COMP416 Lab (1) Wireshark I. 23 September 2013

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "COMP416 Lab (1) Wireshark I. 23 September 2013"

Transcription

1 COMP416 Lab (1) Wireshark I 23 September 2013

2 2 Before the lab Review the content of communication architecture. Review TCP/IP model and protocol suite. Understand data transferring, layering, and encapsulation/demultiplexing.

3 3 Content Data capture basis and tools Getting start with Wireshark Advanced usage Traffic and protocol analysis

4 4 Packet capture Why do we need to capture packets? troubleshoot network problems examine security problems debug protocol implementations learn network protocol internals

5 5 Packet capture tools/sniffers Classic tools WireShark (http://www.wireshark.org/) TCPDump (http://www.tcpdump.org/) Other tools Ettercap Dsniff Ntop KISMET WinDump Tshark

6 6 What is Wireshark? An open source packet analyzer capture network packets display that packet data Decode 1115 protocols (v1.4) Support command-line and GUI interfaces Run on many platforms, including Windows, OS X, Linux, and UNIX Many online resources Wireshark User s Guide (http://www.wireshark.org/docs/wsug_html_chunked/)

7 7 How does Wireshark work? Windows Linux Wireshark Winpcap libpcap

8 8 Libpcap and Winpcap Libpcap and winpcap are libraries for network traffic capture, provides the core functions of packet capturing Linux/Unix -> libpcap Windows -> winpcap Homepage of libpcap: Homepage of winpcap:

9 9 TCPDump and WinDump Tcpdump Unix-based command-line tool used to analyze packets Including filtering to just capture the packets of interest Capture packets from interface specified using -i option Read packets from an existing trace file specified using -r option Save captured packets using -w option Homepage: WinDump The Windows version of tcpdump Homepage:

10 10 Basic usage Tip: packet capture need root / administrator privileges Packet capture: select the right interface! Save / open trace

11 11 Advanced usage (1): filters Capture filters Only the packets meet the rule will be captured and decoded in Wireshark Syntax Specify protocols: ip, tcp, udp Specify host: host, dst, src More filters can be found: Display filters Do not affect captured packets Only determine whether or not to display some packets Syntax Useful: Follow TCP Stream More filters can be found:

12 12 Advanced usage (2) Follow a stream Stream: [IP address A, port A, IP address B, port B] Adjust the layout and columns Edit -> Preference Statistics Summary: general statistics about the current capture file Conversations: statistics of the captured conversations Conversation is the traffic between two specific endpoints Endpoints: traffic statistics of an end host IO Graphs: visualizing the number of packets in time

13 13 Analyze Web application The World Wide Web (WWW) is the most popular Internet application Answer the following question: What s the relationship between Web and HTTP? What type of protocol does HTTP belong to? What happen in the background when you access a Web site through a Web browser?

14 14 Exercise 1:analyze HTTP traffic Y:\Win32\WiresharkPortable Select the right interface Visit After the page is fully loaded, stop capturing. Analyze HTTP traffic What have you observed? Write down the protocols you have observed Consider why you can observe so much traffic and protocols besides the HTTP traffic

15 15 Exercise 1 (cont d) Analyze HTTP traffic What s your HTTP request method? What s your HTTP request version? What s the status code in the response? What does it mean? Apply a display filter so that only HTTP packets are shown. How many HTTP requests have been sent to the Web server? Write down each request.

16 16 Exercise 2 Try to different capture filters How can I capture only HTTP traffic? How can I only capture only the traffic from/to a specified host? Visit and analyze the HTTP traffic What s your IP address? What s the server s IP address? How many TCP connections were opened? Visit and analyze the HTTP traffic What s the difference as compared with the previous steps?

17 17 Exercise 2 (cont d) Visit and analyze HTTP traffic What s the difference as compared with the previous steps? How many Web servers have you accessed? Write down the servers exact IP addresses. Explain this phenomenon.

18 18 Exercise 3 Delete the capture filter. Start a new capture. Visit When the page is fully loaded, stop capturing. Compare the throughput between UDP and TCP in a time series.

19 19 Exercise 4 Start a new capture. Visit https://www.google.com.hk. When the page is fully loaded, stop capturing. Identify the HTTPS traffic. What s the default port of HTTPS? What can you see after applying follow the TCP stream? Write down the process of how an https connection is established.

20 20 Exercise 5 Visit and analyze the HTTP traffic. Record the IP address of the Facebook server. Save the trace. Visit Facebook again at home, and compare the trace you obtained in campus. Record the IP address of the Facebook server. Is the IP address recorded at home the same as the one recorded in campus? If not, explain why.

21 21 Further reading CDN (content delivery network)

Network Security. Network Packet Analysis

Network Security. Network Packet Analysis Network Security Network Packet Analysis Module 3 Keith A. Watson, CISSP, CISA IA Research Engineer, CERIAS kaw@cerias.purdue.edu 1 Network Packet Analysis Definition: Examining network packets to determine

More information

Lab VI Capturing and monitoring the network traffic

Lab VI Capturing and monitoring the network traffic Lab VI Capturing and monitoring the network traffic 1. Goals To gain general knowledge about the network analyzers and to understand their utility To learn how to use network traffic analyzer tools (Wireshark)

More information

Wireshark. Fakrul (Pappu) Alam fakrul@dhakacom.com

Wireshark. Fakrul (Pappu) Alam fakrul@dhakacom.com Wireshark Fakrul (Pappu) Alam fakrul@dhakacom.com What is Wireshark? Wireshark is a network packet/protocol analyzer. A network packet analyzer will try to capture network packets and tries to display

More information

USING WIRESHARK TO CAPTURE AND ANALYZE NETWORK DATA

USING WIRESHARK TO CAPTURE AND ANALYZE NETWORK DATA USING WIRESHARK TO CAPTURE AND ANALYZE NETWORK DATA CPSC 441 TUTORIAL JANUARY 30, 2012 TA: RUITING ZHOU The content of these slides are taken from CPSC 526 TUTORIAL by Nashd Safa (Extended and partially

More information

Lab 8.3.2 Conducting a Network Capture with Wireshark

Lab 8.3.2 Conducting a Network Capture with Wireshark Lab 8.3.2 Conducting a Network Capture with Wireshark Objectives Perform a network traffic capture with Wireshark to become familiar with the Wireshark interface and environment. Analyze traffic to a web

More information

LAB: Protocol & Packet Analysis with wireshark

LAB: Protocol & Packet Analysis with wireshark LAB: Protocol & Packet Analysis with wireshark with some focus on IPv6 Sebastian Büttrich, NSRC Last edit: March 2015 ICTP Workshop on Scientific Applications for the Internet of Things (IoT) Protocol

More information

Lab 1: Packet Sniffing and Wireshark

Lab 1: Packet Sniffing and Wireshark Introduction CSC 5991 Cyber Security Practice Lab 1: Packet Sniffing and Wireshark The first part of the lab introduces packet sniffer, Wireshark. Wireshark is a free opensource network protocol analyzer.

More information

Overview. Protocol Analysis. Network Protocol Examples. Tools overview. Analysis Methods

Overview. Protocol Analysis. Network Protocol Examples. Tools overview. Analysis Methods Overview Capturing & Analyzing Network Traffic: tcpdump/tshark and Wireshark EE 122: Intro to Communication Networks Vern Paxson / Jorge Ortiz / Dilip Anthony Joseph Examples of network protocols Protocol

More information

Safe network analysis

Safe network analysis Safe network analysis Generating network traffic captures within a virtual network. Presented by Andrew Martin 1 Introduction What is a sniffer How does sniffing work Usages Scenarios Building safe repositories

More information

Customer Tips. Network Packet Analyzer Tips. for the user. Purpose. Introduction to Packet Capture. Xerox Multifunction Devices.

Customer Tips. Network Packet Analyzer Tips. for the user. Purpose. Introduction to Packet Capture. Xerox Multifunction Devices. Xerox Multifunction Devices Customer Tips January 15, 2004 This document applies to these Xerox products: Network Packet Analyzer Tips Purpose This document contains a procedure that Xerox customers can

More information

Wireshark Lab: Assignment 1w (Optional)

Wireshark Lab: Assignment 1w (Optional) Tell me and I forget. Show me and I remember. Involve me and I understand. Chinese proverb 2005-21012, J.F Kurose and K.W. Ross, All Rights Reserved Wireshark Lab: Assignment 1w (Optional) One s understanding

More information

Introduction to Analyzer and the ARP protocol

Introduction to Analyzer and the ARP protocol Laboratory 6 Introduction to Analyzer and the ARP protocol Objetives Network monitoring tools are of interest when studying the behavior of network protocols, in particular TCP/IP, and for determining

More information

Introduction to Passive Network Traffic Monitoring

Introduction to Passive Network Traffic Monitoring Introduction to Passive Network Traffic Monitoring CS459 ~ Internet Measurements Spring 2015 Despoina Antonakaki antonakd@csd.uoc.gr Active Monitoring Inject test packets into the network or send packets

More information

1/5/2014. Objectives. Performance Evaluation of Computer Networks. Contents WHY? NETWORK MEASUREMENT. Why Network Measurement. Why Network Measurement

1/5/2014. Objectives. Performance Evaluation of Computer Networks. Contents WHY? NETWORK MEASUREMENT. Why Network Measurement. Why Network Measurement , 2013 Performance Evaluation of Computer Networks Week 9 (Part 1) Performance Measurement Objectives Appreciate the role of measurement in building and maintaining high-performance TCP/IP networks Explain

More information

Performance Evaluation of Computer Networks

Performance Evaluation of Computer Networks , 2013 Performance Evaluation of Computer Networks Week 9 (Part 1) Performance Measurement Mujdat Soyturk, Ph.D. Asst. Prof. Objectives Appreciate the role of measurement in building and maintaining high-performance

More information

An introduction to Network Analyzers

An introduction to Network Analyzers An introduction to Network Analyzers Dr. Farid Farahmand 9/15/2016 Network Analysis and Sniffing Process of capturing, decoding, and analyzing network traffic Why is the network slow What is the network

More information

Lab Exercise SSL/TLS. Objective. Requirements. Step 1: Capture a Trace

Lab Exercise SSL/TLS. Objective. Requirements. Step 1: Capture a Trace Lab Exercise SSL/TLS Objective To observe SSL/TLS (Secure Sockets Layer / Transport Layer Security) in action. SSL/TLS is used to secure TCP connections, and it is widely used as part of the secure web:

More information

DMZ Network Visibility with Wireshark June 15, 2010

DMZ Network Visibility with Wireshark June 15, 2010 DMZ Network Visibility with Wireshark June 15, 2010 Ashok Desai Senior Network Specialist Intel Information Technology SHARKFEST 10 Stanford University June 14-17, 2010 Outline Presentation Objective DMZ

More information

UNI CS 3470, Section 1 (Fall 2014) Networking Project 5: Using Wireshark to Analyze Packet Traces 12

UNI CS 3470, Section 1 (Fall 2014) Networking Project 5: Using Wireshark to Analyze Packet Traces 12 UNI CS 3470, Section 1 (Fall 2014) Networking Project 5: Using Wireshark to Analyze Packet Traces 12 Due Tuesday, 12/9, at 11:59:59 PM. One s understanding of network protocols can often be greatly deepened

More information

ITTC Communication Networks Laboratory The University of Kansas EECS 780 Introduction to Protocol Analysis with Wireshark

ITTC Communication Networks Laboratory The University of Kansas EECS 780 Introduction to Protocol Analysis with Wireshark Communication Networks Laboratory The University of Kansas EECS 780 Introduction to Protocol Analysis with Wireshark Trúc Anh N. Nguyễn, Egemen K. Çetinkaya, Mohammed Alenazi, and James P.G. Sterbenz Department

More information

Lab - Using Wireshark to Observe the TCP 3-Way Handshake

Lab - Using Wireshark to Observe the TCP 3-Way Handshake Topology Objectives Part 1: Prepare Wireshark to Capture Packets Select an appropriate NIC interface to capture packets. Part 2: Capture, Locate, and Examine Packets Capture a web session to www.google.com.

More information

darkstat - a network traffic analyzer Introduction Installation LinuxFocus article number 346 http://linuxfocus.org by Mario M.

darkstat - a network traffic analyzer Introduction Installation LinuxFocus article number 346 http://linuxfocus.org by Mario M. LinuxFocus article number 346 http://linuxfocus.org darkstat - a network traffic analyzer by Mario M. Knopf (homepage) About the author: Mario enjoys to keep busy with Linux, networks and other topics

More information

Ford ANX Troubleshooting Procedure for use by Trading Partners

Ford ANX Troubleshooting Procedure for use by Trading Partners Ford AX Troubleshooting Procedure for use by Trading Partners Step 1: Verify Internal Routing on Trading Partner etwork Verify packets are routing correctly through Trading Partner LA/WA and Trading Partner

More information

Lab - Using Wireshark to View Network Traffic

Lab - Using Wireshark to View Network Traffic Topology Objectives Part 1: (Optional) Download and Install Wireshark Part 2: Capture and Analyze Local ICMP Data in Wireshark Start and stop data capture of ping traffic to local hosts. Locate the IP

More information

Wireshark Tutorial INTRODUCTION

Wireshark Tutorial INTRODUCTION Wireshark Tutorial INTRODUCTION The purpose of this document is to introduce the packet sniffer WIRESHARK. WIRESHARK would be used for the lab experiments. This document introduces the basic operation

More information

Flow-level analysis: wireshark and Bro. Prof. Anja Feldmann, Ph.D. Dr. Nikolaos Chatzis

Flow-level analysis: wireshark and Bro. Prof. Anja Feldmann, Ph.D. Dr. Nikolaos Chatzis Flow-level analysis: wireshark and Bro Prof. Anja Feldmann, Ph.D. Dr. Nikolaos Chatzis 1 wireshark tshark Network packet analyzer for Unix/Windows Displays detailed packet stats GUI (wireshark) or command-line

More information

Network Trace Analysis

Network Trace Analysis Network Trace Analysis Version 1.0 Facebook LinkedIn Twitter Dmitry Vostokov Software Diagnostics Services Wireshark Hark Listen (to) Hark! There s the big bombardment. Speak in one s ear; whisper Shorter

More information

CSE 3214: Computer Network Protocols and Applications

CSE 3214: Computer Network Protocols and Applications CSE 3214: Computer Network Protocols and Applications 1 Course Web-Page: Instructor: http://www.eecs.yorku.ca/course/3214/ (all lecture notes will be posted on this page) Natalija Vlajic (vlajic@cse.yorku.ca)

More information

Network sniffing packet capture and analysis

Network sniffing packet capture and analysis Network sniffing packet capture and analysis October 2, 2015 Administrative submittal instructions answer the lab assignment s 13 questions in numbered list form, in a Word document file. (13 th response

More information

Network sniffing packet capture and analysis

Network sniffing packet capture and analysis Network sniffing packet capture and analysis October 3, 2014 Administrative submittal instructions answer the lab assignment s 13 questions in numbered list form, in a Word document file. (13 th response

More information

EINTE LAB EXERCISES LAB EXERCISE #5 - SIP PROTOCOL

EINTE LAB EXERCISES LAB EXERCISE #5 - SIP PROTOCOL EINTE LAB EXERCISES LAB EXERCISE #5 - SIP PROTOCOL PREPARATIONS STUDYING SIP PROTOCOL The aim of this exercise is to study the basic aspects of the SIP protocol. Before executing the exercise you should

More information

Internet Security ECOM 5347 Lab 1 Sniffing. Sniffing. Become aware of a class of vulnerabilities known as sniffing. Learn how to use a sniffer tool.

Internet Security ECOM 5347 Lab 1 Sniffing. Sniffing. Become aware of a class of vulnerabilities known as sniffing. Learn how to use a sniffer tool. Objectives Sniffing Become aware of a class of vulnerabilities known as sniffing. Learn how to use a sniffer tool. What is a packet sniffer? Sniffing is eavesdropping on the network and A packet sniffer

More information

Procedure: You can find the problem sheet on Drive D: of the lab PCs. 1. IP address for this host computer 2. Subnet mask 3. Default gateway address

Procedure: You can find the problem sheet on Drive D: of the lab PCs. 1. IP address for this host computer 2. Subnet mask 3. Default gateway address Objectives University of Jordan Faculty of Engineering & Technology Computer Engineering Department Computer Networks Laboratory 907528 Lab.4 Basic Network Operation and Troubleshooting 1. To become familiar

More information

Wireshark Tutorial. Figure 1: Packet sniffer structure

Wireshark Tutorial. Figure 1: Packet sniffer structure Wireshark Tutorial INTRODUCTION The purpose of this document is to introduce the packet sniffer Wireshark. Wireshark would be used for the lab experiments. This document introduces the basic operation

More information

Introduction to Network Security Lab 1 - Wireshark

Introduction to Network Security Lab 1 - Wireshark Introduction to Network Security Lab 1 - Wireshark Bridges To Computing 1 Introduction: In our last lecture we discussed the Internet the World Wide Web and the Protocols that are used to facilitate communication

More information

Wireshark DNS. Introduction. nslookup

Wireshark DNS. Introduction. nslookup Wireshark DNS Introduction The Domain Name System (DNS) translates hostnames to IP addresses, fulfilling a critical role in the Internet infrastructure. In this lab, we ll take a closer look at the client

More information

Packet Sniffer A Comparative Study

Packet Sniffer A Comparative Study International Journal of Computer Networks and Communications Security VOL. 2, NO. 5, MAY 2014, 179 187 Available online at: www.ijcncs.org ISSN 2308-9830 C N C S Packet Sniffer A Comparative Study Dr.

More information

TCP Packet Tracing Part 1

TCP Packet Tracing Part 1 TCP Packet Tracing Part 1 Robert L Boretti Jr (robb@us.ibm.com) Marvin Knight (knightm@us.ibm.com) Advisory Software Engineers 24 May 2011 Agenda Main Focus - TCP Packet Tracing What is TCP - general description

More information

Packet Sniffing with Wireshark and Tcpdump

Packet Sniffing with Wireshark and Tcpdump Packet Sniffing with Wireshark and Tcpdump Capturing, or sniffing, network traffic is invaluable for network administrators troubleshooting network problems, security engineers investigating network security

More information

Sniffer s Network Packet Analyzer. Basics

Sniffer s Network Packet Analyzer. Basics Sniffer s Network Packet Analyzer Basics Sniffer Network Analysis Range of techniques that network engineers and designers employ to study the properties of networks, including connectivity, capacity and

More information

Collecting information

Collecting information Mag. iur. Dr. techn. Michael Sonntag Collecting information E-Mail: sonntag@fim.uni-linz.ac.at http://www.fim.uni-linz.ac.at/staff/sonntag.htm Institute for Information Processing and Microprocessor Technology

More information

Networks and Security Lab. Network Forensics

Networks and Security Lab. Network Forensics Networks and Security Lab Network Forensics Network Forensics - continued We start off from the previous week s exercises and analyze each trace file in detail. Tools needed: Wireshark and your favorite

More information

HW 1 CS 356 Computer Networks

HW 1 CS 356 Computer Networks HW 1 CS 356 Computer Networks Instructions: VERY IMPORTANT. At the time this was put on the web page, I don t know if the TA will want PDF or paper copies. This will be announced in class/piazza. If copies

More information

Troubleshooting TCP/IP Networks with Wireshark

Troubleshooting TCP/IP Networks with Wireshark Troubleshooting TCP/IP Networks with Wireshark Eğitim Tipi ve Süresi: 5 Days VILT Troubleshooting TCP/IP Networks with Wireshark Learn to use Wireshark to troubleshoot TCP/IP networks while preparing for

More information

Analyze Traffic with Monitoring Interfaces and Packet Forwarding

Analyze Traffic with Monitoring Interfaces and Packet Forwarding Analyze Traffic with Monitoring Interfaces and Packet Forwarding Published: 2016-04-08 This guide explains how to configure an ExtraHop appliance to analyze network traffic using both monitoring interfaces

More information

Firewall Examples. Using a firewall to control traffic in networks

Firewall Examples. Using a firewall to control traffic in networks Using a firewall to control traffic in networks 1 1 Example Network 1 2 1.0/24 1.2.0/24.4 1.0.0/16 Rc 5.6 4.0/24 2 Consider this example internet which has: 6 subnets (blue ovals), each with unique network

More information

Wireshark Lab: DNS. 1. nslookup

Wireshark Lab: DNS. 1. nslookup Wireshark Lab: DNS Version: 2.0 2007 J.F. Kurose, K.W. Ross. All Rights Reserved Computer Networking: A Topdown Approach, 4 th edition. As described in Section 2.5 of the textbook, the Domain Name System

More information

New York University Computer Science Department Courant Institute of Mathematical Sciences

New York University Computer Science Department Courant Institute of Mathematical Sciences New York University Computer Science Department Courant Institute of Mathematical Sciences Course Title: Data Communication & Networks Course Number: g22.2662-001 Instructor: Jean-Claude Franchitti Session:

More information

Network Security: Workshop

Network Security: Workshop Network Security: Workshop Protocol Analyzer Network analysis is the process of capturing network traffic and inspecting it closely to determine what is happening on the network decodes,, or dissects,,

More information

Ethereal: Getting Started

Ethereal: Getting Started Ethereal: Getting Started Computer Networking: A Topdown Approach Featuring the Internet, 3 rd edition. Version: July 2005 2005 J.F. Kurose, K.W. Ross. All Rights Reserved Tell me and I forget. Show me

More information

Wireshark Lab: DNS v6.01

Wireshark Lab: DNS v6.01 Wireshark Lab: DNS v6.01 Supplement to Computer Networking: A Top- Down Approach, 6 th ed., J.F. Kurose and K.W. Ross Tell me and I forget. Show me and I remember. Involve me and I understand. Chinese

More information

Transport and Network Layer Protocols Lab TCP/IP

Transport and Network Layer Protocols Lab TCP/IP Transport and Network Layer Protocols Lab TCP/IP Name: Date Experiment Performed: Group Members: TCP/IP lab Version 1.3, February 2004-1 - PART I: Internet Protocol (IP) Objective Internet Protocols are

More information

Wireless Local Area Networks

Wireless Local Area Networks Wireless Local Area Networks Experiments for Bachelor Students of Mobile Communication Networks Course http://www.tu-ilmenau.de/iks/lehre/bachelor-studiengaenge/?event_id=11 Dr.-Ing. Florian Evers & Prof.

More information

Ethereal Lab: DNS. 1. nslookup

Ethereal Lab: DNS. 1. nslookup Ethereal Lab: DNS Version: July 2005 2005 J.F. Kurose, K.W. Ross. All Rights Reserved Computer Networking: A Topdown Approach Featuring the Internet, 3 rd edition. As described in Section 2.5 of the textbook,

More information

Lab Exercise SSL/TLS. Objective. Step 1: Open a Trace. Step 2: Inspect the Trace

Lab Exercise SSL/TLS. Objective. Step 1: Open a Trace. Step 2: Inspect the Trace Lab Exercise SSL/TLS Objective To observe SSL/TLS (Secure Sockets Layer / Transport Layer Security) in action. SSL/TLS is used to secure TCP connections, and it is widely used as part of the secure web:

More information

Introduction to Wireshark Network Analysis

Introduction to Wireshark Network Analysis Introduction to Wireshark Network Analysis Page 2 of 24 Table of Contents INTRODUCTION 4 Overview 4 CAPTURING LIVE DATA 5 Preface 6 Capture Interfaces 6 Capture Options 6 Performing the Capture 8 ANALYZING

More information

Citrix NetScaler Traffic Management CNS-220; 5 Days; Instructor-led

Citrix NetScaler Traffic Management CNS-220; 5 Days; Instructor-led Citrix NetScaler Traffic Management CNS-220; 5 Days; Instructor-led Course Description Designed for students with little or no previous NetScaler experience, this course is best suited for individuals

More information

Juniper NetScreen 5GT

Juniper NetScreen 5GT TheGreenBow IPSec VPN Client Configuration Guide Juniper NetScreen 5GT WebSite: Contact: http://www.thegreenbow.com support@thegreenbow.com Configuration Guide written by: Writer: Connected Team Company:

More information

Network Traffic Evolution. Prof. Anja Feldmann, Ph.D. Dr. Steve Uhlig

Network Traffic Evolution. Prof. Anja Feldmann, Ph.D. Dr. Steve Uhlig Network Traffic Evolution Prof. Anja Feldmann, Ph.D. Dr. Steve Uhlig 1 Example trace Name port % bytes % packets bytes per packet world-wide-web 80???????????? netnews 119???????????? pop-3 mail 110????????????...

More information

1. Whatdo you use? 2. Speed Tests?

1. Whatdo you use? 2. Speed Tests? Session Title: Network Traffic Analysis -- It's not just for fun anymore. Session Type: 50 Min. Breakout Session Presentation Day: Tuesday, February 11 Network Traffic Analysis It s not just for fun anymore.

More information

Introduction. Interoperability & Tools Group. Existing Network Packet Capture Tools. Challenges for existing tools. Microsoft Message Analyzer

Introduction. Interoperability & Tools Group. Existing Network Packet Capture Tools. Challenges for existing tools. Microsoft Message Analyzer Introduction Interoperability & Tools Group Existing Network Packet Capture Tools Challenges for existing tools Microsoft Message Analyzer Slide 2 Interop and Tools What we do Part of Windows Server Org

More information

Lab 1: Packet Sniffing and Wireshark

Lab 1: Packet Sniffing and Wireshark Lab 1: Packet Sniffing and Wireshark Fengwei Zhang Wayne State University CSC 5991 Cyber Security Prac@ce 1 Packet Sniffer Packet sniffer is a basic tool for observing network packet exchanges in a computer

More information

Network Forensics Network Traffic Analysis

Network Forensics Network Traffic Analysis Copyright: The development of this document is funded by Higher Education of Academy. Permission is granted to copy, distribute and /or modify this document under a license compliant with the Creative

More information

Attack Lab: Attacks on TCP/IP Protocols

Attack Lab: Attacks on TCP/IP Protocols Laboratory for Computer Security Education 1 Attack Lab: Attacks on TCP/IP Protocols Copyright c 2006-2009 Wenliang Du, Syracuse University. The development of this document is funded by the National Science

More information

Lab Exercise DNS. Objective. Requirements. Network Setup

Lab Exercise DNS. Objective. Requirements. Network Setup Lab Exercise DNS Objective DNS (Domain Name System) is the system and protocol that translates domain names to IP addresses and more. DNS is covered in 7.1 of your text. Review that section before doing

More information

HONE: Correlating Host activities to Network communications to produce insight

HONE: Correlating Host activities to Network communications to produce insight HONE: Correlating Host activities to Network communications to produce insight GLENN A. FINK, PH.D. Senior Scientist, Secure Cyber Systems SEAN STORY, PMP Project Manager, Software Engineering & Architectures

More information

To see the details of TCP (Transmission Control Protocol). TCP is the main transport layer protocol used in the Internet.

To see the details of TCP (Transmission Control Protocol). TCP is the main transport layer protocol used in the Internet. Lab Exercise TCP Objective To see the details of TCP (Transmission Control Protocol). TCP is the main transport layer protocol used in the Internet. The trace file is here: http://scisweb.ulster.ac.uk/~kevin/com320/labs/wireshark/trace-tcp.pcap

More information

COEN 445 Lab 9 Wireshark Lab: Ethernet and ARP. Claude Fachkha

COEN 445 Lab 9 Wireshark Lab: Ethernet and ARP. Claude Fachkha COEN 445 Lab 9 Wireshark Lab: Ethernet and ARP Claude Fachkha Introduction In this lab, we ll investigate the Ethernet protocol and the ARP protocol. Before beginning this lab, you ll probably want to

More information

EKT 332/4 COMPUTER NETWORK

EKT 332/4 COMPUTER NETWORK UNIVERSITI MALAYSIA PERLIS SCHOOL OF COMPUTER & COMMUNICATIONS ENGINEERING EKT 332/4 COMPUTER NETWORK LABORATORY MODULE LAB 2 NETWORK PROTOCOL ANALYZER (SNIFFING AND IDENTIFY PROTOCOL USED IN LIVE NETWORK)

More information

High-Speed Network Traffic Monitoring Using ntopng. Luca Deri @lucaderi

High-Speed Network Traffic Monitoring Using ntopng. Luca Deri @lucaderi High-Speed Network Traffic Monitoring Using ntopng Luca Deri @lucaderi Some History In 1998, the original ntop has been created. It was a C-based app embedding a web server able to capture traffic and

More information

Ethereal Exercise 1: Introduction to Ethereal

Ethereal Exercise 1: Introduction to Ethereal Course: Semester: ELE437 Ethereal Exercise 1: Introduction to Ethereal While the ELE437 course doesn t have a lab component, many of the experiences in lab-based courses can be done as homework assignments

More information

Internet Traffic Measurements. Exercise 4 Capturing and Analyzing Network Traffic. School of Electrical Engineering AALTO UNIVERSITY

Internet Traffic Measurements. Exercise 4 Capturing and Analyzing Network Traffic. School of Electrical Engineering AALTO UNIVERSITY Internet Traffic Measurements Exercise 4 Capturing and Analyzing Network Traffic School of Electrical Engineering AALTO UNIVERSITY Page 1 Contents Introduction... 2 Prerequisites... 2 Knowledge base...

More information

TMS Phone Books Troubleshoot Guide

TMS Phone Books Troubleshoot Guide TMS Phone Books Troubleshoot Guide Document ID: 118705 Contributed by Adam Wamsley and Magnus Ohm, Cisco TAC Engineers. Jan 05, 2015 Contents Introduction Prerequisites Requirements Components Used Related

More information

Network Monitoring. By: Delbert Thompson Network & Network Security Supervisor Basin Electric Power Cooperative

Network Monitoring. By: Delbert Thompson Network & Network Security Supervisor Basin Electric Power Cooperative Network Monitoring By: Delbert Thompson Network & Network Security Supervisor Basin Electric Power Cooperative Overview of network Logical network view Goals of Network Monitoring Determine overall health

More information

Solution of Exercise Sheet 5

Solution of Exercise Sheet 5 Foundations of Cybersecurity (Winter 15/16) Prof. Dr. Michael Backes CISPA / Saarland University saarland university computer science Protocols = {????} Client Server IP Address =???? IP Address =????

More information

The Transport Layer. Antonio Carzaniga. October 24, 2014. Faculty of Informatics University of Lugano. 2005 2007 Antonio Carzaniga

The Transport Layer. Antonio Carzaniga. October 24, 2014. Faculty of Informatics University of Lugano. 2005 2007 Antonio Carzaniga The Transport Layer Antonio Carzaniga Faculty of Informatics University of Lugano October 24, 2014 Outline Basic concepts in transport-layer protocols Multiplexing/demultiplexing UDP message format Reliable

More information

VisuSniff: A Tool For The Visualization Of Network Traffic

VisuSniff: A Tool For The Visualization Of Network Traffic VisuSniff: A Tool For The Visualization Of Network Traffic Rainer Oechsle University of Applied Sciences, Trier Postbox 1826 D-54208 Trier +49/651/8103-508 oechsle@informatik.fh-trier.de Oliver Gronz University

More information

Network Agent Quick Start

Network Agent Quick Start Network Agent Quick Start Topic 50500 Network Agent Quick Start Updated 17-Sep-2013 Applies To: Web Filter, Web Security, Web Security Gateway, and Web Security Gateway Anywhere, v7.7 and 7.8 Websense

More information

Attack Lab: Attacks on TCP/IP Protocols

Attack Lab: Attacks on TCP/IP Protocols Laboratory for Computer Security Education 1 Attack Lab: Attacks on TCP/IP Protocols Copyright c 2006-2010 Wenliang Du, Syracuse University. The development of this document is funded by the National Science

More information

Wireshark Lab: DNS v6.01

Wireshark Lab: DNS v6.01 Wireshark Lab: DNS v6.01 Supplement to Computer Networking: A Top-Down Approach, 6 th ed., J.F. Kurose and K.W. Ross Tell me and I forget. Show me and I remember. Involve me and I understand. Chinese proverb

More information

How to Make the Client IP Address Available to the Back-end Server

How to Make the Client IP Address Available to the Back-end Server How to Make the Client IP Address Available to the Back-end Server For Layer 4 - UDP and Layer 4 - TCP services, the actual client IP address is passed to the server in the TCP header. No further configuration

More information

It s not likely that you ll run into someone working in information

It s not likely that you ll run into someone working in information ISSA The Global Voice of Information Security toolsmith Security Analysis with Wireshark By Russ McRee It s not likely that you ll run into someone working in information security who hasn t heard of Ethereal.

More information

Network Monitoring Tool with LAMP Architecture

Network Monitoring Tool with LAMP Architecture Network Monitoring Tool with LAMP Architecture Shuchi Sharma KIIT College of Engineering Gurgaon, India Dr. Rajesh Kumar Tyagi JIMS, Vasant Kunj New Delhi, India Abstract Network Monitoring Tool enables

More information

Packet Level Traffic Visualisation: The Network Lava Lamp. Jamie Curtis, Richard Nelson University of Waikato, New Zealand APRICOT 2007

Packet Level Traffic Visualisation: The Network Lava Lamp. Jamie Curtis, Richard Nelson University of Waikato, New Zealand APRICOT 2007 Packet Level Traffic Visualisation: The Network Lava Lamp Jamie Curtis, Richard Nelson University of Waikato, New Zealand APRICOT 2007 3 February 2007 The most important part.. what does our visualisation

More information

Lab 3.4.2: Managing a Web Server

Lab 3.4.2: Managing a Web Server Topology Diagram Addressing Table Device Interface IP Address Subnet Mask Default Gateway R1-ISP R2-Central S0/0/0 10.10.10.6 255.255.255.252 N/A Fa0/0 192.168.254.253 255.255.255.0 N/A S0/0/0 10.10.10.5

More information

Linksys RV042. TheGreenBow IPSec VPN Client. Configuration Guide. http://www.thegreenbow.com support@thegreenbow.com

Linksys RV042. TheGreenBow IPSec VPN Client. Configuration Guide. http://www.thegreenbow.com support@thegreenbow.com TheGreenBow IPSec VPN Client Configuration Guide Linksys RV042 WebSite: Contact: http://www.thegreenbow.com support@thegreenbow.com Configuration Guide written by: Writer: TheGreenBow Support Team Company:

More information

Snoopy. Objective: Equipment Needed. Background. Procedure. Due Date: Nov 1 Points: 25 Points

Snoopy. Objective: Equipment Needed. Background. Procedure. Due Date: Nov 1 Points: 25 Points Snoopy Due Date: Nov 1 Points: 25 Points Objective: To gain experience intercepting/capturing HTTP/TCP traffic on a network. Equipment Needed Use the Ubuntu OS that you originally downloaded from the course

More information

Lab Hours. We need to allocate 3 hours in this week for hands-on lab hours ( Nov 13 th 14:10-17:00).

Lab Hours. We need to allocate 3 hours in this week for hands-on lab hours ( Nov 13 th 14:10-17:00). Lab Hours We need to allocate 3 hours in this week for hands-on lab hours ( Nov 13 th 14:10-17:00). 17:00). The instructor will set up the SIP server. Every student will bring a labtop or desktop PC and

More information

DNS (Domain Name System) is the system & protocol that translates domain names to IP addresses.

DNS (Domain Name System) is the system & protocol that translates domain names to IP addresses. Lab Exercise DNS Objective DNS (Domain Name System) is the system & protocol that translates domain names to IP addresses. Step 1: Analyse the supplied DNS Trace Here we examine the supplied trace of a

More information

Websense Web Security Gateway: What to do when a Web site does not load as expected

Websense Web Security Gateway: What to do when a Web site does not load as expected Websense Web Security Gateway: What to do when a Web site does not load as expected Websense Support Webinar November 2011 web security data security email security Support Webinars 2009 Websense, Inc.

More information

Network Traffic Analysis

Network Traffic Analysis 2013 Network Traffic Analysis Gerben Kleijn and Terence Nicholls 6/21/2013 Contents Introduction... 3 Lab 1 - Installing the Operating System (OS)... 3 Lab 2 Working with TCPDump... 4 Lab 3 - Installing

More information

Question: 3 When using Application Intelligence, Server Time may be defined as.

Question: 3 When using Application Intelligence, Server Time may be defined as. 1 Network General - 1T6-521 Application Performance Analysis and Troubleshooting Question: 1 One component in an application turn is. A. Server response time B. Network process time C. Application response

More information

Computer Networks/DV2 Lab

Computer Networks/DV2 Lab Computer Networks/DV2 Lab Room: BB 219 Additional Information: http://www.fb9dv.uni-duisburg.de/ti/en/education/teaching/ss13/netlab Equipment for each group: - 1 Server computer (OS: Windows Server 2008

More information

Overview - Using ADAMS With a Firewall

Overview - Using ADAMS With a Firewall Page 1 of 6 Overview - Using ADAMS With a Firewall Internet security is becoming increasingly important as public and private entities connect their internal networks to the Internet. One of the most popular

More information

Large-Scale TCP Packet Flow Analysis for Common Protocols Using Apache Hadoop

Large-Scale TCP Packet Flow Analysis for Common Protocols Using Apache Hadoop Large-Scale TCP Packet Flow Analysis for Common Protocols Using Apache Hadoop R. David Idol Department of Computer Science University of North Carolina at Chapel Hill david.idol@unc.edu http://www.cs.unc.edu/~mxrider

More information

ntopng: Realtime Network Traffic View

ntopng: Realtime Network Traffic View ntopng: Realtime Network Traffic View Luca Deri 3/28/14 1 ntop in 1998 In 1998, the original ntop has been created. Available for Unix and Windows under GPL. Contrary to many tools available

More information

Java Secure Application Manager

Java Secure Application Manager Java Secure Application Manager How-to Introduction:...1 Overview:...1 Operation:...1 Example configuration:...2 JSAM Standard application support:...6 a) Citrix Web Interface for MetaFrame (NFuse Classic)...6

More information

19. Exercise: CERT participation in incident handling related to the Article 13a obligations

19. Exercise: CERT participation in incident handling related to the Article 13a obligations CERT Exercises Handbook 223 223 19. Exercise: CERT participation in incident handling related to the Article 13a obligations Main Objective Targeted Audience Total Duration This exercise provides students

More information

3. MONITORING AND TESTING THE ETHERNET NETWORK

3. MONITORING AND TESTING THE ETHERNET NETWORK 3. MONITORING AND TESTING THE ETHERNET NETWORK 3.1 Introduction The following parameters are covered by the Ethernet performance metrics: Latency (delay) the amount of time required for a frame to travel

More information

Network Probe. Figure 1.1 Cacti Utilization Graph

Network Probe. Figure 1.1 Cacti Utilization Graph Network Probe Description The MCNC Client Network Engineering group will install several open source network performance management tools on a computer provided by the LEA or charter school to build a

More information