Detecting Threats in Network Security by Analyzing Network Packets using Wireshark

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Detecting Threats in Network Security by Analyzing Network Packets using Wireshark"

Transcription

1 1 st International Conference of Recent Trends in Information and Communication Technologies Detecting Threats in Network Security by Analyzing Network Packets using Wireshark Abdulalem Ali *, Arafat Al-Dhaqm, Shukor Abd Razak Faculty of Computing, University Technology of Malaysia Abstract Nowadays it is very important to maintain a high level security to ensure safe and trusted communication of information between various organizations. Computer networks have kept up growing in size, complexity and, overall, in the number of its users as well as being in a permanent evolution. Hence, Packet sniffers are useful for analyzing network traffic over wired or wireless networks. In this paper, security network protocol analyzer, wireshark, has been used to capture the data from Center of Information and Communication Technology (CICT) network traffic in Universiti Teknologi Malaysia. These data can be applied as a sample to test it by wireshark. Indeed, the data packets have obtained are malware and non-malware. The aim of this paper is to analyze these data in order to help network administrator to monitor any abnormal behavior in the network and log it. The information gathered from CICT and the data analyzed using matching algorithm. The results gave high implication in the analysis of network and increase significant essence in network security to detect any threats that violate system security. Keywords: Matching Algorithm Network Security; Wireshark;. 1. Introduction Packet Sniffing is a technique for monitoring every packet that crosses the network. A packet sniffer is the best open source software available that monitors network traffic. The security threat presented by sniffers is their ability to capture all incoming and outgoing traffic, including clear text passwords and usernames or other sensitive material. Sniffer is a program running in a network attached device that passively receives all data link layer frames passing through the device's network adapter. It is also known as network or protocol analyzer or Ethernet Sniffer. The packet sniffer captures the data that is addressed to other machines, saving it for later analysis. It can be used legitimately by a network or system administrator to monitor and troubleshoot network traffic either in local area network or in host system [1]. In this paper, security network protocol analyzer wireshark has been used to capture the data from CICT network traffic. These data can be applied as a sample to test it by wireshark. Indeed, the data packets have obtained are malware and non-malware. *Corresponding author: IRICT 2014 Proceeding 12 th -14 th September, 2014, Universiti Teknologi Malaysia, Johor, Malaysia

2 Abdulalem Ali et. al. /IRICT (2014) The aim of this study is to analyze these data in order to help network administrator to monitor any abnormal behavior in the network and log it. The information gathered from CICT and the data were analyzed using open source tools. The rest of this paper is structured as follows. Section 2 presents tools for traffic analysis. Priciple of network sniffer in section 3. In Section 4, implementation of network sniffer. Methodology in section 5. In Section 6, The results. Finally, the conclusion is presented in Section Tools For Traffic Analysis Wireshark Previously known as Ethereal, Wireshark, as it is currently known, is a packet analyzer employed in analyzing troubleshooting of networks. The change of name was done in May, 2006 because of a trademark issue. Wireshark captures packets by means of PCAP. It is a cross-platform which is capable of running in various types of operating system that are Unix-like as well as Windows and Solaris. In Wireshark, it is not only the traffic meant for an address constructed for the particular interface that can be seen, but rather everyone is visible there [2]. This is possible because the user can make use of an interface allowing a loose mode. Figure.1: Wireshark tool. Wireshark makes it possible for the user to capture packets moving across the whole network on a given interface per time. The capture tool is one of the basic tools. The user is able to carry out the packet, and capture using the capturing menu which has a number of options to choose from based on the analysis desire. It is also possible for the analyst to set filters such that unwanted traffic that can be avoided during the capture [3]. Wireshark however, has a limitation in that it does not possess intrusion detection capability. The user gets no warning when an intruder tampers with something on the network and wireshark does not exercise control over the network. Space consumption is quite much with its 18MB file installation taking up to 81MB and 449MB respectively in Windows and Linux [4]. However, the Wireshark GUI is quite user friendly.

3 Abdulalem Ali et. al. /IRICT (2014) Soft Perfect Network Protocol Analyzer (SPNPA) This is an advanced, professional analyzer. It analyzes data passing through the dial-up connection or the Ethernet card and presents it in comprehensible form. It is a practical tool for different network personnel or any user requiring a broad picture of personal network traffic. SPNPA results are very easy to understand and also allows for defrayments of network packets and reassembling into streams. CAPSA This is an indispensable tool for network administrators. It is a freeware, designed for personal use or small business and useful for network monitoring, diagnosis and troubleshooting. Packet capturing is real-time, forensics is reliable, monitoring is on 24/7 basis, protocol analysis is advanced and packet decoding is in-depth. 3. Principle of Network Sniffer Network sniffer uses the local media; the transforming data can be detected by any computer system. Data frame is received by each computer s Ethernet network adapter, generating either a data frame that is a match of its own hardware address or a broadcast frame. With the two data frame type, for Ethernet network adapter, the data are transformed into upper processing, whereas it discards the other types of frames. In promiscuous mode, the adapter can accept data transmission in every segment and transfer same to the OS for further treatment. Data transformed within the sharing network can be detected in network sniffer as shown in Figure 2[5]. Figure.2: Implementation of Network Sniffer 4. Implementation Of Network Sniffer For the completion of network data collection, setting of network detector are done in the physical segment and linked to export routers on the network. This way, detection of all packets in the network is possible. NICO and NICI are the two adapters with which the network detector is configured as a host. While the former serves as the communication interface, the latter is set as the promiscuous mode and linked to the router at the same hub shown Figure 3.

4 Abdulalem Ali et. al. /IRICT (2014) Figure.3: Model of the Network Sniffing. Packer Sniffer A packet sniffer sniffs information passing through a system, and stores/presents the content of the fields in this message. It is the tool for monitoring communication between protocol entities. It is a passive tool; only observing communication without being responsible for initiating it; packets received are also not directly addressed to it, it only receives copies The typical packet sniffer set-up is shown in Figure 4 The protocols (IP) and applications are on the right. The sniffer is represented by the rectangular broken line. It is a mere addition to the regular computer software. It is made up of the packet capture library and the packet analyzer. The packet capture library receives a copy of information (link-layer frame) transmitted over the computer; encapsulation of information through higher layer protocols, e.g. DNS, HTTP, etc is done in link layer frames transmitted through physical media.. Figure 4. Packet Sniffer Structure The packet analyzer is the other component of the sniffer. It is responsible for displaying the contents of all fields in a protocol communication. To be able to do this, it must have an understanding of the structure of protocol communication. For example, if we intend to display the component fields of the communication on the HTTP protocol. The packet analyzer can identify the IP datagram format by comprehending the Ethernet frame format. It is also able to extract the TCP within the datagram. It is also able to comprehend HTTP protocol and will be able to identify the content of the first bytes of an HTTP message

5 Abdulalem Ali et. al. /IRICT (2014) Methodology Data of computer send through the network in the form of packets. These packets are the group of data is actually directed to the certain designated system. In reality, most of data sent through the network which need to predefine it before send it to the destination and all the data are going directly to a particular computer. There are many examples of packet sniffing software available on the internet for free that can be run on different platforms including windows and Linux. In our experiment, wireshark network analyzer is the one that will use to sniff network traffic in CICT department. These data traffic will be examined and compared with one pattern or signature form in order to find any abnormal pattern in these data. Actually, two kinds of data have been getting, one malware and the other one nonmalware. So we are going to test these data using one software tool to analyze it. A. Sniffing Process Here we are going to talk in a brief about sniffing process and our analysis implemented by wireshark software. The following steps describe sniffing process base on [6]: Packet sniffer collects raw binary data from the wire. Typically, this is done by switching the selected network interface into promiscuous mode Captured binary data is converted into a readable form. Analysis of the captured and converted data. The packet sniffer takes the captured network data, verifies its protocol based on the information extracted, and begins its analysis of these protocols for specific features. 6. Results The data packets were obtained from CICT department. These data packets were already captured from the network by wireshark. The data can be classified into two type malware and non-malware. When the data packet was compared with signature used one software tool implemented via matching algorithm to give us analysis parameters. This software can be used to compare the payload data for the selected protocol with a particular pattern as shown in the Figure 5. In our experiment, we used TCP payload string and compared with the small size of the pattern. In each time we compared around five packets with a specific pattern or signature in one trial. Figure.5: Packet Comparison Software Implemented by Matching Algorithm

6 Abdulalem Ali et. al. /IRICT (2014) In the above Figure 5, there are two input places, the first one is a load pattern input where you can type the specific signature pattern inside and in the second place for input is load string, this place can insert one or more packets to compare with pattern. After we insert the two inputs together, we press quick search algorithm button to get the following parameters from the software. First Testing using Malware Data Packets: We have two types of data packets which obtained from CICT organization, so that our experiment will be implemented in two stages. The first test is dealing with malware packet. Table 1 shows malware packages comparisons. Table 1. Number of Comparison Packets using Matching Algorithm No. Comparison Total Search Time No. Comparison Total Search Time I n f a In the above table, the data packets were tested three times, in the first comparison, we used five packets for TCP protocol to compare with signature (specific pattern). We observed that the number of comparisons is 537 and the time consuming is In the second comparison, we used six data packets so that we observed that the number of comparisons is increased but the time still stable. In the third comparison, we decrease the data packet into four therefore we found the number of comparisons decreased also and the time for total search was decreased Malware Testing Packet Series Series Series1 No. Total Search No. Total Search Comparison Time Comparison Time Figure.6: Malware Testing Payload using Matching Algorithm We have observed that, from Figure 6, the graph starting point always from the total search time. The first line, the red line, indicates that the maximum number of comparisons reaches more than 1000 and the second line is the blue line reaches less

7 Abdulalem Ali et. al. /IRICT (2014) than 600. The minimum number of comparisons was represented by the green line which indicates the lowest number, 236.the Second Testing using Non-Malware Data Packets: The second test in our experiments was non malware data packets in order to compare with specific pattern. Table 2 shows the non-malware packages comparisons using match algorithm. Table 2. Non-Malware packages Comparisons using Match Algorithm No. Comparison Total Search Time No. Comparison Total Search Time In the first comparison, we used five data packets, then in the second comparison we used six packets in one times, and in the third comparison we used four packets in order to compare with specific pattern Non-Malware Testing Packet Series3 Series2 Series1 Figure 7. Non-Malware Packages Testing using Matching Algorithm Figure 7 shows three lines, the green line indicates the maximum number of comparisons and consuming time was about Then, it was followed by the red line that represented the second highest number after green line and consumed time for total search around The third line was the blue line that indicated the lowest number of comparisons and lowest time consumed. We observed that the highest point was 1160 and the lowest point was 343.

8 Abdulalem Ali et. al. /IRICT (2014) Conclusion One of the significant methods in network security nowadays is to use the network traffic analyzer in order to reveal any abnormal behaviour in the data transfer over the network. Network analyzer tools can be used to monitor and troubleshoot the network. Network administrator do not only use these tools to fix any violation in network system but also to avoid network failure and detect security vulnerabilities. Network sniffer is one of the passive attacks that can sniff the traffic and analyze it. Unlike network sniffing, it is a sniffer detector tools that can discover any sniffing attack through the network and prevent it. Sniffing network traffic is an illegitimate process unless if it used for security purpose. Two types of data analysis have been tested for packets malware and no-malware. Comparisons between packets have been made that uses different techniques depending on what administrator wants. The results showed that while we used the small size of patterns to compare within a group of packets for more than five packets, it will give us more satisfied results and the make network analysis more efficient. References [1] Ansari, S., Rajeev S.G., Chandrasekhar H.S., "Packet Sniffing: A Brief Introduction", IEEE Potentials, Jan. 2003, Volume: 21 Issue: 5, pp: (2003). [2] Dabir, A., Matrawy, A. "Bottleneck Analysis of Traffic Monitoring Using Wireshark", 4 th International Conference on Innovations in Information Technology, 2007, IEEE Innovations '07, Nov. (2007), Page(s): (2007). [3] Dulal C., et al.. Ethereal vs. tcpdump: A comparative study on packet sniffing tools for educational purpose. Journal of Computing Sciences in Colleges archive, Volume 20(4), pp , (2005 [4] All about Wireshark [Online] Available [5] Lida, Z., Jiguang, L. "The Analysis of Technology in Detection and Undetection with Network Sniffer ", Journal of Zhongnan University for Nationalities,NO (in Chinese) [6] BoYu "Based on the network sniffer implement network monitoring. International Conference on Computer Application and System Modeling (ICCASM 2010)Volume: 7,2010, Page(s): V7-1-V7-3(2010). IEEE

INTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY

INTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY INTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY A PATH FOR HORIZING YOUR INNOVATIVE WORK PACKET SNIFFING MS. SONALI A. KARALE 1, MS. PUNAM P. HARKUT 2 HVPM COET Amravati.

More information

A Protocol Based Packet Sniffer

A Protocol Based Packet Sniffer Available Online at www.ijcsmc.com International Journal of Computer Science and Mobile Computing A Monthly Journal of Computer Science and Information Technology IJCSMC, Vol. 4, Issue. 3, March 2015,

More information

Lab VI Capturing and monitoring the network traffic

Lab VI Capturing and monitoring the network traffic Lab VI Capturing and monitoring the network traffic 1. Goals To gain general knowledge about the network analyzers and to understand their utility To learn how to use network traffic analyzer tools (Wireshark)

More information

EKT 332/4 COMPUTER NETWORK

EKT 332/4 COMPUTER NETWORK UNIVERSITI MALAYSIA PERLIS SCHOOL OF COMPUTER & COMMUNICATIONS ENGINEERING EKT 332/4 COMPUTER NETWORK LABORATORY MODULE LAB 2 NETWORK PROTOCOL ANALYZER (SNIFFING AND IDENTIFY PROTOCOL USED IN LIVE NETWORK)

More information

Wireshark Tutorial INTRODUCTION

Wireshark Tutorial INTRODUCTION Wireshark Tutorial INTRODUCTION The purpose of this document is to introduce the packet sniffer WIRESHARK. WIRESHARK would be used for the lab experiments. This document introduces the basic operation

More information

A Research Study on Packet Sniffing Tool TCPDUMP

A Research Study on Packet Sniffing Tool TCPDUMP A Research Study on Packet Sniffing Tool TCPDUMP ANSHUL GUPTA SURESH GYAN VIHAR UNIVERSITY, INDIA ABSTRACT Packet sniffer is a technique of monitoring every packet that crosses the network. By using this

More information

Network Security: Workshop

Network Security: Workshop Network Security: Workshop Protocol Analyzer Network analysis is the process of capturing network traffic and inspecting it closely to determine what is happening on the network decodes,, or dissects,,

More information

Ethereal: Getting Started

Ethereal: Getting Started Ethereal: Getting Started Computer Networking: A Topdown Approach Featuring the Internet, 3 rd edition. Version: July 2005 2005 J.F. Kurose, K.W. Ross. All Rights Reserved Tell me and I forget. Show me

More information

Introduction to Network Security Lab 1 - Wireshark

Introduction to Network Security Lab 1 - Wireshark Introduction to Network Security Lab 1 - Wireshark Bridges To Computing 1 Introduction: In our last lecture we discussed the Internet the World Wide Web and the Protocols that are used to facilitate communication

More information

Wireshark Tutorial. Figure 1: Packet sniffer structure

Wireshark Tutorial. Figure 1: Packet sniffer structure Wireshark Tutorial INTRODUCTION The purpose of this document is to introduce the packet sniffer Wireshark. Wireshark would be used for the lab experiments. This document introduces the basic operation

More information

Figure 1. Wireshark Menu Bar

Figure 1. Wireshark Menu Bar Packet Capture In this article, we shall cover the basic working of a sniffer, to capture packets for analyzing the traffic. If an analyst does not have working skills of a packet sniffer to a certain

More information

Wireshark Lab: Assignment 1w (Optional)

Wireshark Lab: Assignment 1w (Optional) Tell me and I forget. Show me and I remember. Involve me and I understand. Chinese proverb 2005-21012, J.F Kurose and K.W. Ross, All Rights Reserved Wireshark Lab: Assignment 1w (Optional) One s understanding

More information

6. INTRODUCTION TO THE LABORATORY: SOFTWARE TOOLS

6. INTRODUCTION TO THE LABORATORY: SOFTWARE TOOLS 6. INTRODUCTION TO THE LABORATORY: SOFTWARE TOOLS 6.1. Wireshark network sniffer Wireshark (originally called Ethereal) is a freeware network sniffer. A sniffer investigates and analyzes network traffic.

More information

New York University Computer Science Department Courant Institute of Mathematical Sciences

New York University Computer Science Department Courant Institute of Mathematical Sciences New York University Computer Science Department Courant Institute of Mathematical Sciences Course Title: Data Communication & Networks Course Number: g22.2662-001 Instructor: Jean-Claude Franchitti Session:

More information

When Recognition Matters THE COMPARISON OF PROGRAMS FOR NETWORK MONITORING. www.pecb.com

When Recognition Matters THE COMPARISON OF PROGRAMS FOR NETWORK MONITORING. www.pecb.com When Recognition Matters THE COMPARISON OF PROGRAMS FOR NETWORK MONITORING www.pecb.com Imagine a working environment comprised of a number of switches, routers, some terminals and file servers. Network

More information

Packet Sniffer A Comparative Study

Packet Sniffer A Comparative Study International Journal of Computer Networks and Communications Security VOL. 2, NO. 5, MAY 2014, 179 187 Available online at: www.ijcncs.org ISSN 2308-9830 C N C S Packet Sniffer A Comparative Study Dr.

More information

Network Based Intrusion Detection Using Honey pot Deception

Network Based Intrusion Detection Using Honey pot Deception Network Based Intrusion Detection Using Honey pot Deception Dr.K.V.Kulhalli, S.R.Khot Department of Electronics and Communication Engineering D.Y.Patil College of Engg.& technology, Kolhapur,Maharashtra,India.

More information

Snoopy. Objective: Equipment Needed. Background. Procedure. Due Date: Nov 1 Points: 25 Points

Snoopy. Objective: Equipment Needed. Background. Procedure. Due Date: Nov 1 Points: 25 Points Snoopy Due Date: Nov 1 Points: 25 Points Objective: To gain experience intercepting/capturing HTTP/TCP traffic on a network. Equipment Needed Use the Ubuntu OS that you originally downloaded from the course

More information

Lab 1: Packet Sniffing and Wireshark

Lab 1: Packet Sniffing and Wireshark Introduction CSC 5991 Cyber Security Practice Lab 1: Packet Sniffing and Wireshark The first part of the lab introduces packet sniffer, Wireshark. Wireshark is a free opensource network protocol analyzer.

More information

Packet Sniffer Detection with AntiSniff

Packet Sniffer Detection with AntiSniff Ryan Spangler University of Wisconsin - Whitewater Department of Computer and Network Administration May 2003 Abstract Packet sniffing is a technique of monitoring every packet that crosses the network.

More information

Intrusion Detection, Packet Sniffing

Intrusion Detection, Packet Sniffing Intrusion Detection, Packet Sniffing By : Eng. Ayman Amaireh Supervisor :Dr.: Lo'ai Tawalbeh New York Institute of Technology (NYIT)- Jordan s s campus-2006 12/2/2006 eng Ayman 1 What is a "packet sniffer"?

More information

Packet Sniffing: What it s Used for, its Vulnerabilities, and How to Uncover Sniffers

Packet Sniffing: What it s Used for, its Vulnerabilities, and How to Uncover Sniffers Packet Sniffing: What it s Used for, its Vulnerabilities, and How to Uncover Sniffers Mathurshan Vimalesvaran Tufts University Abstract Packets are the base of all data sent on the internet, yet they are

More information

3. MONITORING AND TESTING THE ETHERNET NETWORK

3. MONITORING AND TESTING THE ETHERNET NETWORK 3. MONITORING AND TESTING THE ETHERNET NETWORK 3.1 Introduction The following parameters are covered by the Ethernet performance metrics: Latency (delay) the amount of time required for a frame to travel

More information

Introduction to Wireshark Network Analysis

Introduction to Wireshark Network Analysis Introduction to Wireshark Network Analysis Page 2 of 24 Table of Contents INTRODUCTION 4 Overview 4 CAPTURING LIVE DATA 5 Preface 6 Capture Interfaces 6 Capture Options 6 Performing the Capture 8 ANALYZING

More information

Network Traffic Analysis and Intrusion Detection using Packet Sniffer

Network Traffic Analysis and Intrusion Detection using Packet Sniffer 2010 Second International Conference on Communication Software and Networks Network Traffic Analysis and Intrusion Detection using Packet Sniffer Mohammed Abdul Qadeer Dept. of Computer Engineering, Aligarh

More information

Network Forensics: Log Analysis

Network Forensics: Log Analysis Network Forensics: Analysis Richard Baskerville Agenda P Terms & -based Tracing P Application Layer Analysis P Lower Layer Analysis Georgia State University 1 2 Two Important Terms PPromiscuous Mode

More information

Packet Sniffers Submitted in partial fulfillment of the requirement for the award of degree Of MCA

Packet Sniffers Submitted in partial fulfillment of the requirement for the award of degree Of MCA A Seminar report On Packet Sniffers Submitted in partial fulfillment of the requirement for the award of degree Of MCA SUBMITTED TO: www.studymafia.org SUBMITTED BY: www.studymafia.org Preface I have made

More information

Packet Sniffing with Wireshark and Tcpdump

Packet Sniffing with Wireshark and Tcpdump Packet Sniffing with Wireshark and Tcpdump Capturing, or sniffing, network traffic is invaluable for network administrators troubleshooting network problems, security engineers investigating network security

More information

Lab 1: Network Devices and Technologies - Capturing Network Traffic

Lab 1: Network Devices and Technologies - Capturing Network Traffic CompTIA Security+ Lab Series Lab 1: Network Devices and Technologies - Capturing Network Traffic CompTIA Security+ Domain 1 - Network Security Objective 1.1: Explain the security function and purpose of

More information

CYBER ATTACKS EXPLAINED: PACKET CRAFTING

CYBER ATTACKS EXPLAINED: PACKET CRAFTING CYBER ATTACKS EXPLAINED: PACKET CRAFTING Protect your FOSS-based IT infrastructure from packet crafting by learning more about it. In the previous articles in this series, we explored common infrastructure

More information

Chapter 14 Analyzing Network Traffic. Ed Crowley

Chapter 14 Analyzing Network Traffic. Ed Crowley Chapter 14 Analyzing Network Traffic Ed Crowley 10 Topics Finding Network Based Evidence Network Analysis Tools Ethereal Reassembling Sessions Using Wireshark Network Monitoring Intro Once full content

More information

A Review on Network Intrusion Detection System Using Open Source Snort

A Review on Network Intrusion Detection System Using Open Source Snort , pp.61-70 http://dx.doi.org/10.14257/ijdta.2016.9.4.05 A Review on Network Intrusion Detection System Using Open Source Snort Sakshi Sharma and Manish Dixit Department of CSE& IT MITS Gwalior, India Sharmasakshi1009@gmail.com,

More information

Computer Networks/DV2 Lab

Computer Networks/DV2 Lab Computer Networks/DV2 Lab Room: BB 219 Additional Information: http://www.fb9dv.uni-duisburg.de/ti/en/education/teaching/ss08/netlab Equipment for each group: - 1 Server computer (OS: Windows 2000 Advanced

More information

P Principles of Network Forensics P Terms & Log-based Tracing P Application Layer Log Analysis P Lower Layer Log Analysis

P Principles of Network Forensics P Terms & Log-based Tracing P Application Layer Log Analysis P Lower Layer Log Analysis Agenda Richard Baskerville P Principles of P Terms & -based Tracing P Application Layer Analysis P Lower Layer Analysis Georgia State University 1 2 Principles Kim, et al (2004) A fuzzy expert system for

More information

Computer Networking LAB 2 HTTP

Computer Networking LAB 2 HTTP Computer Networking LAB 2 HTTP 1 OBJECTIVES The basic GET/response interaction HTTP message formats Retrieving large HTML files Retrieving HTML files with embedded objects HTTP authentication and security

More information

SOUTHERN POLYTECHNIC STATE UNIVERSITY. Snort and Wireshark. IT-6873 Lab Manual Exercises. Lucas Varner and Trevor Lewis Fall 2013

SOUTHERN POLYTECHNIC STATE UNIVERSITY. Snort and Wireshark. IT-6873 Lab Manual Exercises. Lucas Varner and Trevor Lewis Fall 2013 SOUTHERN POLYTECHNIC STATE UNIVERSITY Snort and Wireshark IT-6873 Lab Manual Exercises Lucas Varner and Trevor Lewis Fall 2013 This document contains instruction manuals for using the tools Wireshark and

More information

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Module No. # 01 Lecture No. # 40 Firewalls and Intrusion

More information

BASIC ANALYSIS OF TCP/IP NETWORKS

BASIC ANALYSIS OF TCP/IP NETWORKS BASIC ANALYSIS OF TCP/IP NETWORKS INTRODUCTION Communication analysis provides powerful tool for maintenance, performance monitoring, attack detection, and problems fixing in computer networks. Today networks

More information

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

2. From a control perspective, the PRIMARY objective of classifying information assets is to: MIS5206 Week 13 Your Name Date 1. When conducting a penetration test of an organization's internal network, which of the following approaches would BEST enable the conductor of the test to remain undetected

More information

Transformation of honeypot raw data into structured data

Transformation of honeypot raw data into structured data Transformation of honeypot raw data into structured data 1 Majed SANAN, Mahmoud RAMMAL 2,Wassim RAMMAL 3 1 Lebanese University, Faculty of Sciences. 2 Lebanese University, Director of center of Research

More information

Decryption. Palo Alto Networks. PAN-OS Administrator s Guide Version 6.0. Copyright 2007-2015 Palo Alto Networks

Decryption. Palo Alto Networks. PAN-OS Administrator s Guide Version 6.0. Copyright 2007-2015 Palo Alto Networks Decryption Palo Alto Networks PAN-OS Administrator s Guide Version 6.0 Contact Information Corporate Headquarters: Palo Alto Networks 4401 Great America Parkway Santa Clara, CA 95054 www.paloaltonetworks.com/company/contact-us

More information

Lab Exercise Ethernet

Lab Exercise Ethernet Lab Exercise Ethernet Objective To explore the details of Ethernet frames. Ethernet is a popular link layer protocol. Modern computers connect to Ethernet switches rather than use classic Ethernet. The

More information

WIRELESS SECURITY. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006

WIRELESS SECURITY. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006 WIRELESS SECURITY Information Security in Systems & Networks Public Development Program Sanjay Goel University at Albany, SUNY Fall 2006 1 Wireless LAN Security Learning Objectives Students should be able

More information

Establishing a valuable method of packet capture and packet analyzer tools in firewall

Establishing a valuable method of packet capture and packet analyzer tools in firewall International Journal of Research Studies in Computing 2012 April, Volume 1 Number 1, 11-20 Establishing a valuable method of packet capture and packet analyzer tools in firewall Kumar, P. Senthil Nandha

More information

Network Monitoring Tool with LAMP Architecture

Network Monitoring Tool with LAMP Architecture Network Monitoring Tool with LAMP Architecture Shuchi Sharma KIIT College of Engineering Gurgaon, India Dr. Rajesh Kumar Tyagi JIMS, Vasant Kunj New Delhi, India Abstract Network Monitoring Tool enables

More information

EINTE LAB EXERCISES LAB EXERCISE #5 - SIP PROTOCOL

EINTE LAB EXERCISES LAB EXERCISE #5 - SIP PROTOCOL EINTE LAB EXERCISES LAB EXERCISE #5 - SIP PROTOCOL PREPARATIONS STUDYING SIP PROTOCOL The aim of this exercise is to study the basic aspects of the SIP protocol. Before executing the exercise you should

More information

Customer Tips. Network Packet Analyzer Tips. for the user. Purpose. Introduction to Packet Capture. Xerox Multifunction Devices.

Customer Tips. Network Packet Analyzer Tips. for the user. Purpose. Introduction to Packet Capture. Xerox Multifunction Devices. Xerox Multifunction Devices Customer Tips January 15, 2004 This document applies to these Xerox products: Network Packet Analyzer Tips Purpose This document contains a procedure that Xerox customers can

More information

Network Security Monitoring

Network Security Monitoring Network Security Coleman Kane Coleman.Kane@ge.com September 24, 2014 Cyber Defense Overview Network Security 1 / 23 Passive Passive 2 Alert Alert Passive monitoring analyzes traffic with the intention

More information

Topics in Network Security

Topics in Network Security Topics in Network Security Jem Berkes MASc. ECE, University of Waterloo B.Sc. ECE, University of Manitoba www.berkes.ca February, 2009 Ver. 2 In this presentation Wi-Fi security (802.11) Protecting insecure

More information

ITTC Communication Networks Laboratory The University of Kansas EECS 780 Introduction to Protocol Analysis with Wireshark

ITTC Communication Networks Laboratory The University of Kansas EECS 780 Introduction to Protocol Analysis with Wireshark Communication Networks Laboratory The University of Kansas EECS 780 Introduction to Protocol Analysis with Wireshark Trúc Anh N. Nguyễn, Egemen K. Çetinkaya, Mohammed Alenazi, and James P.G. Sterbenz Department

More information

VisuSniff: A Tool For The Visualization Of Network Traffic

VisuSniff: A Tool For The Visualization Of Network Traffic VisuSniff: A Tool For The Visualization Of Network Traffic Rainer Oechsle University of Applied Sciences, Trier Postbox 1826 D-54208 Trier +49/651/8103-508 oechsle@informatik.fh-trier.de Oliver Gronz University

More information

Analysing Various Packet Sniffing Tools

Analysing Various Packet Sniffing Tools Analysing Various Packet Sniffing Tools Inderjit Kaur 1, Harkarandeep Kaur 2, Er. Gurjot Singh 3 1, 2 Post Graduate, Department of Computer Science and Applications, KMV, Jalandhar, Punjab, India 3 Assistant

More information

Network Forensics Network Traffic Analysis

Network Forensics Network Traffic Analysis Copyright: The development of this document is funded by Higher Education of Academy. Permission is granted to copy, distribute and /or modify this document under a license compliant with the Creative

More information

Packet Capture and Expert Troubleshooting with the Viavi Solutions T-BERD /MTS-6000A

Packet Capture and Expert Troubleshooting with the Viavi Solutions T-BERD /MTS-6000A Packet Capture and Expert Troubleshooting with the Viavi Solutions T-BERD /MTS-6000A By Barry Constantine Introduction As network complexity grows, network provider technicians require the ability to troubleshoot

More information

Wireshark Quick-Start Guide. Instructions on Using the Wireshark Packet Analyzer

Wireshark Quick-Start Guide. Instructions on Using the Wireshark Packet Analyzer Wireshark Quick-Start Guide Instructions on Using the Wireshark Packet Analyzer July 2, 2008 Table of Contents Chapter 1: Getting Started... 3 I) Current Version... 4 II) Installation... 4 III) Specifying

More information

Computer Networks/DV2 Lab

Computer Networks/DV2 Lab Computer Networks/DV2 Lab Room: BB 219 Additional Information: http://www.fb9dv.uni-duisburg.de/ti/en/education/teaching/ss13/netlab Equipment for each group: - 1 Server computer (OS: Windows Server 2008

More information

CS 326e F2002 Lab 1. Basic Network Setup & Ethereal Time: 2 hrs

CS 326e F2002 Lab 1. Basic Network Setup & Ethereal Time: 2 hrs CS 326e F2002 Lab 1. Basic Network Setup & Ethereal Time: 2 hrs Tasks: 1 (10 min) Verify that TCP/IP is installed on each of the computers 2 (10 min) Connect the computers together via a switch 3 (10 min)

More information

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security Security+ Guide to Network Security Fundamentals, Fourth Edition Chapter 6 Network Security Objectives List the different types of network security devices and explain how they can be used Define network

More information

Own your LAN with Arp Poison Routing

Own your LAN with Arp Poison Routing Own your LAN with Arp Poison Routing By: Rorik Koster April 17, 2006 Security is a popular buzzword heard every day throughout our American culture and possibly even more so in our global economy. From

More information

Sniffer s Network Packet Analyzer. Basics

Sniffer s Network Packet Analyzer. Basics Sniffer s Network Packet Analyzer Basics Sniffer Network Analysis Range of techniques that network engineers and designers employ to study the properties of networks, including connectivity, capacity and

More information

Safe network analysis

Safe network analysis Safe network analysis Generating network traffic captures within a virtual network. Presented by Andrew Martin 1 Introduction What is a sniffer How does sniffing work Usages Scenarios Building safe repositories

More information

Intrusion Detection in AlienVault

Intrusion Detection in AlienVault Complete. Simple. Affordable Copyright 2014 AlienVault. All rights reserved. AlienVault, AlienVault Unified Security Management, AlienVault USM, AlienVault Open Threat Exchange, AlienVault OTX, Open Threat

More information

Comparison of Firewall, Intrusion Prevention and Antivirus Technologies

Comparison of Firewall, Intrusion Prevention and Antivirus Technologies White Paper Comparison of Firewall, Intrusion Prevention and Antivirus Technologies How each protects the network Juan Pablo Pereira Technical Marketing Manager Juniper Networks, Inc. 1194 North Mathilda

More information

For more information on SQL injection, please refer to the Visa Data Security Alert, SQL Injection Attacks, available at www.visa.

For more information on SQL injection, please refer to the Visa Data Security Alert, SQL Injection Attacks, available at www.visa. Global Partner Management Notice Subject: Visa Data Security Alert Malicious Software and Internet Protocol Addresses Dated: April 10, 2009 Announcement: The protection of account information is a responsibility

More information

Traffic Analyzer Based on Data Flow Patterns

Traffic Analyzer Based on Data Flow Patterns AUTOMATYKA 2011 Tom 15 Zeszyt 3 Artur Sierszeñ*, ukasz Sturgulewski* Traffic Analyzer Based on Data Flow Patterns 1. Introduction Nowadays, there are many systems of Network Intrusion Detection System

More information

Session Hijacking Exploiting TCP, UDP and HTTP Sessions

Session Hijacking Exploiting TCP, UDP and HTTP Sessions Session Hijacking Exploiting TCP, UDP and HTTP Sessions Shray Kapoor shray.kapoor@gmail.com Preface With the emerging fields in e-commerce, financial and identity information are at a higher risk of being

More information

1. Whatdo you use? 2. Speed Tests?

1. Whatdo you use? 2. Speed Tests? Session Title: Network Traffic Analysis -- It's not just for fun anymore. Session Type: 50 Min. Breakout Session Presentation Day: Tuesday, February 11 Network Traffic Analysis It s not just for fun anymore.

More information

How do I get to www.randomsite.com?

How do I get to www.randomsite.com? Networking Primer* *caveat: this is just a brief and incomplete introduction to networking to help students without a networking background learn Network Security. How do I get to www.randomsite.com? Local

More information

Chapter 4 Customizing Your Network Settings

Chapter 4 Customizing Your Network Settings . Chapter 4 Customizing Your Network Settings This chapter describes how to configure advanced networking features of the Wireless-G Router Model WGR614v9, including LAN, WAN, and routing settings. It

More information

SURVEY OF INTRUSION DETECTION SYSTEM

SURVEY OF INTRUSION DETECTION SYSTEM SURVEY OF INTRUSION DETECTION SYSTEM PRAJAPATI VAIBHAVI S. SHARMA DIPIKA V. ASST. PROF. ASST. PROF. MANISH INSTITUTE OF COMPUTER STUDIES MANISH INSTITUTE OF COMPUTER STUDIES VISNAGAR VISNAGAR GUJARAT GUJARAT

More information

CET442L Lab #2. IP Configuration and Network Traffic Analysis Lab

CET442L Lab #2. IP Configuration and Network Traffic Analysis Lab CET442L Lab #2 IP Configuration and Network Traffic Analysis Lab Goals: In this lab you will plan and implement the IP configuration for the Windows server computers on your group s network. You will use

More information

Intrusion Detection Systems (IDS)

Intrusion Detection Systems (IDS) Intrusion Detection Systems (IDS) What are They and How do They Work? By Wayne T Work Security Gauntlet Consulting 56 Applewood Lane Naugatuck, CT 06770 203.217.5004 Page 1 6/12/2003 1. Introduction Intrusion

More information

2. HOW PACKET SNIFFER WORKS

2. HOW PACKET SNIFFER WORKS An Approach to Detect Packets Using Packet Sniffing Rupam 1, Atul Verma 2, Ankita Singh 3 Department of Computer Science, Sri Ram Swroop Memorial Group of Professional Colleges Tiwari Gang Faizabad Road,

More information

Modern snoop lab lite version

Modern snoop lab lite version Modern snoop lab lite version Lab assignment in Computer Networking OpenIPLab Department of Information Technology, Uppsala University Overview This is a lab constructed as part of the OpenIPLab project.

More information

Network Probe User Guide

Network Probe User Guide Network Probe User Guide Network Probe User Guide Table of Contents 1. Introduction...1 2. Installation...2 Windows installation...2 Linux installation...3 Mac installation...4 License key...5 Deployment...5

More information

CS 589-07: Digital Forensics Fall 2006 Instructors: Lorie Liebrock, Bob Hutchinson and David Duggan

CS 589-07: Digital Forensics Fall 2006 Instructors: Lorie Liebrock, Bob Hutchinson and David Duggan CS 589-07: Digital Forensics Fall 2006 Instructors: Lorie Liebrock, Bob Hutchinson and David Duggan Research Paper: Collection and Analysis of Network Traffic David Burton Executive Summary The collection

More information

WiFi Security Assessments

WiFi Security Assessments WiFi Security Assessments Robert Dooling Dooling Information Security Defenders (DISD) December, 2009 This work is licensed under a Creative Commons Attribution 3.0 Unported License. Table of Contents

More information

Hands-on Network Traffic Analysis. 2015 Cyber Defense Boot Camp

Hands-on Network Traffic Analysis. 2015 Cyber Defense Boot Camp Hands-on Network Traffic Analysis 2015 Cyber Defense Boot Camp What is this about? Prerequisite: network packet & packet analyzer: (header, data) Enveloped letters inside another envelope Exercises Basic

More information

tool for / Zigbee / 6LoWPAN networks

tool for / Zigbee / 6LoWPAN networks 2 nd generation Internet of things packet analyser Multiband 780/868/915/2400 MHz Web configuration Ethernet remote control and firmware upgrade Wireshark based HW/SW sources available Available modes

More information

CSE 3214: Computer Network Protocols and Applications

CSE 3214: Computer Network Protocols and Applications CSE 3214: Computer Network Protocols and Applications 1 Course Web-Page: Instructor: http://www.eecs.yorku.ca/course/3214/ (all lecture notes will be posted on this page) Natalija Vlajic (vlajic@cse.yorku.ca)

More information

Cisco IOS Flexible NetFlow Technology

Cisco IOS Flexible NetFlow Technology Cisco IOS Flexible NetFlow Technology Last Updated: December 2008 The Challenge: The ability to characterize IP traffic and understand the origin, the traffic destination, the time of day, the application

More information

Network Security, ISA 656, Angelos Stavrou. Snort Lab

Network Security, ISA 656, Angelos Stavrou. Snort Lab Snort Lab Purpose: In this lab, we will explore a common free Intrusion Detection System called Snort. Snort was written initially for Linux/Unix, but most functionality is now available in Windows. In

More information

Kepware Technologies Using Wireshark for Ethernet Diagnostics

Kepware Technologies Using Wireshark for Ethernet Diagnostics Kepware Technologies Using Wireshark for Ethernet Diagnostics March, 2012 Ref. 50.08 Kepware Technologies Table of Contents 1. Introduction... 1 2. Setting up the Software... 1 3. Using Wireshark... 2

More information

Flow Analysis Versus Packet Analysis. What Should You Choose?

Flow Analysis Versus Packet Analysis. What Should You Choose? Flow Analysis Versus Packet Analysis. What Should You Choose? www.netfort.com Flow analysis can help to determine traffic statistics overall, but it falls short when you need to analyse a specific conversation

More information

Make a folder named Lab3. We will be using Unix redirection commands to create several output files in that folder.

Make a folder named Lab3. We will be using Unix redirection commands to create several output files in that folder. CMSC 355 Lab 3 : Penetration Testing Tools Due: September 31, 2010 In the previous lab, we used some basic system administration tools to figure out which programs where running on a system and which files

More information

Intrusion Detection System Based Network Using SNORT Signatures And WINPCAP

Intrusion Detection System Based Network Using SNORT Signatures And WINPCAP Intrusion Detection System Based Network Using SNORT Signatures And WINPCAP Aakanksha Vijay M.tech, Department of Computer Science Suresh Gyan Vihar University Jaipur, India Mrs Savita Shiwani Head Of

More information

Network Connect & Pulse Performance Logs on Windows

Network Connect & Pulse Performance Logs on Windows Network Connect & Pulse Performance Logs on Windows How-to Published Date July 2015 Contents Introduction 4 Part 1: Client Prerequisites 4 Step 1.1: Packet Sniffer 4 Step 1.2: Output of IPs, Routes, Ping,

More information

Guideline for setting up a functional VPN

Guideline for setting up a functional VPN Guideline for setting up a functional VPN Why do I want a VPN? VPN by definition creates a private, trusted network across an untrusted medium. It allows you to connect offices and people from around the

More information

Overview. Securing TCP/IP. Introduction to TCP/IP (cont d) Introduction to TCP/IP

Overview. Securing TCP/IP. Introduction to TCP/IP (cont d) Introduction to TCP/IP Overview Securing TCP/IP Chapter 6 TCP/IP Open Systems Interconnection Model Anatomy of a Packet Internet Protocol Security (IPSec) Web Security (HTTP over TLS, Secure-HTTP) Lecturer: Pei-yih Ting 1 2

More information

Emerald. Network Collector Version 4.0. Emerald Management Suite IEA Software, Inc.

Emerald. Network Collector Version 4.0. Emerald Management Suite IEA Software, Inc. Emerald Network Collector Version 4.0 Emerald Management Suite IEA Software, Inc. Table Of Contents Purpose... 3 Overview... 3 Modules... 3 Installation... 3 Configuration... 3 Filter Definitions... 4

More information

Network sniffing packet capture and analysis

Network sniffing packet capture and analysis Network sniffing packet capture and analysis October 2, 2015 Administrative submittal instructions answer the lab assignment s 13 questions in numbered list form, in a Word document file. (13 th response

More information

Network Instruments white paper

Network Instruments white paper Network Instruments white paper EXTENDING NETWORK VISIBILITY BY LEVERAGING NETFLOW AND SFLOW TECHNOLOGIES This paper shows how a network analyzer that can leverage and sflow technologies can provide extended

More information

Chapter 5. Data Communication And Internet Technology

Chapter 5. Data Communication And Internet Technology Chapter 5 Data Communication And Internet Technology Purpose Understand the fundamental networking concepts Agenda Network Concepts Communication Protocol TCP/IP-OSI Architecture Network Types LAN WAN

More information

Network Connect Performance Logs on MAC OS

Network Connect Performance Logs on MAC OS Network Connect Performance Logs on MAC OS How-to Juniper Networks, Inc. 1 Table of Contents Introduction Part 1: Client Prerequisites... 3 Step 1.1: Packet Sniffer... 3 Step 1.2: Output IPs, Routes, Ping,

More information

Network sniffing packet capture and analysis

Network sniffing packet capture and analysis Network sniffing packet capture and analysis October 3, 2014 Administrative submittal instructions answer the lab assignment s 13 questions in numbered list form, in a Word document file. (13 th response

More information

Linux Network Security

Linux Network Security Linux Network Security Course ID SEC220 Course Description This extremely popular class focuses on network security, and makes an excellent companion class to the GL550: Host Security course. Protocols

More information

Sniffing in a Switched Network

Sniffing in a Switched Network Sniffing in a Switched Network -With A Recipe To Hack A Switch Using Ettercap and Ethereal -Manu Garg manugarg at gmail dot com Problem Statement- To gain access to main switch of your company using a

More information

Firewall VPN Router. Quick Installation Guide M73-APO09-380

Firewall VPN Router. Quick Installation Guide M73-APO09-380 Firewall VPN Router Quick Installation Guide M73-APO09-380 Firewall VPN Router Overview The Firewall VPN Router provides three 10/100Mbit Ethernet network interface ports which are the Internal/LAN, External/WAN,

More information

ARP Storm Detection and Prevention Measures

ARP Storm Detection and Prevention Measures 456 ARP Storm Detection and Prevention Measures S.Vidya 1 and R.Bhaskaran 2 1 Department of Computer Science, Fatima College Madurai 626 018, Tamil Nadu, India 2 School of Mathematics, Madurai Kamaraj

More information

Packet Sniffing and Spoofing Lab

Packet Sniffing and Spoofing Lab SEED Labs Packet Sniffing and Spoofing Lab 1 Packet Sniffing and Spoofing Lab Copyright c 2014 Wenliang Du, Syracuse University. The development of this document is/was funded by the following grants from

More information