    • Real-time analysis
      Analyzing the traffic in real time; detecting any intrusions
      View source
    • Decoder
      Making data readable
      View source
    • Who uses network analyzers
      • System administrators
      • Malicious individuals (intruders)
      • Test engineers
      View source
    • System administrators use network analyzers to
      Identify system problems & Analyze performance
      View source
    • What malicious individuals use network analyzers for
      • Capture cleartext data
      • Passively collect data on vulnerable protocols
      • Mapping the target network
      • Traffic pattern discovery
      • Actively break into the network (backdoor techniques)
      View source
    • Vulnerable protocols
      • FTP
      • HTTP
      • IMAP
      • POP3
      • rlogin
      • SNTP
      View source
    • Test engineers use network analyzers to
      Generate traffic & thus act as the reference device
      View source
    • Port Monitoring
      The traffic to each port is mirrored to the sniffer
      View source
    • If you want to capture Ethernet traffic that is sent by host A to host B, & both are connected to a HUB, just attach a sniffer to this hub. All other ports see the traffic between hosts A & B.
      View source
    • On a SWITCH, after the host B MAC address is learned, unicast traffic from A to B is only forwarded to the B port. Therefore, the sniffer DOES NOT see this traffic.
      View source
    • Span port
      An extra feature that artificially copies unicast packets that host A sends to the sniffer port
      View source
    • Ways to protect against sniffers
      • Spoofing the MAC address
      • Detecting a sniffer in Linux
      • Detecting a sniffer in Windows
      View source
    • Remember: 00:01:02:03:04:05 MAC address (HWaddr) = Vender Address + Unique NIC #
      View source
    • Ways to protect against sniffers
      • Using switches
      • Using encryption
      View source
    • VPN Methods
      • Secure Shell (SSH): headers are not encrypted
      • Secure Sockets Layer (SSL): high network level packet security; headers are not encrypted
      • IPsec: Encrypted headers but does not use TCP or UDP
      View source
    • Remember: Never use unauthorized Sniffers at work!
      View source
    • Wireshark
      Formerly called Ethereal, an open source program with many features that decodes over 750 protocols
      View source
    • Wireshark components
      • TSHARK (CLI)
      • Editcap
      • Mergecap
      • Text2pcap
      View source
    • Editcap
      Similar to "Save As" to translate the format of captured packets
      View source
    • Mergecap
      Combines multiple saved captured files
      View source
    • Text2pcap
      Converts ASCII Hexdump captures & writes the data into a libpcap output file
      View source
    • Installing Wireshark
      1. Download from www.wireshark.org/download.html
      2. Install capture drivers
      3. Monitor ports & capture all traveling packets
      View source
    • If you did not succeed, search for "Wireshark" in the Ubuntu Dash and install, or go to Firefox and Google "Wireshark for Ubuntu 14.04" and follow the instructions.
      View source
    • Enabling root privileges for Wireshark
      1. sudo -s
      2. usermod -a -G wireshark your-user-name
      3. chgrp wireshark /usr/bin/dumpcap
      4. chmod 4750 /usr/bin/dumpcap
      View source
    • You can safely run Wireshark to inspect, edit or filter packet dumps without root privileges, e.g., wireshark -i eth0 -c 5
      View source
    • Ethernet
      Most popular protocol standard to enable computer communication, based on shared medium & broadcasting
      View source