wireshark
play

Wireshark Drinking straight from the network hose Wireshark - PDF document

Jun 15, 2023 •285 likes •612 views

Wireshark Drinking straight from the network hose Wireshark Drinking straight from the network hose Md. Abdul Awal TEIN Application Workshop 2017 BdREN University of Dhaka awal@bdren.net.bd December 11, 2017 These materials are licensed

  1. Wireshark Drinking straight from the network hose

  2. Wireshark Drinking straight from the network hose Md. Abdul Awal TEIN Application Workshop 2017 BdREN University of Dhaka awal@bdren.net.bd December 11, 2017 These materials are licensed under the Creative Commons Attribution-NonCommercial 4.0 International license. https://creativecommons.org/licenses/by-nc/4.0/

  3. Agenda • Wireshark Intro • Monitoring port using Wireshark • Demo/Lab • Discussion awal@bdren.net.bd TEIN Application Workshop 2017, University of Dhaka 2

  4. Motivation for Network Monitoring • Essential for Network Management • Router and Firewall policy • Detecting abnormal/error in networking • Access control • Security Management • Detecting abnormal traffic • Traffic log for future forensic analysis awal@bdren.net.bd TEIN Application Workshop 2017, University of Dhaka 3

  5. What is Wireshark? • Packet sniffer/protocol analyzer • Open Source Network Tool • Latest version of the ethereal tool awal@bdren.net.bd TEIN Application Workshop 2017, University of Dhaka 4

  6. Installation • Windows/MacOS Download: https://www.wireshark.org/#download • Linux: CentOS – yum install wireshark Ubuntu – apt-get install wireshark Red Hat – rpm –iv wireshark*rpm awal@bdren.net.bd TEIN Application Workshop 2017, University of Dhaka 5

  7. Wireshark Interface Command Menu Display Filter Menu Captured Packet List Selected Packet’s Info Packet’s Content in ASCII and Hex Format Status Bar awal@bdren.net.bd TEIN Application Workshop 2017, University of Dhaka 6

  8. Where do I put the Wireshark?

  9. Hub awal@bdren.net.bd TEIN Application Workshop 2017, University of Dhaka 8

  10. Switch awal@bdren.net.bd TEIN Application Workshop 2017, University of Dhaka 9

  11. Switch with SPAN Port awal@bdren.net.bd TEIN Application Workshop 2017, University of Dhaka 10

  12. Tap awal@bdren.net.bd TEIN Application Workshop 2017, University of Dhaka 11

  13. Lab 1 • Open Wireshark • Select your LAN/WLAN interface to capture traffic • Select to stop Wireshark after 5MB • Run Capture • Open your browser and log on to tein.asia • Ping tein.asia to identify the IP address • Find the IP from the captured packets awal@bdren.net.bd TEIN Application Workshop 2017, University of Dhaka 12

  14. Display Filter (Post Filter) awal@bdren.net.bd TEIN Application Workshop 2017, University of Dhaka 13

  15. Display Filter Examples • ip.src == 10.1.11.24 • ip.addr == 192.168.1.10 && ip.addr==192.168.1.20 • tcp.dstport== 80 • tcp.port == 80 || tcp.port == 3389 • !(ip.addr == 192.168.1.10 && ip.addr == 192.168.1.20) • (ip.addr == 192.168.1.10 && ip.addr == 192.168.1.20) && (tcp.port == 445 || tcp.port == 139) • (ip.addr == 192.168.1.10 && ip.addr == 192.168.1.20) && (udp.port == 67 || udp.port == 68) awal@bdren.net.bd TEIN Application Workshop 2017, University of Dhaka 14

  16. Statistics>Protocol Hierarchy awal@bdren.net.bd TEIN Application Workshop 2017, University of Dhaka 15

  17. Export HTTP Object awal@bdren.net.bd TEIN Application Workshop 2017, University of Dhaka 16

  18. Analyze>Follow>TCP Stream RED: Stuff you sent BLUE: Stuff you get awal@bdren.net.bd TEIN Application Workshop 2017, University of Dhaka 17

  19. Statistics>Conversations awal@bdren.net.bd TEIN Application Workshop 2017, University of Dhaka 18

  20. Statistics>Flow Graph awal@bdren.net.bd TEIN Application Workshop 2017, University of Dhaka 19

  21. Statistics>Packet Lengths awal@bdren.net.bd TEIN Application Workshop 2017, University of Dhaka 20

  22. Statistics>TCP Stream Graphs>RTT awal@bdren.net.bd TEIN Application Workshop 2017, University of Dhaka 21

  23. Lab 2 • Open GNS3 and prepare the following lab • Configure interfaces with IP addresses • Configure VTY interface for telnet awal@bdren.net.bd TEIN Application Workshop 2017, University of Dhaka 22

  24. Example: R2 interface fa0/0 no shutdown ip address 10.10.10.2 255.255.255.252 ! line vty 0 4 password abc123 login awal@bdren.net.bd TEIN Application Workshop 2017, University of Dhaka 23

  25. Open Wireshark awal@bdren.net.bd TEIN Application Workshop 2017, University of Dhaka 24

  26. Ping R2 from R1 ping 10.10.10.2 repeat 50 awal@bdren.net.bd TEIN Application Workshop 2017, University of Dhaka 25

  27. Telnet to R2 from R1 telnet 10.10.10.2 awal@bdren.net.bd TEIN Application Workshop 2017, University of Dhaka 26

  28. Analyze>Follow>TCP Stream awal@bdren.net.bd TEIN Application Workshop 2017, University of Dhaka 27

  29. Homework Do it for SSH awal@bdren.net.bd TEIN Application Workshop 2017, University of Dhaka 28

  30. Improve Wireshark Performance • Don’t use capture filters • Increase your read buffer size • Get a faster computer • Use a TAP • Don’t resolve names awal@bdren.net.bd TEIN Application Workshop 2017, University of Dhaka 29

  31. Questions? awal@bdren.net.bd TEIN Application Workshop 2017, University of Dhaka 30

Recommend

Section 6: More Wireshark, advanced SSH CSE 461 Computer Networks Wireshark

Section 6: More Wireshark, advanced SSH CSE 461 Computer Networks Wireshark

Section 6: More Wireshark, advanced SSH CSE 461 Computer Networks Wireshark https://courses.cs.washington.edu/courses/cse461/20au/section-data/461-demo.pcap Open this file in wireshark

622 views • 26 slides
Network concepts introduction & wireshark workshop @ KirilsSolovjovs wireshark +4fd9

Network concepts introduction & wireshark workshop @ KirilsSolovjovs wireshark +4fd9

Network concepts introduction & wireshark workshop @ KirilsSolovjovs wireshark +4fd9 ISO/OSI+DoD model wireshark +4fd9 T opics for our workshop Network layer models Ethernet, WiFi Layer3: ARP, ICMP, IPv4, IPv6 Layer4:

812 views • 44 slides
Section ?: More Wireshark, advanced SSH CSE 461 Computer Networks Wireshark (Not that) advanced

Section ?: More Wireshark, advanced SSH CSE 461 Computer Networks Wireshark (Not that) advanced

Section ?: More Wireshark, advanced SSH CSE 461 Computer Networks Wireshark (Not that) advanced SSH ssh user@server -p port SSH Keys SSH Encryption SSH uses symmetrical encryption The session key is negotiated securely under

530 views • 25 slides
Wireshark network analyzing tool 19/03/2018 1 Wireshark network analyzing tool What?

Wireshark network analyzing tool 19/03/2018 1 Wireshark network analyzing tool What?

Wireshark network analyzing tool 19/03/2018 1 Wireshark network analyzing tool What? One of the best open source packet analyzers available today Captures network packets and tries to display content as detailed as possible

338 views • 5 slides
Wireshark Tutorial Chris Neasbitt UGA Dept. of Computer Science Contents Introduction

Wireshark Tutorial Chris Neasbitt UGA Dept. of Computer Science Contents Introduction

Wireshark Tutorial Chris Neasbitt UGA Dept. of Computer Science Contents Introduction What is a network trace? What is Wireshark? Basic UI Some of the most useful parts of the UI. Packet Capture How do we capture

1.05k views • 27 slides
CSE 484 / CSE M 584 Computer Security: SQL, Wireshark, and Policy TA: Thomas Crosley

CSE 484 / CSE M 584 Computer Security: SQL, Wireshark, and Policy TA: Thomas Crosley

CSE 484 / CSE M 584 Computer Security: SQL, Wireshark, and Policy TA: Thomas Crosley tcrosley@cs SQL Review Structured Query Language (SQL) used to communicate with databases Standard SQL commands SELECT, INSERT, UPDATE, DELETE, DROP

771 views • 12 slides
CSE 484 / CSE M 584 Computer Security: iOS, Wireless Security & Wireshark TA: Adrian Sham

CSE 484 / CSE M 584 Computer Security: iOS, Wireless Security & Wireshark TA: Adrian Sham

CSE 484 / CSE M 584 Computer Security: iOS, Wireless Security & Wireshark TA: Adrian Sham adrsham@cs With material from Franzi and Bens slides Logistics / Reminders Tomorrow Ian will introduce more tools you will need for Lab #3

318 views • 11 slides
UC.yber; Meeting 24 Meet New Leadership and Wireshark If Youre New! Join our Slack

UC.yber; Meeting 24 Meet New Leadership and Wireshark If Youre New! Join our Slack

UC.yber; Meeting 24 Meet New Leadership and Wireshark If Youre New! Join our Slack ucyber.slack.com Follow us on Twitter @UCyb3r and Facebook UC.yber; University of Cincinnati OWASP Chapter Feel free to get involved with one of

502 views • 19 slides
Cyber@UC Meeting 34 Wireshark, Packets, PCAPs, and Pings If Youre New! Join our Slack

Cyber@UC Meeting 34 Wireshark, Packets, PCAPs, and Pings If Youre New! Join our Slack

Cyber@UC Meeting 34 Wireshark, Packets, PCAPs, and Pings If Youre New! Join our Slack ucyber.slack.com Follow us on Twitter @UCyb3r and Facebook UC.yber; University of Cincinnati OWASP Chapter Feel free to get involved with one

464 views • 9 slides
Cyber@UC Meeting 55 Wireshark Demo If Youre New! Join our Slack: ucyber.slack.com SIGN

Cyber@UC Meeting 55 Wireshark Demo If Youre New! Join our Slack: ucyber.slack.com SIGN

Cyber@UC Meeting 55 Wireshark Demo If Youre New! Join our Slack: ucyber.slack.com SIGN IN! (Slackbot will post the link in #general) Feel free to get involved with one of our committees: Content Finance Public Affairs Outreach

261 views • 14 slides
IPv6/6LoWPAN with Wireshark March 2016 ICTP Alvaro Vives (alvaro.vives@nodo6.com) NODO6

IPv6/6LoWPAN with Wireshark March 2016 ICTP Alvaro Vives (alvaro.vives@nodo6.com) NODO6

IPv6/6LoWPAN with Wireshark March 2016 ICTP Alvaro Vives (alvaro.vives@nodo6.com) NODO6 (www.nodo6.com) Content 1 Introduction to Wireshark 2 Capturing IPv6 Traffic 3 Capturing 6Lowpan Traffic 2 Workshop on New Frontiers in IoT -

379 views • 17 slides
Mininet 3+4 and Wireshark Running GUI Apps through Mininet VM Can you SSH into your VM?

Mininet 3+4 and Wireshark Running GUI Apps through Mininet VM Can you SSH into your VM?

Mininet 3+4 and Wireshark Running GUI Apps through Mininet VM Can you SSH into your VM? Yes, I can SSH into my Mininet VM Install and run X11 Server Mac users: XQuartz: https://www.xquartz.org/ Windows users: Use

560 views • 15 slides
Lab 1: Packet Sniffing and Wireshark Fengwei Zhang Wayne State University Course: Cyber

Lab 1: Packet Sniffing and Wireshark Fengwei Zhang Wayne State University Course: Cyber

Lab 1: Packet Sniffing and Wireshark Fengwei Zhang Wayne State University Course: Cyber Security Practice 1 Packet Sniffer Packet sniffer is a basic tool for observing network packet exchanges in a computer Capturing (sniffs)

593 views • 14 slides
Lab 1: Packet Sniffing and Wireshark Fengwei Zhang SUSTech CS 315 Computer Security 1 Packet

Lab 1: Packet Sniffing and Wireshark Fengwei Zhang SUSTech CS 315 Computer Security 1 Packet

Lab 1: Packet Sniffing and Wireshark Fengwei Zhang SUSTech CS 315 Computer Security 1 Packet Sniffer Packet sniffer is a basic tool for observing network packet exchanges in a computer Capturing (sniffs) packets being

485 views • 13 slides
Scripting and Extending Nmap and Wireshark with Lua by Gerald Combs & Gordon Fyodor

Scripting and Extending Nmap and Wireshark with Lua by Gerald Combs & Gordon Fyodor

Insecure.Org Insecure.Org Scripting and Extending Nmap and Wireshark with Lua by Gerald Combs & Gordon Fyodor Lyon Sharkfest 2010 June 16, 1:15 PM http://insecure.org/presentations/Sharkfest10/ Insecure.Org Insecure.Org Nmap

278 views • 16 slides
Lab 1: Packet Sniffing and Wireshark Fengwei Zhang Wayne State University CSC 5991 Cyber

Lab 1: Packet Sniffing and Wireshark Fengwei Zhang Wayne State University CSC 5991 Cyber

Lab 1: Packet Sniffing and Wireshark Fengwei Zhang Wayne State University CSC 5991 Cyber Security Prac@ce 1 Packet Sniffer Packet sniffer is a basic tool for observing network packet exchanges in a computer Capturing (sniffs)

172 views • 14 slides
Visualizing Network Traffic with Wireshark TROUBLESHOOTING WITH THE I/O GRAPH Chris Greer

Visualizing Network Traffic with Wireshark TROUBLESHOOTING WITH THE I/O GRAPH Chris Greer

Visualizing Network Traffic with Wireshark TROUBLESHOOTING WITH THE I/O GRAPH Chris Greer NETWORK ANALYST @packetpioneer www.packetpioneer.com Why So Important? James Packets can be very detailed Network Engineer Visualizing Traffic

221 views • 11 slides
Wireshark in a Multi-Core Environment Environment Using Hardware Acceleration Presenter: Pete

Wireshark in a Multi-Core Environment Environment Using Hardware Acceleration Presenter: Pete

Wireshark in a Multi-Core Environment Environment Using Hardware Acceleration Presenter: Pete Sanders, Napatech Inc. Sharkfest 2009 Stanford University Napatech - Sharkfest 1 2009 Presentation Overview About Napatech Why

444 views • 30 slides
Open Source Security Tool Turbo Talks Wireshark Sharkfest 2011 Gordon Fyodor Lyon Nmap

Open Source Security Tool Turbo Talks Wireshark Sharkfest 2011 Gordon Fyodor Lyon Nmap

Insecure.Org Insecure.Org Open Source Security Tool Turbo Talks Wireshark Sharkfest 2011 Gordon Fyodor Lyon Nmap Security Scanner Project Tod Beardsley Metasploit Project (Rapid7) Thomas D'Otreppe Aircrack-ng Insecure.Org

279 views • 11 slides
CS2910 Exercise: HTTP Response Size Names:

CS2910 Exercise: HTTP Response Size Names:

CS2910 Exercise: HTTP Response Size Names: ______________________________________________________________________________ Carriage Return and Line Feed Complete the following table: (Hint: You can find the values in the video, and in a Wireshark

473 views • 3 slides
W0RKSH0P @KirilsSolovjovs Why am I doing this? Many people atuending hacker conferences are

W0RKSH0P @KirilsSolovjovs Why am I doing this? Many people atuending hacker conferences are

Network concepts introduction & wireshark W0RKSH0P @KirilsSolovjovs Why am I doing this? Many people atuending hacker conferences are not in fact experts, but come here to learn and have fun Opportunity to learn something new

942 views • 46 slides
Recap and overview Looking at security of TCP/IP IP, Ethernet, ARP TCP/IP: ICMP, UDP

Recap and overview Looking at security of TCP/IP IP, Ethernet, ARP TCP/IP: ICMP, UDP

1/24/2012 Recap and overview Looking at security of TCP/IP IP, Ethernet, ARP TCP/IP: ICMP, UDP Sniffing the network and forging packets tcpdump, wireshark Today: ICMP and UDP Network Security Lecture 5 Eike Ritter Network

281 views • 7 slides
TCP/IP: ICMP, UDP Network Security Lecture 5 Recap and overview Looking at security of

TCP/IP: ICMP, UDP Network Security Lecture 5 Recap and overview Looking at security of

TCP/IP: ICMP, UDP Network Security Lecture 5 Recap and overview Looking at security of TCP/IP IP, Ethernet, ARP Sniffing the network and forging packets tcpdump, wireshark Today: ICMP and UDP Eike Ritter Network Security -

881 views • 38 slides
15-441: Computer Networks Recitation 5 P2 Lead TAs: Kartik Chitturi, Ines Potier Agenda 1.

15-441: Computer Networks Recitation 5 P2 Lead TAs: Kartik Chitturi, Ines Potier Agenda 1.

15-441: Computer Networks Recitation 5 P2 Lead TAs: Kartik Chitturi, Ines Potier Agenda 1. Introduction to Project 2 2. CP1 Starter Code 3. Checkpoint 1 4. Using Vagrant 5. Packet Captures & Wireshark 6. Q&A Project 2: TCP in The

272 views • 24 slides

More recommend