section 6 more wireshark advanced ssh
play

Section 6: More Wireshark, advanced SSH CSE 461 Computer Networks - PowerPoint PPT Presentation

Oct 03, 2023 •343 likes •622 views

Section 6: More Wireshark, advanced SSH CSE 461 Computer Networks Wireshark https://courses.cs.washington.edu/courses/cse461/20au/section-data/461-demo.pcap Open this file in wireshark

  1. Section 6: More Wireshark, advanced SSH CSE 461 Computer Networks

  2. Wireshark ● https://courses.cs.washington.edu/courses/cse461/20au/section-data/461-demo.pcap ○ Open this file in wireshark ● https://courses.cs.washington.edu/courses/cse461/20au/section-data/pcap-demo.md

  3. Wireshark Filters ● ip ○ ip.addr == <address> ● icmp ● ipv6 ● icmpv6 ● tcp ○ tcp.port == 80 ● udp ● dns ○ dns.qry.name == website.com ● http ● tls (https) Combine filters with “&&”, “||”, “^^”, “!” Compare values with “==”, “<”, “>”, “matches”, “contains”, and more https://www.wireshark.org/docs/wsug_html_chunked/ChWorkBuildDisplayFilterSection.html

  4. (Not that) advanced SSH

  5. ssh user@server -p port

  6. SSH Keys

  7. SSH Encryption ● SSH uses symmetrical encryption The session key is negotiated securely under asymmetrical encryption, upon ● each connection ● SSH “keys” (or passwords) are used for key negotiation ● We will learn more about cryptography in lecture Take CSE 484 (Security) and CSE 490C (Cryptography) if you are interested ○ ● We will focus on the more practical side of SSH

  8. Why keys over passwords? ● More secure than passwords Keys have completely (?) random bits ○ ○ Passwords are vulnerable to dictionary attacks Easier to manage ● ○ Keys are kept locally and supplied automatically when you need them ○ Remembering passwords can be a pain ○ Keys can be revoked easily

  9. Generating an SSH key pair To generate a key pair (RSA, by default): ssh-keygen [-t type] ● We recommend using Ed25519 over RSA: ssh-keygen -t ed25519 ○ ○ Ed25519 is faster and more secure, but a lot of people are still using RSA You probably have these already if you have used the CSE Gitlab ○ ● By default, generates keys under ~/.ssh/ ○ Public key: id_{rsa|ed25519|...}.pub ○ Private key: id_{rsa|ed25519|...} ○ Keep your private keys private Optional passphrase to protect your private keys ● ○ Additional passphrase-based encryption, so adversaries can’t get your private keys even if your machine is compromised ○ Can be skipped by not typing in a password and pressing Enter

  10. Authenticating with your SSH key ● Before you can use your keys, you need to install them on the server i.e. Add your public key as a single line to ~/.ssh/authorized_keys on the server ○ ■ <protocol> <public key text> <annotation> ssh-ed25519 <text from ssh-ed25519.pub> starikov@desktop ● ○ You can edit the file manually by logging in with your password Or use ssh-copy-id [-i path/to/private/key] someserver (on macOS and Linux) ○ ● Use -i path/to/private/key to specify a key when SSHing ○ Your id_{rsa|ed25519|dsa|...} key under ~/.ssh/ is used by default ○ Or use the IdentityFile option in SSH config ● When you log in, the server looks up your public key in authorized_keys and lets you in if there is a match

  11. Server Verification (Known hosts) ● The client stores the key of every server it knows under ~/.ssh/known_hosts SSH stops you from connecting to a server if the server’s key doesn’t match ● the one in known_hosts ○ This is to prevent someone from impersonating the server you have previously used Will occur if you install a new OS at the same IP address ■ ■ Or if the ssh server keys are changed If you trust the new server identity, simply delete its key from known_hosts ○ ■ Can be done by deleting the appropriate line manually ssh-keygen -R "hostname" ■

  12. ssh-agent ● Like a password manager for SSH keys if [ -z "$SSH_AUTH_SOCK" ] ; then eval `ssh-agent -s` eval `ssh-agent` ● ssh-add fi ○ Starts ssh agent ○ To automatically start, place this in .bashrc: ssh-add [path/to/private/key] to add key to ssh-agent ● ○ By default adds your id_{rsa|ed25519|dsa|...} The passphrase is remembered for the entire session ● The ssh agent can be forwarded over SSH ● ○ ssh -A SSH config file: ○ ■ ForwardAgent yes AddKeysToAgent yes ■

  13. SSH Config File

  14. SSH Config File ● Per user config at ~/.ssh/config (create if doesn’t exist) Allows you to define hosts aliases with configurations ● Host attu attu? recycle bicycle tricycle Hostname %h.cs.washington.edu Port 22 User starikov IdentityFile ~/.ssh/id_ed25519

  15. Simple host configs Host attu Host mininet Hostname attu.cs.washington.edu Hostname localhost Port 22 Port 2222 User starikov User mininet IdentityFile ~/.ssh/id_ed25519 With the config above, I can just run ssh attu to connect to attu. Equivalent to ssh starikov@attu.cs.washington.edu -p 22 -i ~/.ssh/id_ed25519 `Hostname` also works with IP addresses

  16. A slightly more complicated config Host attu attu? recycle bicycle tricycle Hostname %h.cs.washington.edu Port 22 User starikov IdentityFile ~/.ssh/id_ed25519 This config defines many hosts at the same time, including a wildcard ( attu? ). Note that %h will be replaced by the actual value of “Host.” With this config, I can do ssh attu8 to connect to attu8.cs.washington.edu.

  17. SSH Port Forwarding/Tunneling

  18. Local Forwarding ( -L ) ● Opens a local port that forwards to a remote port Syntax: -L port:host:hostport ● Use case ● ○ I have a service running on the server but it’s bound to localhost only on the remote server ssh -L 8888:localhost:8888 server ■ ○ Service is on a private network that the server can reach, but my local computer cannot ■ I can ssh into the server and connect to a service running on privateServer ssh -L 8888:privateServer:8888 server ■ ● SSH Config: LocalForward 8888 privateServer:8888 ○ ● VSCode’s Remote SSH extension provides this feature ○ Ctrl+Shift+P and search for “Forward a Port”

  19. Remote Forwarding ( -R ) ● Opens a port on remote that forwards to a local port Syntax: -R port:host:hostport ● Requires “ GatewayPorts yes ” to be enabled on SSH server (sshd_config) ● ● Use case ○ Access desktop ssh (localhost:22) from publicserver.com:2222 ■ ssh -R 2222:localhost:22 publicserver.com ○ Access local mininet VM from publicserver.com:2222 ■ ssh -R 2222:192.168.56.101:22 publicserver.com ● Port Forwarded Mininet: ssh -R 2222:localhost:2222 publicserver.com SSH Config: ● ○ RemoteForward 2222 192.168.56.101:22

  20. Dynamic Forwarding ( -D ) ● Uses SSH as a SOCKS proxy Syntax: -D port ● ● Use case ○ Use as a proxy server for accessing hosts from the SSH server’s connection ■ Can be used to access multiple hosts that are on an internal network ■ Can also be used to access websites from the IP address of the SSH server ● Libraries allow access without a paywall/login when using a UW IP address ● Firefox allows you to connect to a SOCKS proxy ssh -D 1080 attu ○ ■ Sets up a SOCKS proxy on localhost:1080 that proxies connections through attu ○ SSH Config: ■ DynamicForward localhost:1080

  21. SSH Jump Host

  22. Jump Host ( -J ) ● Jump through intermediate hosts to the final SSH destination Syntax: -J jumphost ● Use case ● ○ You want to connect to a host over SSH behind a LAN externally, but only have SSH access to another server in that network ssh -J attu1 attu2 ○ Equivalent to: ■ 1. ssh -L 2200:attu2:22 attu1 2. ssh -p 2200 localhost ssh -J attu1,attu2,attu3,attu4 attu5 ○ Jumps from attu1 to attu2 to attu3 to attu4 and finally attu5. ■

  23. SSH Config for Jump Host Proxy ### First jumphost. Directly reachable Host alphajump HostName jumphost1.example.org ### Second jumphost. Only reachable via jumphost1.example.org Host betajump HostName jumphost2.example.org ProxyJump alphajump ### Host only reachable via alphajump and betajump Host behindalphabeta HostName behindalphabeta.example.org ProxyJump betajump

  24. X11 Forwarding

  25. X11 Forwarding ( -X ) ● Lets you run GUI apps over SSH Syntax: -X ● Needs “ X11Forwarding yes ” enabled on server (sshd_config) ● ● You might need to install an “X server” on the client if you are on Windows or macOS XQuartz for macOS (and add XAuthLocation /usr/X11/bin/xauth to your SSH config) ○ ○ Xming or vcxsrv for Windows ssh -X attu ● SSH Config: ● ForwardX11 yes ○

  26. Other useful SSH tricks ● VS Code Remote SSH ○ A lot of you have been using it ○ Super useful for debugging code on remote machine ● tmux Keep sessions running even if you disconnect ○ ■ tmux attach will reopen a running tmux session Split the terminal into smaller panels and create multiple windows ○ ○ Very configurable: customizable hotkeys, mouse mode, and more! See man ssh or tldr ssh to learn more about advanced SSH features! ●

Recommend

Section ?: More Wireshark, advanced SSH CSE 461 Computer Networks Wireshark (Not that) advanced

Section ?: More Wireshark, advanced SSH CSE 461 Computer Networks Wireshark (Not that) advanced

Section ?: More Wireshark, advanced SSH CSE 461 Computer Networks Wireshark (Not that) advanced SSH ssh user@server -p port SSH Keys SSH Encryption SSH uses symmetrical encryption The session key is negotiated securely under

530 views • 25 slides
Network concepts introduction &amp; wireshark workshop @ KirilsSolovjovs wireshark +4fd9

Network concepts introduction &amp; wireshark workshop @ KirilsSolovjovs wireshark +4fd9

Network concepts introduction &amp; wireshark workshop @ KirilsSolovjovs wireshark +4fd9 ISO/OSI+DoD model wireshark +4fd9 T opics for our workshop Network layer models Ethernet, WiFi Layer3: ARP, ICMP, IPv4, IPv6 Layer4:

812 views • 44 slides
Wireshark network analyzing tool 19/03/2018 1 Wireshark network analyzing tool What?

Wireshark network analyzing tool 19/03/2018 1 Wireshark network analyzing tool What?

Wireshark network analyzing tool 19/03/2018 1 Wireshark network analyzing tool What? One of the best open source packet analyzers available today Captures network packets and tries to display content as detailed as possible

338 views • 5 slides
Wireshark Drinking straight from the network hose Wireshark Drinking straight from the network

Wireshark Drinking straight from the network hose Wireshark Drinking straight from the network

Wireshark Drinking straight from the network hose Wireshark Drinking straight from the network hose Md. Abdul Awal TEIN Application Workshop 2017 BdREN University of Dhaka awal@bdren.net.bd December 11, 2017 These materials are licensed

612 views • 31 slides
Wireshark Tutorial Chris Neasbitt UGA Dept. of Computer Science Contents Introduction

Wireshark Tutorial Chris Neasbitt UGA Dept. of Computer Science Contents Introduction

Wireshark Tutorial Chris Neasbitt UGA Dept. of Computer Science Contents Introduction What is a network trace? What is Wireshark? Basic UI Some of the most useful parts of the UI. Packet Capture How do we capture

1.05k views • 27 slides
Advanced Section #1: Linear Algebra and Hypothesis Testing Will Claybaugh CS109A Introduction to

Advanced Section #1: Linear Algebra and Hypothesis Testing Will Claybaugh CS109A Introduction to

Advanced Section #1: Linear Algebra and Hypothesis Testing Will Claybaugh CS109A Introduction to Data Science Pavlos Protopapas and Kevin Rader 1 Advanced Section 1 WARNING This deck uses animations to focus attention and break apart complex

1.2k views • 60 slides
CSE 484 / CSE M 584 Computer Security: SQL, Wireshark, and Policy TA: Thomas Crosley

CSE 484 / CSE M 584 Computer Security: SQL, Wireshark, and Policy TA: Thomas Crosley

CSE 484 / CSE M 584 Computer Security: SQL, Wireshark, and Policy TA: Thomas Crosley tcrosley@cs SQL Review Structured Query Language (SQL) used to communicate with databases Standard SQL commands SELECT, INSERT, UPDATE, DELETE, DROP

771 views • 12 slides
Section 9 Section 9 Advanced Instructions a 9-1 1 Instruction Set Overview Instruction Set

Section 9 Section 9 Advanced Instructions a 9-1 1 Instruction Set Overview Instruction Set

Section 9 Section 9 Advanced Instructions a 9-1 1 Instruction Set Overview Instruction Set Overview Program Flow Control Load/Store Move Stack Control Control Code Bit Management Logical Operations Bit Operations Shift/Rotate

808 views • 47 slides
CSE 484 / CSE M 584 Computer Security: iOS, Wireless Security &amp; Wireshark TA: Adrian Sham

CSE 484 / CSE M 584 Computer Security: iOS, Wireless Security &amp; Wireshark TA: Adrian Sham

CSE 484 / CSE M 584 Computer Security: iOS, Wireless Security &amp; Wireshark TA: Adrian Sham adrsham@cs With material from Franzi and Bens slides Logistics / Reminders Tomorrow Ian will introduce more tools you will need for Lab #3

318 views • 11 slides
UC.yber; Meeting 24 Meet New Leadership and Wireshark If Youre New! Join our Slack

UC.yber; Meeting 24 Meet New Leadership and Wireshark If Youre New! Join our Slack

UC.yber; Meeting 24 Meet New Leadership and Wireshark If Youre New! Join our Slack ucyber.slack.com Follow us on Twitter @UCyb3r and Facebook UC.yber; University of Cincinnati OWASP Chapter Feel free to get involved with one of

502 views • 19 slides
Cyber@UC Meeting 34 Wireshark, Packets, PCAPs, and Pings If Youre New! Join our Slack

Cyber@UC Meeting 34 Wireshark, Packets, PCAPs, and Pings If Youre New! Join our Slack

Cyber@UC Meeting 34 Wireshark, Packets, PCAPs, and Pings If Youre New! Join our Slack ucyber.slack.com Follow us on Twitter @UCyb3r and Facebook UC.yber; University of Cincinnati OWASP Chapter Feel free to get involved with one

464 views • 9 slides
Advanced Section #5: Visualization of convolutional networks and neural style transfer AC 209B:

Advanced Section #5: Visualization of convolutional networks and neural style transfer AC 209B:

Advanced Section #5: Visualization of convolutional networks and neural style transfer AC 209B: Advanced Topics in Data Science Javier Zazo Pavlos Protopapas Neural style transfer Artistic generation of high perceptual quality images that

710 views • 44 slides
Cyber@UC Meeting 55 Wireshark Demo If Youre New! Join our Slack: ucyber.slack.com SIGN

Cyber@UC Meeting 55 Wireshark Demo If Youre New! Join our Slack: ucyber.slack.com SIGN

Cyber@UC Meeting 55 Wireshark Demo If Youre New! Join our Slack: ucyber.slack.com SIGN IN! (Slackbot will post the link in #general) Feel free to get involved with one of our committees: Content Finance Public Affairs Outreach

261 views • 14 slides
IPv6/6LoWPAN with Wireshark March 2016 ICTP Alvaro Vives (alvaro.vives@nodo6.com) NODO6

IPv6/6LoWPAN with Wireshark March 2016 ICTP Alvaro Vives (alvaro.vives@nodo6.com) NODO6

IPv6/6LoWPAN with Wireshark March 2016 ICTP Alvaro Vives (alvaro.vives@nodo6.com) NODO6 (www.nodo6.com) Content 1 Introduction to Wireshark 2 Capturing IPv6 Traffic 3 Capturing 6Lowpan Traffic 2 Workshop on New Frontiers in IoT -

379 views • 17 slides
Mininet 3+4 and Wireshark Running GUI Apps through Mininet VM Can you SSH into your VM?

Mininet 3+4 and Wireshark Running GUI Apps through Mininet VM Can you SSH into your VM?

Mininet 3+4 and Wireshark Running GUI Apps through Mininet VM Can you SSH into your VM? Yes, I can SSH into my Mininet VM Install and run X11 Server Mac users: XQuartz: https://www.xquartz.org/ Windows users: Use

560 views • 15 slides
Lab 1: Packet Sniffing and Wireshark Fengwei Zhang Wayne State University Course: Cyber

Lab 1: Packet Sniffing and Wireshark Fengwei Zhang Wayne State University Course: Cyber

Lab 1: Packet Sniffing and Wireshark Fengwei Zhang Wayne State University Course: Cyber Security Practice 1 Packet Sniffer Packet sniffer is a basic tool for observing network packet exchanges in a computer Capturing (sniffs)

593 views • 14 slides
Lab 1: Packet Sniffing and Wireshark Fengwei Zhang SUSTech CS 315 Computer Security 1 Packet

Lab 1: Packet Sniffing and Wireshark Fengwei Zhang SUSTech CS 315 Computer Security 1 Packet

Lab 1: Packet Sniffing and Wireshark Fengwei Zhang SUSTech CS 315 Computer Security 1 Packet Sniffer Packet sniffer is a basic tool for observing network packet exchanges in a computer Capturing (sniffs) packets being

485 views • 13 slides
SVM AND STATISTICAL LEARNING THEORY W. RYAN LEE CS109/AC209/STAT121 ADVANCED SECTION

SVM AND STATISTICAL LEARNING THEORY W. RYAN LEE CS109/AC209/STAT121 ADVANCED SECTION

SVM AND STATISTICAL LEARNING THEORY W. RYAN LEE CS109/AC209/STAT121 ADVANCED SECTION INSTRUCTORS: P. PROTOPAPAS, K. RADER FALL 2017, HARVARD UNIVERSITY In the last chapter, we introduced GLMs and, in particular, logistic regression, which was

394 views • 5 slides
Advanced Grant Proposal Writing The Proposal Needs Section Exemplary Tips, Techniques and

Advanced Grant Proposal Writing The Proposal Needs Section Exemplary Tips, Techniques and

Advanced Grant Proposal Writing The Proposal Needs Section Exemplary Tips, Techniques and Examples Todays Presenter Marissa Burger 10 Years with Resource Associates Bachelor of Science Degree in Journalism from California

523 views • 28 slides
Advanced Section #4: Methods of Dimensionality Reduction: Principal Component Analysis (PCA)

Advanced Section #4: Methods of Dimensionality Reduction: Principal Component Analysis (PCA)

Advanced Section #4: Methods of Dimensionality Reduction: Principal Component Analysis (PCA) Cedric Flamant CS109A Introduction to Data Science Pavlos Protopapas, Kevin Rader, and Chris Tanner 1 Outline 1. Introduction: a. Why

586 views • 34 slides
Advanced Section #3: Methods of Regularization and their justifications Robbert Struyven and

Advanced Section #3: Methods of Regularization and their justifications Robbert Struyven and

Advanced Section #3: Methods of Regularization and their justifications Robbert Struyven and Pavlos Protopapas (viz. Camilo Fosco) CS109A Introduction to Data Science Pavlos Protopapas , Kevin Rader and Chris Tanner 1 Outline Motivation for

1.1k views • 60 slides
Scripting and Extending Nmap and Wireshark with Lua by Gerald Combs &amp; Gordon Fyodor

Scripting and Extending Nmap and Wireshark with Lua by Gerald Combs &amp; Gordon Fyodor

Insecure.Org Insecure.Org Scripting and Extending Nmap and Wireshark with Lua by Gerald Combs &amp; Gordon Fyodor Lyon Sharkfest 2010 June 16, 1:15 PM http://insecure.org/presentations/Sharkfest10/ Insecure.Org Insecure.Org Nmap

278 views • 16 slides
Lab 1: Packet Sniffing and Wireshark Fengwei Zhang Wayne State University CSC 5991 Cyber

Lab 1: Packet Sniffing and Wireshark Fengwei Zhang Wayne State University CSC 5991 Cyber

Lab 1: Packet Sniffing and Wireshark Fengwei Zhang Wayne State University CSC 5991 Cyber Security Prac@ce 1 Packet Sniffer Packet sniffer is a basic tool for observing network packet exchanges in a computer Capturing (sniffs)

172 views • 14 slides
Section 280G Congress 20 years ago inflicted on an otherwise near-perfect Internal Revenue

Section 280G Congress 20 years ago inflicted on an otherwise near-perfect Internal Revenue

Advanced Topics IRC Section 280G Congress 20 years ago inflicted on an otherwise near-perfect Internal Revenue Code section 280G and section 4999, the golden parachute penalty tax provisions Rocap, Donald E., Levin, Jack S. and Ginsburg,

820 views • 35 slides

More recommend