EKT 332/4 COMPUTER NETWORK

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "EKT 332/4 COMPUTER NETWORK"

Transcription

1 UNIVERSITI MALAYSIA PERLIS SCHOOL OF COMPUTER & COMMUNICATIONS ENGINEERING EKT 332/4 COMPUTER NETWORK LABORATORY MODULE LAB 2 NETWORK PROTOCOL ANALYZER (SNIFFING AND IDENTIFY PROTOCOL USED IN LIVE NETWORK)

2 Lab 2 : Network Protocol Analyzer (Sniffing and Identify Protocol used in Live Network) Objectives To learn some basics of Ethernet To sniff various types of packet and identify various types of protocol Background 1. Getting Started One s understanding of network protocols can often be greatly deepened by seeing protocols in action and by playing around with protocols observing the sequence of messages exchanged between two protocol entities, delving down into the details of protocol operation, and causing protocols to perform certain actions and then observing these actions and their consequences. This can be done in simulated scenarios or in a real network environment such as the Internet. In these WIRESHARK labs, we ll take the latter approach. You ll be running various network applications in different scenarios using a computer on your desk, at home, or in a lab. You ll observe the network protocols in your computer in action, interacting and exchanging messages with protocol entities executing elsewhere in the Internet. Thus, you and your computer will be an integral part of these live labs. You ll observe, and you ll learn, by doing. The basic tool for observing the messages exchanged between executing protocol entities is called a packet sniffer. As the name suggests, a packet sniffer captures ( sniffs ) messages being sent/received from/by your computer. It will also typically store and/or display the contents of the various protocol fields in these captured messages. A packet sniffer itself is passive. It observes messages being sent and received by applications and protocols running on your computer, but never sends packets itself. Similarly, received packets are never explicitly addressed to the packet sniffer. Instead, a packet sniffer receives a copy of packets that are sent/received from/by application and protocols executing on your machine. Figure 1 shows the structure of a packet sniffer. At the right of Figure 1 are the protocols (in this case, Internet protocols) and applications (such as a web browser or ftp client) that normally run on your computer. The packet sniffer, shown within the dashed rectangle in Figure 1 is an addition to the usual software in your computer, and consists of two parts. The packet capture library receives a copy of every link-layer frame that is sent from or received by your computer. 2

3 Messages exchanged by higher layer protocols such as HTTP, FTP, TCP, UDP, DNS, or IP all are eventually encapsulated in link-layer frames that are transmitted over physical media such as an Ethernet cable. In Figure 1, the assumed physical media is an Ethernet, and so all upper layer protocols are eventually encapsulated within an Ethernet frame. Capturing all link-layer frames thus gives you all messages sent/received from/by all protocols and applications executing in your computer. Figure 1 : Packet sniffer structure The second component of a packet sniffer is the packet analyzer, which displays the contents of all fields within a protocol message. In order to do so, the packet analyzer must understand the structure of all messages exchanged by protocols. For example, suppose we are interested in displaying the various fields in messages exchanged by the HTTP protocol in Figure 1. The packet analyzer understands the format of Ethernet frames, and so can identify the IP datagram within an Ethernet frame. It also understands the IP datagram format, so that it can extract the TCP segment within the IP datagram. Finally, it understands the TCP segment structure, so it can extract the HTTP message contained in the TCP segment. Finally, it understands the HTTP protocol and so, for example, knows that the first bytes of an HTTP message will contain the string GET, POST, or HEAD,. We will be using the Wireshark packet sniffer [ for these labs, allowing us to display the contents of messages being sent/received from/by protocols at different levels of the protocol stack. (Technically speaking, Wireshark (Ethereal) is a packet analyzer that uses a packet capture library in your computer). 3

4 2. What is Wireshark (Ethereal)? Wireshark, formerly known as Ethereal, is one of the most powerful tools in a network security analyst's toolkit. As a network packet analyzer, Wireshark can peer inside the network and examine the details of traffic at a variety of levels, ranging from connectionlevel information to the bits comprising a single packet. This flexibility and depth of inspection allows the valuable tool to analyze security events and troubleshoot network security device issues. It's also priced right: it's free! Wireshark (Ethereal) is a network packet analyzer or packet sniffer. A network packet analyzer will try to capture network packets and tries to display that packet data as detailed as possible. You could think of a network packet analyzer as a measuring device used to examine what's going on inside a network cable, just like a voltmeter is used by an electrician to examine what's going on inside an electric cable (but at a higher level, of course). In the past, such tools were either very expensive, proprietary, or both. However, with the advent of Wireshark (Ethereal), all that has changed. Wireshark (Ethereal) is perhaps one of the best open source packet analyzers available today. i. Some intended purposes Here are some examples people uses Wireshark (Ethereal) for: network administrators use it to troubleshoot network problems network security engineers use it to examine security problems developers use it to debug protocol implementations people use it to learn network protocol internals ii. Features Live capture from many different network media Despite its name, Wireshark (Ethereal) can capture traffic from network media other than Ethernet. Which media types are supported, depends on many things like the operating system you are using. Many protocol decoders There are protocol decoders (or dissectors, as they are known in Ethereal) for a great many protocols. A comprehensive list of all protocols and protocol fields can be found at ttp:// 4

5 Open Source Software Wireshark (Ethereal) is an open source software project, and is released under the GNU General Public Licence (GPL). You can freely use Wireshark (Ethereal) on any number of computers you like, without worrying about license keys or fees or such. In addition, all source code is freely available under the GPL. Because of that, it is very easy for people to add new protocols to Wireshark (Ethereal), either as plugins, or built into the source, and they often do! iii. What Wireshark is not Just as with any tool, Wireshark can be used for some things and not others. Here is a list of some of the things Wireshark cannot do: 1. It cannot be used to map out a network. Take a look at the NMAP tool for that functionality. 2. It does not generate network data it is a passive tool. Tools like NMAP, ping, and traceroute are examples of tools that generate network data. These tools are active. 3. It can only show detailed information about protocols it actually understands. The good news is that it understands a great many protocols. It is also extensible, so you can add protocol support for ones it doesn t understand. Otherwise you will only be able to see a hexdump of data it has captured. 4. It can only capture data as well as the OS\Interface\Interface driver supports. An example of this is capturing data over wireless networks. This does not work well (or at all) for some software and hardware combinations. 5

6 Practical work Before you start wireshark you must log in as root. Ask the technician for root password. You can start Wireshark by giving the command wireshark on the command line. This opens a window, which is a GUI interface to wireshark's packet capture utility as shown in figure 2. (You'll want to make this window bigger.) Figure 2 : Wireshark window To start scanning, choose Interfaces from the Capture menu. You'll see a pop-up window similar to the one below: Figure 3: Capture action window 6

7 If you'd like to configure advanced options -- like capturing a file, resolving MAC addresses and DNS names, or limiting the time or size of the capture -- click the Options button corresponding to the interface you wish to configure. Many of these options can help to improve the performance of Wireshark. For example, you can adjust settings to avoid nameresolution issues, as they will otherwise slow down your capture system and generate large numbers of name queries. Time and size limits can also place limitations on unattended captures. Otherwise, simply click the Start button next to the name of the interface on which you wish to capture traffic. The Wireshark screen will immediately begin filling up with traffic seen on the network interface, as shown below: Figure 4: Capture data window 7

8 Interpreting the results Each line in the top pane of the Wireshark window corresponds to a single packet seen on the network. The default display shows the time of the packet (relative to the initiation of the capture), the source and destination IP addresses, the protocol used and some information about the packet. You can drill down and obtain more information by clicking on a row. This causes the bottom two window panes to fill with information. The middle pane contains drill-down details on the packet selected in the top frame. The "+" icons reveal varying levels of detail about each layer of information contained within the packet. Example : I've selected a DNS response packet. I've expanded the DNS response (application layer) section of the packet to show that the original was requesting a DNS resolution for and this response is informing us that the available IP addresses include The bottom window pane shows the contents of the packet in both hexadecimal and ASCII representations. Notice in the example above that each row is color-coded. The darker blue rows correspond to DNS traffic, the lighter blue rows are UDP SNMP traffic, and the green rows signify HTTP traffic. Wireshark includes a complex color-coding scheme (which you can customize). The default settings appear below: Figure 5: Capture data window 8

9 That sums up the basics of using Wireshark to capture and analyze network traffic. The best way to become an expert quickly is to get your hands dirty and start capturing network traffic. There's no doubt you'll find that it can be a helpful tool for everything from configuring firewall rules to spotting an intrusion. Remember, however, that you must always have permission from the network owner before capturing traffic on any network. Exercise 1: Click on one of the HTTP packets and examine it in detail in the middle section of the Wireshark window. You can confirm that the structure of the packet is HTTP data wrapped in a TCP segment, which is wrapped in an IP datagram, which is wrapped in an Ethernet frame. If you click one of the little triangles in front of the word "Ethernet", your view of the Ethernet header will be expanded to show the content of the header. Similarly for the "Internet Protocol," "Transmission Control Protocol," and "Hypertext Transfer Protocol" lines. If you click on any of the lines in the middle section of the window, the corresponding data in the display in the bottom third of the window will be highlighted. Based on all this, answer the following questions: Question 1: What does an Ethernet address look like, and what is the Ethernet address of your computer? Question 2: How many bytes are there in an Internet header? Question 3: What is the IP address of the server computer? How did you find this out by looking at info in the packet? Question 4: The HTTP server communicates on port 80. What port number on your computer was used for the communication? How did you find this out? Exercise 2: Now, enter "not ip" as the display filter. This lets you see non-ip packets. What protocols do you see? Describe some of the things that you can discover or guess about these protocols, just from information available in the Wireshark window. 9

10 Exercise 3: Close all internet browsers. Restart packet capturing. Open your terminal window. Ping the computer next to you using this command: $ ping xx.xxx.x.xxx Open your internet browser and go to Click on introduction option. Stop the capture session. Trace back all of the activities that you have done starting from you ping the computer next to you until you stop the capture session. Copy all of the activities that you have traced and paste it in notepad. Print the result and attach it with your report. Reference: i. Ethereal User's Guide V2.00 for Ethereal Richard Sharpe, NS Computer Software and Services P/L Ed Warnicke, Ulf Lamping, ii. 10

6. INTRODUCTION TO THE LABORATORY: SOFTWARE TOOLS

6. INTRODUCTION TO THE LABORATORY: SOFTWARE TOOLS 6. INTRODUCTION TO THE LABORATORY: SOFTWARE TOOLS 6.1. Wireshark network sniffer Wireshark (originally called Ethereal) is a freeware network sniffer. A sniffer investigates and analyzes network traffic.

More information

Wireshark Tutorial. Figure 1: Packet sniffer structure

Wireshark Tutorial. Figure 1: Packet sniffer structure Wireshark Tutorial INTRODUCTION The purpose of this document is to introduce the packet sniffer Wireshark. Wireshark would be used for the lab experiments. This document introduces the basic operation

More information

Ethereal: Getting Started

Ethereal: Getting Started Ethereal: Getting Started Computer Networking: A Topdown Approach Featuring the Internet, 3 rd edition. Version: July 2005 2005 J.F. Kurose, K.W. Ross. All Rights Reserved Tell me and I forget. Show me

More information

Wireshark Tutorial INTRODUCTION

Wireshark Tutorial INTRODUCTION Wireshark Tutorial INTRODUCTION The purpose of this document is to introduce the packet sniffer WIRESHARK. WIRESHARK would be used for the lab experiments. This document introduces the basic operation

More information

Wireshark Lab: Assignment 1w (Optional)

Wireshark Lab: Assignment 1w (Optional) Tell me and I forget. Show me and I remember. Involve me and I understand. Chinese proverb 2005-21012, J.F Kurose and K.W. Ross, All Rights Reserved Wireshark Lab: Assignment 1w (Optional) One s understanding

More information

New York University Computer Science Department Courant Institute of Mathematical Sciences

New York University Computer Science Department Courant Institute of Mathematical Sciences New York University Computer Science Department Courant Institute of Mathematical Sciences Course Title: Data Communication & Networks Course Number: g22.2662-001 Instructor: Jean-Claude Franchitti Session:

More information

Lab 1: Packet Sniffing and Wireshark

Lab 1: Packet Sniffing and Wireshark Introduction CSC 5991 Cyber Security Practice Lab 1: Packet Sniffing and Wireshark The first part of the lab introduces packet sniffer, Wireshark. Wireshark is a free opensource network protocol analyzer.

More information

Introduction to Network Security Lab 1 - Wireshark

Introduction to Network Security Lab 1 - Wireshark Introduction to Network Security Lab 1 - Wireshark Bridges To Computing 1 Introduction: In our last lecture we discussed the Internet the World Wide Web and the Protocols that are used to facilitate communication

More information

Lab - Using Wireshark to Observe the TCP 3-Way Handshake

Lab - Using Wireshark to Observe the TCP 3-Way Handshake Topology Objectives Part 1: Prepare Wireshark to Capture Packets Select an appropriate NIC interface to capture packets. Part 2: Capture, Locate, and Examine Packets Capture a web session to www.google.com.

More information

CS 326e F2002 Lab 1. Basic Network Setup & Ethereal Time: 2 hrs

CS 326e F2002 Lab 1. Basic Network Setup & Ethereal Time: 2 hrs CS 326e F2002 Lab 1. Basic Network Setup & Ethereal Time: 2 hrs Tasks: 1 (10 min) Verify that TCP/IP is installed on each of the computers 2 (10 min) Connect the computers together via a switch 3 (10 min)

More information

Network Security: Workshop

Network Security: Workshop Network Security: Workshop Protocol Analyzer Network analysis is the process of capturing network traffic and inspecting it closely to determine what is happening on the network decodes,, or dissects,,

More information

Introduction to Wireshark Network Analysis

Introduction to Wireshark Network Analysis Introduction to Wireshark Network Analysis Page 2 of 24 Table of Contents INTRODUCTION 4 Overview 4 CAPTURING LIVE DATA 5 Preface 6 Capture Interfaces 6 Capture Options 6 Performing the Capture 8 ANALYZING

More information

Detecting Threats in Network Security by Analyzing Network Packets using Wireshark

Detecting Threats in Network Security by Analyzing Network Packets using Wireshark 1 st International Conference of Recent Trends in Information and Communication Technologies Detecting Threats in Network Security by Analyzing Network Packets using Wireshark Abdulalem Ali *, Arafat Al-Dhaqm,

More information

Lab Module 3 Network Protocol Analysis with Wireshark

Lab Module 3 Network Protocol Analysis with Wireshark Pacific Northwest National Laboratory Lab Module 3 Network Protocol Analysis with Wireshark NATO ASI on Energy Infrastructure Security October 2015 PNNL-##### Lab Module 3 Network Protocol Analysis with

More information

Lab VI Capturing and monitoring the network traffic

Lab VI Capturing and monitoring the network traffic Lab VI Capturing and monitoring the network traffic 1. Goals To gain general knowledge about the network analyzers and to understand their utility To learn how to use network traffic analyzer tools (Wireshark)

More information

Snoopy. Objective: Equipment Needed. Background. Procedure. Due Date: Nov 1 Points: 25 Points

Snoopy. Objective: Equipment Needed. Background. Procedure. Due Date: Nov 1 Points: 25 Points Snoopy Due Date: Nov 1 Points: 25 Points Objective: To gain experience intercepting/capturing HTTP/TCP traffic on a network. Equipment Needed Use the Ubuntu OS that you originally downloaded from the course

More information

UNI CS 3470, Section 1 (Fall 2014) Networking Project 5: Using Wireshark to Analyze Packet Traces 12

UNI CS 3470, Section 1 (Fall 2014) Networking Project 5: Using Wireshark to Analyze Packet Traces 12 UNI CS 3470, Section 1 (Fall 2014) Networking Project 5: Using Wireshark to Analyze Packet Traces 12 Due Tuesday, 12/9, at 11:59:59 PM. One s understanding of network protocols can often be greatly deepened

More information

Lab Exercise Ethernet

Lab Exercise Ethernet Lab Exercise Ethernet Objective To explore the details of Ethernet frames. Ethernet is a popular link layer protocol. Modern computers connect to Ethernet switches rather than use classic Ethernet. The

More information

Computer Networking LAB 2 HTTP

Computer Networking LAB 2 HTTP Computer Networking LAB 2 HTTP 1 OBJECTIVES The basic GET/response interaction HTTP message formats Retrieving large HTML files Retrieving HTML files with embedded objects HTTP authentication and security

More information

Packet Capture. Document Scope. SonicOS Enhanced Packet Capture

Packet Capture. Document Scope. SonicOS Enhanced Packet Capture Packet Capture Document Scope This solutions document describes how to configure and use the packet capture feature in SonicOS Enhanced. This document contains the following sections: Feature Overview

More information

Hands-on Network Traffic Analysis. 2015 Cyber Defense Boot Camp

Hands-on Network Traffic Analysis. 2015 Cyber Defense Boot Camp Hands-on Network Traffic Analysis 2015 Cyber Defense Boot Camp What is this about? Prerequisite: network packet & packet analyzer: (header, data) Enveloped letters inside another envelope Exercises Basic

More information

Lab 8.3.2 Conducting a Network Capture with Wireshark

Lab 8.3.2 Conducting a Network Capture with Wireshark Lab 8.3.2 Conducting a Network Capture with Wireshark Objectives Perform a network traffic capture with Wireshark to become familiar with the Wireshark interface and environment. Analyze traffic to a web

More information

Make a folder named Lab3. We will be using Unix redirection commands to create several output files in that folder.

Make a folder named Lab3. We will be using Unix redirection commands to create several output files in that folder. CMSC 355 Lab 3 : Penetration Testing Tools Due: September 31, 2010 In the previous lab, we used some basic system administration tools to figure out which programs where running on a system and which files

More information

DNS (Domain Name System) is the system & protocol that translates domain names to IP addresses.

DNS (Domain Name System) is the system & protocol that translates domain names to IP addresses. Lab Exercise DNS Objective DNS (Domain Name System) is the system & protocol that translates domain names to IP addresses. Step 1: Analyse the supplied DNS Trace Here we examine the supplied trace of a

More information

Ethereal Exercise 1: Introduction to Ethereal

Ethereal Exercise 1: Introduction to Ethereal Course: Semester: ELE437 Ethereal Exercise 1: Introduction to Ethereal While the ELE437 course doesn t have a lab component, many of the experiences in lab-based courses can be done as homework assignments

More information

Computer Networks/DV2 Lab

Computer Networks/DV2 Lab Computer Networks/DV2 Lab Room: BB 219 Additional Information: http://www.fb9dv.uni-duisburg.de/ti/en/education/teaching/ss13/netlab Equipment for each group: - 1 Server computer (OS: Windows Server 2008

More information

Basic Ethereal Based on J.F. Kurose and K.W. Ross.

Basic Ethereal Based on J.F. Kurose and K.W. Ross. Basic Ethereal Based on J.F. Kurose and K.W. Ross. Getting Ethereal Download the appropriate variant of the Ethereal installation software from http://ethereal.com/download.html (the Swedish mirror site

More information

Computer Networks/DV2 Lab

Computer Networks/DV2 Lab Computer Networks/DV2 Lab Room: BB 219 Additional Information: http://www.fb9dv.uni-duisburg.de/ti/en/education/teaching/ss08/netlab Equipment for each group: - 1 Server computer (OS: Windows 2000 Advanced

More information

HW 1 CS 356 Computer Networks

HW 1 CS 356 Computer Networks HW 1 CS 356 Computer Networks Instructions: VERY IMPORTANT. At the time this was put on the web page, I don t know if the TA will want PDF or paper copies. This will be announced in class/piazza. If copies

More information

Network Forensics Network Traffic Analysis

Network Forensics Network Traffic Analysis Copyright: The development of this document is funded by Higher Education of Academy. Permission is granted to copy, distribute and /or modify this document under a license compliant with the Creative

More information

Lab - Using Wireshark to View Network Traffic

Lab - Using Wireshark to View Network Traffic Topology Objectives Part 1: (Optional) Download and Install Wireshark Part 2: Capture and Analyze Local ICMP Data in Wireshark Start and stop data capture of ping traffic to local hosts. Locate the IP

More information

Introduction to Analyzer and the ARP protocol

Introduction to Analyzer and the ARP protocol Laboratory 6 Introduction to Analyzer and the ARP protocol Objetives Network monitoring tools are of interest when studying the behavior of network protocols, in particular TCP/IP, and for determining

More information

Modern snoop lab lite version

Modern snoop lab lite version Modern snoop lab lite version Lab assignment in Computer Networking OpenIPLab Department of Information Technology, Uppsala University Overview This is a lab constructed as part of the OpenIPLab project.

More information

CET442L Lab #2. IP Configuration and Network Traffic Analysis Lab

CET442L Lab #2. IP Configuration and Network Traffic Analysis Lab CET442L Lab #2 IP Configuration and Network Traffic Analysis Lab Goals: In this lab you will plan and implement the IP configuration for the Windows server computers on your group s network. You will use

More information

Sniffer s Network Packet Analyzer. Basics

Sniffer s Network Packet Analyzer. Basics Sniffer s Network Packet Analyzer Basics Sniffer Network Analysis Range of techniques that network engineers and designers employ to study the properties of networks, including connectivity, capacity and

More information

4m. MONITORING OF ETHERNET/IP NETWORK TRAFFIC.

4m. MONITORING OF ETHERNET/IP NETWORK TRAFFIC. 4m. MONITORING OF ETHERNET/IP NETWORK TRAFFIC. Wireshark (see Section 6) is a network packet analyser. It is used to: troubleshoot network problems, examine security problems, debug protocol implementations,

More information

Chapter 8 Monitoring and Logging

Chapter 8 Monitoring and Logging Chapter 8 Monitoring and Logging This chapter describes the SSL VPN Concentrator status information, logging, alerting and reporting features. It describes: SSL VPN Concentrator Status Active Users Event

More information

Firewall VPN Router. Quick Installation Guide M73-APO09-380

Firewall VPN Router. Quick Installation Guide M73-APO09-380 Firewall VPN Router Quick Installation Guide M73-APO09-380 Firewall VPN Router Overview The Firewall VPN Router provides three 10/100Mbit Ethernet network interface ports which are the Internal/LAN, External/WAN,

More information

Figure 1. Wireshark Menu Bar

Figure 1. Wireshark Menu Bar Packet Capture In this article, we shall cover the basic working of a sniffer, to capture packets for analyzing the traffic. If an analyst does not have working skills of a packet sniffer to a certain

More information

VisuSniff: A Tool For The Visualization Of Network Traffic

VisuSniff: A Tool For The Visualization Of Network Traffic VisuSniff: A Tool For The Visualization Of Network Traffic Rainer Oechsle University of Applied Sciences, Trier Postbox 1826 D-54208 Trier +49/651/8103-508 oechsle@informatik.fh-trier.de Oliver Gronz University

More information

Capture and analysis of the network traffic with Wireshark

Capture and analysis of the network traffic with Wireshark Capture and analysis of the network traffic with Wireshark Lab Objectives Understanding the purpose of Wireshark Studying configuration settings and capture options of Wireshark Studying Wireshark filters

More information

Own your LAN with Arp Poison Routing

Own your LAN with Arp Poison Routing Own your LAN with Arp Poison Routing By: Rorik Koster April 17, 2006 Security is a popular buzzword heard every day throughout our American culture and possibly even more so in our global economy. From

More information

The trace is here:

The trace is here: Lab Exercise ICMP Objective To see how ICMP (Internet Control Message Protocol) is used. ICMP is a companion protocol to IP that helps IP to perform its functions by handling various error and test cases.

More information

Network Probe User Guide

Network Probe User Guide Network Probe User Guide Network Probe User Guide Table of Contents 1. Introduction...1 2. Installation...2 Windows installation...2 Linux installation...3 Mac installation...4 License key...5 Deployment...5

More information

Intrusion Detection, Packet Sniffing

Intrusion Detection, Packet Sniffing Intrusion Detection, Packet Sniffing By : Eng. Ayman Amaireh Supervisor :Dr.: Lo'ai Tawalbeh New York Institute of Technology (NYIT)- Jordan s s campus-2006 12/2/2006 eng Ayman 1 What is a "packet sniffer"?

More information

TCP Packet Tracing Part 1

TCP Packet Tracing Part 1 TCP Packet Tracing Part 1 Robert L Boretti Jr (robb@us.ibm.com) Marvin Knight (knightm@us.ibm.com) Advisory Software Engineers 24 May 2011 Agenda Main Focus - TCP Packet Tracing What is TCP - general description

More information

Packet Monitor in SonicOS 5.8

Packet Monitor in SonicOS 5.8 Packet Monitor in SonicOS 5.8 Document Contents This document contains the following sections: Packet Monitor Overview on page 1 Configuring Packet Monitor on page 5 Using Packet Monitor and Packet Mirror

More information

EINTE LAB EXERCISES LAB EXERCISE #5 - SIP PROTOCOL

EINTE LAB EXERCISES LAB EXERCISE #5 - SIP PROTOCOL EINTE LAB EXERCISES LAB EXERCISE #5 - SIP PROTOCOL PREPARATIONS STUDYING SIP PROTOCOL The aim of this exercise is to study the basic aspects of the SIP protocol. Before executing the exercise you should

More information

Internet Security ECOM 5347 Lab 1 Sniffing. Sniffing. Become aware of a class of vulnerabilities known as sniffing. Learn how to use a sniffer tool.

Internet Security ECOM 5347 Lab 1 Sniffing. Sniffing. Become aware of a class of vulnerabilities known as sniffing. Learn how to use a sniffer tool. Objectives Sniffing Become aware of a class of vulnerabilities known as sniffing. Learn how to use a sniffer tool. What is a packet sniffer? Sniffing is eavesdropping on the network and A packet sniffer

More information

INTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY

INTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY INTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY A PATH FOR HORIZING YOUR INNOVATIVE WORK PACKET SNIFFING MS. SONALI A. KARALE 1, MS. PUNAM P. HARKUT 2 HVPM COET Amravati.

More information

Network Security: Workshop. Dr. Anat Bremler-Barr. Assignment #2 Analyze dump files Solution Taken from www.chrissanders.org

Network Security: Workshop. Dr. Anat Bremler-Barr. Assignment #2 Analyze dump files Solution Taken from www.chrissanders.org 1.pcap - File download Network Security: Workshop Dr. Anat Bremler-Barr Assignment #2 Analyze dump files Solution Taken from www.chrissanders.org Downloading a file is a pretty basic function when described

More information

1. Whatdo you use? 2. Speed Tests?

1. Whatdo you use? 2. Speed Tests? Session Title: Network Traffic Analysis -- It's not just for fun anymore. Session Type: 50 Min. Breakout Session Presentation Day: Tuesday, February 11 Network Traffic Analysis It s not just for fun anymore.

More information

CYBER ATTACKS EXPLAINED: PACKET CRAFTING

CYBER ATTACKS EXPLAINED: PACKET CRAFTING CYBER ATTACKS EXPLAINED: PACKET CRAFTING Protect your FOSS-based IT infrastructure from packet crafting by learning more about it. In the previous articles in this series, we explored common infrastructure

More information

Procedure: You can find the problem sheet on Drive D: of the lab PCs. 1. IP address for this host computer 2. Subnet mask 3. Default gateway address

Procedure: You can find the problem sheet on Drive D: of the lab PCs. 1. IP address for this host computer 2. Subnet mask 3. Default gateway address Objectives University of Jordan Faculty of Engineering & Technology Computer Engineering Department Computer Networks Laboratory 907528 Lab.4 Basic Network Operation and Troubleshooting 1. To become familiar

More information

Multi-Homing Dual WAN Firewall Router

Multi-Homing Dual WAN Firewall Router Multi-Homing Dual WAN Firewall Router Quick Installation Guide M73-APO09-400 Multi-Homing Dual WAN Firewall Router Overview The Multi-Homing Dual WAN Firewall Router provides three 10/100Mbit Ethernet

More information

Pre-lab and In-class Laboratory Exercise 10 (L10)

Pre-lab and In-class Laboratory Exercise 10 (L10) ECE/CS 4984: Wireless Networks and Mobile Systems Pre-lab and In-class Laboratory Exercise 10 (L10) Part I Objectives and Lab Materials Objective The objectives of this lab are to: Familiarize students

More information

Lab 1: Packet Sniffing and Wireshark

Lab 1: Packet Sniffing and Wireshark Lab 1: Packet Sniffing and Wireshark Fengwei Zhang Wayne State University CSC 5991 Cyber Security Prac@ce 1 Packet Sniffer Packet sniffer is a basic tool for observing network packet exchanges in a computer

More information

A Research Study on Packet Sniffing Tool TCPDUMP

A Research Study on Packet Sniffing Tool TCPDUMP A Research Study on Packet Sniffing Tool TCPDUMP ANSHUL GUPTA SURESH GYAN VIHAR UNIVERSITY, INDIA ABSTRACT Packet sniffer is a technique of monitoring every packet that crosses the network. By using this

More information

Section 11.1, Simple Network Management Protocol. Section 11.2, Port Data Capture

Section 11.1, Simple Network Management Protocol. Section 11.2, Port Data Capture Chapter 11 SNMP and Port Data Capture This module discusses the Simple Network Management Protocol (SNMP) and the BANDIT device s Port Data Capture feature, and how they can be used to augment or enhance

More information

Lab Exercise SSL/TLS. Objective. Requirements. Step 1: Capture a Trace

Lab Exercise SSL/TLS. Objective. Requirements. Step 1: Capture a Trace Lab Exercise SSL/TLS Objective To observe SSL/TLS (Secure Sockets Layer / Transport Layer Security) in action. SSL/TLS is used to secure TCP connections, and it is widely used as part of the secure web:

More information

Packet Capture and Expert Troubleshooting with the Viavi Solutions T-BERD /MTS-6000A

Packet Capture and Expert Troubleshooting with the Viavi Solutions T-BERD /MTS-6000A Packet Capture and Expert Troubleshooting with the Viavi Solutions T-BERD /MTS-6000A By Barry Constantine Introduction As network complexity grows, network provider technicians require the ability to troubleshoot

More information

Configuring Network Address Translation (NAT)

Configuring Network Address Translation (NAT) 8 Configuring Network Address Translation (NAT) Contents Overview...................................................... 8-3 Translating Between an Inside and an Outside Network........... 8-3 Local and

More information

Material for the Networking lab in ETSF15 Computer Systems and Networks 2016

Material for the Networking lab in ETSF15 Computer Systems and Networks 2016 Material for the Networking lab in ETSF15 Computer Systems and Networks 2016 Preparations In order to succeed with the lab, you must have understood some important parts of the course. Therefore, before

More information

An introduction to Network Analyzers

An introduction to Network Analyzers An introduction to Network Analyzers Dr. Farid Farahmand 9/15/2016 Network Analysis and Sniffing Process of capturing, decoding, and analyzing network traffic Why is the network slow What is the network

More information

Connect the Host to attach to Fast Ethernet switch port Fa0/2. Configure the host as shown in the topology diagram above.

Connect the Host to attach to Fast Ethernet switch port Fa0/2. Configure the host as shown in the topology diagram above. Lab 1.2.2 Capturing and Analyzing Network Traffic Host Name IP Address Fa0/0 Subnet Mask IP Address S0/0/0 Subnet Mask Default Gateway RouterA 172.17.0.1 255.255.0.0 192.168.1.1 (DCE) 255.255.255.0 N/A

More information

Craig Pelkie Bits & Bytes Programming, Inc. craig@web400.com

Craig Pelkie Bits & Bytes Programming, Inc. craig@web400.com Craig Pelkie Bits & Bytes Programming, Inc. craig@web400.com The Basics of IP Packet Filtering Edition IPFILTER_20020219 Published by Bits & Bytes Programming, Inc. Valley Center, CA 92082 craig@web400.com

More information

Troubleshooting Tools to Diagnose or Report a Problem February 23, 2012

Troubleshooting Tools to Diagnose or Report a Problem February 23, 2012 Troubleshooting Tools to Diagnose or Report a Problem February 23, 2012 Proprietary 2012 Media5 Corporation Scope of this Document This Technical Bulletin aims to inform the reader on the troubleshooting

More information

IP Filtering for Patton RAS Products

IP Filtering for Patton RAS Products RAS Filtering: Applications and Functionality Security PLUS Service Differentiation Did you know you can use IP filtering to boost your revenues? Patton s Remote Access Server (RAS) provides IP Filtering

More information

Looking for Trouble: ICMP and IP Statistics to Watch

Looking for Trouble: ICMP and IP Statistics to Watch Looking for Trouble: ICMP and IP Statistics to Watch Laura Chappell, Senior Protocol Analyst Protocol Analysis Institute [lchappell@packet-level.com] www.packet-level.com www.podbooks.com HTCIA Member,

More information

To see how ARP (Address Resolution Protocol) works. ARP is an essential glue protocol that is used to join Ethernet and IP.

To see how ARP (Address Resolution Protocol) works. ARP is an essential glue protocol that is used to join Ethernet and IP. Lab Exercise ARP Objective To see how ARP (Address Resolution Protocol) works. ARP is an essential glue protocol that is used to join Ethernet and IP. The trace is here: http://scisweb.ulster.ac.uk/~kevin/com320/labs/wireshark/trace-arp.pcap

More information

Lab 1: Network Devices and Technologies - Capturing Network Traffic

Lab 1: Network Devices and Technologies - Capturing Network Traffic CompTIA Security+ Lab Series Lab 1: Network Devices and Technologies - Capturing Network Traffic CompTIA Security+ Domain 1 - Network Security Objective 1.1: Explain the security function and purpose of

More information

Ethereal Lab: IP. 1. Capturing packets from an execution of traceroute

Ethereal Lab: IP. 1. Capturing packets from an execution of traceroute Ethereal Lab: IP Version: 1.0 2005 J.F. Kurose, K.W. Ross. All Rights Reserved Computer Networking: A Topdown Approach Featuring the Internet, 3 rd edition. In this lab, we ll investigate the IP protocol,

More information

COEN 445 Lab 9 Wireshark Lab: Ethernet and ARP. Claude Fachkha

COEN 445 Lab 9 Wireshark Lab: Ethernet and ARP. Claude Fachkha COEN 445 Lab 9 Wireshark Lab: Ethernet and ARP Claude Fachkha Introduction In this lab, we ll investigate the Ethernet protocol and the ARP protocol. Before beginning this lab, you ll probably want to

More information

TCP/IP Concepts Review. A CEH Perspective

TCP/IP Concepts Review. A CEH Perspective TCP/IP Concepts Review A CEH Perspective 1 Objectives At the end of this unit, you will be able to: Describe the TCP/IP protocol stack For each level, explain roles and vulnerabilities Explain basic IP

More information

Packet Sniffing with Wireshark and Tcpdump

Packet Sniffing with Wireshark and Tcpdump Packet Sniffing with Wireshark and Tcpdump Capturing, or sniffing, network traffic is invaluable for network administrators troubleshooting network problems, security engineers investigating network security

More information

Network Security. Network Packet Analysis

Network Security. Network Packet Analysis Network Security Network Packet Analysis Module 3 Keith A. Watson, CISSP, CISA IA Research Engineer, CERIAS kaw@cerias.purdue.edu 1 Network Packet Analysis Definition: Examining network packets to determine

More information

Lab 5. Figure 1. According to above screenshot (Figure 1), the Ethernet address of my computer is 00:0c:29:b4:cb:20.

Lab 5. Figure 1. According to above screenshot (Figure 1), the Ethernet address of my computer is 00:0c:29:b4:cb:20. Lab 5 1. What is the 48 bit Ethernet address of your computer? Figure 1 According to above screenshot (Figure 1), the Ethernet address of my computer is 00:0c:29:b4:cb:20. 2. What is the 48 bit destination

More information

Firewall Testing. Cameron Kerr Telecommunications Programme University of Otago. May 16, 2005

Firewall Testing. Cameron Kerr Telecommunications Programme University of Otago. May 16, 2005 Firewall Testing Cameron Kerr Telecommunications Programme University of Otago May 16, 2005 Abstract Writing a custom firewall is a complex task, and is something that requires a significant amount of

More information

TCP/IP Concepts Review. A CEH Perspective

TCP/IP Concepts Review. A CEH Perspective TCP/IP Concepts Review A CEH Perspective 1 Objectives At the end of this unit, you will be able to: Describe the TCP/IP protocol stack For each level, explain roles and vulnerabilities Explain basic IP

More information

BASIC ANALYSIS OF TCP/IP NETWORKS

BASIC ANALYSIS OF TCP/IP NETWORKS BASIC ANALYSIS OF TCP/IP NETWORKS INTRODUCTION Communication analysis provides powerful tool for maintenance, performance monitoring, attack detection, and problems fixing in computer networks. Today networks

More information

Wireshark Lab for ECE374 Posted: 02/11/15 Due: 02/18/15

Wireshark Lab for ECE374 Posted: 02/11/15 Due: 02/18/15 ECE374: Lab Assingment 2 1 Wireshark Lab for ECE374 Posted: 02/11/15 Due: 02/18/15 Having gotten our feet wet with the Wireshark packet sniffer in the introductory lab, we re now ready to use Wireshark

More information

Transformation of honeypot raw data into structured data

Transformation of honeypot raw data into structured data Transformation of honeypot raw data into structured data 1 Majed SANAN, Mahmoud RAMMAL 2,Wassim RAMMAL 3 1 Lebanese University, Faculty of Sciences. 2 Lebanese University, Director of center of Research

More information

Lab 8.4.2 Configuring Access Policies and DMZ Settings

Lab 8.4.2 Configuring Access Policies and DMZ Settings Lab 8.4.2 Configuring Access Policies and DMZ Settings Objectives Log in to a multi-function device and view security settings. Set up Internet access policies based on IP address and application. Set

More information

LESSON 3.6. 98-366 Networking Fundamentals. Understand TCP/IP

LESSON 3.6. 98-366 Networking Fundamentals. Understand TCP/IP Understand TCP/IP Lesson Overview In this lesson, you will learn about: TCP/IP Tracert Telnet Netstat Reserved addresses Local loopback IP Ping Pathping Ipconfig Protocols Anticipatory Set Experiment with

More information

Wireshark Quick-Start Guide. Instructions on Using the Wireshark Packet Analyzer

Wireshark Quick-Start Guide. Instructions on Using the Wireshark Packet Analyzer Wireshark Quick-Start Guide Instructions on Using the Wireshark Packet Analyzer July 2, 2008 Table of Contents Chapter 1: Getting Started... 3 I) Current Version... 4 II) Installation... 4 III) Specifying

More information

Online Application Monitoring Tool. A Project Presented to The Faculty of the Department of Computer Science San José State University

Online Application Monitoring Tool. A Project Presented to The Faculty of the Department of Computer Science San José State University Online Application Monitoring Tool A Project Presented to The Faculty of the Department of Computer Science San José State University In Partial Fulfillment Of the Requirements for the Degree Master of

More information

Macintosh Clients and Windows Print Queues

Macintosh Clients and Windows Print Queues Macintosh Clients and Windows Print Queues OS X Maverick, Lion Mountain, Leopard, Tiger, and Panther Pre-Configuration Requirements Ensure Macintosh machines have a valid Host A and PTR records in your

More information

HoneyBOT User Guide A Windows based honeypot solution

HoneyBOT User Guide A Windows based honeypot solution HoneyBOT User Guide A Windows based honeypot solution Visit our website at http://www.atomicsoftwaresolutions.com/ Table of Contents What is a Honeypot?...2 How HoneyBOT Works...2 Secure the HoneyBOT Computer...3

More information

Owner of the content within this article is www.isaserver.org Written by Marc Grote www.it-training-grote.de

Owner of the content within this article is www.isaserver.org Written by Marc Grote www.it-training-grote.de Owner of the content within this article is www.isaserver.org Written by Marc Grote www.it-training-grote.de Configuring the Forefront TMG HTTP Filter Abstract In this article I will show you how to configure

More information

1. LAB SNIFFING LAB ID: 10

1. LAB SNIFFING LAB ID: 10 H E R A LAB ID: 10 SNIFFING Sniffing in a switched network ARP Poisoning Analyzing a network traffic Extracting files from a network trace Stealing credentials Mapping/exploring network resources 1. LAB

More information

Lab Exercise DNS. Objective. Requirements. Network Setup

Lab Exercise DNS. Objective. Requirements. Network Setup Lab Exercise DNS Objective DNS (Domain Name System) is the system and protocol that translates domain names to IP addresses and more. DNS is covered in 7.1 of your text. Review that section before doing

More information

tool for / Zigbee / 6LoWPAN networks

tool for / Zigbee / 6LoWPAN networks 2 nd generation Internet of things packet analyser Multiband 780/868/915/2400 MHz Web configuration Ethernet remote control and firmware upgrade Wireshark based HW/SW sources available Available modes

More information

Introduction to Networking S Y STEMS

Introduction to Networking S Y STEMS Introduction to Networking CS 40: INTRODUCTION TO U NIX A ND L I NUX O P E R AT ING S Y STEMS Objectives Introduce networking, including what it is and what it contains, which includes: Networking layers

More information

Non-intrusive, complete network protocol decoding with plain mnemonics in English

Non-intrusive, complete network protocol decoding with plain mnemonics in English The Triple Play Analysis Suite - DATA The Triple Play Analysis Suite - Data are meant for emulating the client s application such as FTP downloading or Web Browser testing at the termination point of DSL

More information

TCP/IP Concepts Review. Ed Crowley

TCP/IP Concepts Review. Ed Crowley TCP/IP Concepts Review Ed Crowley 1 Objectives At the end of this unit, you will be able to: Describe the TCP/IP protocol stack For each level, explain roles and vulnerabilities Explain basic IP addressing

More information

ITL Lab 5 - Performance Measurements and SNMP Monitoring 1. Purpose

ITL Lab 5 - Performance Measurements and SNMP Monitoring 1. Purpose Lab 5 - Performance Measurements and SNMP Monitoring 1 Purpose Before the Lab Measure the performance (throughput) of TCP connections Measure the performance of UDP connections; observe an RTP flow Examine

More information

CS197U: A Hands on Introduction to Unix

CS197U: A Hands on Introduction to Unix CS197U: A Hands on Introduction to Unix Lecture 10: Security Issues and Traffic Monitoring Tian Guo University of Massachusetts Amherst CICS 1 Reminders Assignment 5 is due Thursday (Oct. 22) Part 1 (tracking

More information

Solution of Exercise Sheet 5

Solution of Exercise Sheet 5 Foundations of Cybersecurity (Winter 15/16) Prof. Dr. Michael Backes CISPA / Saarland University saarland university computer science Protocols = {????} Client Server IP Address =???? IP Address =????

More information

Load Balancing. Outlook Web Access. Web Mail Using Equalizer

Load Balancing. Outlook Web Access. Web Mail Using Equalizer Load Balancing Outlook Web Access Web Mail Using Equalizer Copyright 2009 Coyote Point Systems, Inc. Printed in the USA. Publication Date: January 2009 Equalizer is a trademark of Coyote Point Systems

More information

CCNA Discovery 4.0.3.0 Networking for Homes and Small Businesses Student Packet Tracer Lab Manual

CCNA Discovery 4.0.3.0 Networking for Homes and Small Businesses Student Packet Tracer Lab Manual 4.0.3.0 Networking for Homes and Small Businesses Student Packet Tracer Lab Manual This document is exclusive property of Cisco Systems, Inc. Permission is granted to print and copy this document for non-commercial

More information