Sniffing. Michael Sonntag Institute for Information processing and microprocessor technology (FIM) Johannes Kepler University Linz, Austria
|
|
- Ariel Sherman
- 7 years ago
- Views:
Transcription
1 Sniffing Michael Sonntag Institute for Information processing and microprocessor technology (FIM) Johannes Kepler University Linz, Austria 1
2 What is a "Sniffer"? Devices or programs, which capture or copy data packets Theory: A "receive-only" device Practice: Most software sends e.g. DNS lookups to decode IP addresses, The "sniffed" packets are then analyzed later on (= packet analysis) I.e. you don't see (only) a bit/byte stream, but a TCP packet or an HTTP stream These are also called wiretap programs In "old" times this was used for phones by attaching wires to the telephone lines Why would you use them? Professional products network management, finding problems, Will copy everything and can filter according to various expressions Underground products Intrusions, hacking Will automatically filter out passwords Sniffing,
3 Threats to network traffic: Interruption Information Source Normal Flow Information Destination Normal Flow Normal process of transmitting data Information Source Interruption Information Destination Interruption E.g. failure of a switch/router, Denial of Service attack,... Copeland J. Computer Network Security, Sniffing,
4 Threats to network traffic: Fabrication Information Source Normal Flow Information Destination Normal Flow Normal process of transmitting data Information Source Fabrication Information Destination Fabrication E.g. packet construction Different source address than it actually should have Copeland J. Computer Network Security, Sniffing,
5 Threats to network traffic: Interception Information Source Normal Flow Information Destination Normal Flow Normal process of transmitting data Information Source Interception Information Destination Interception E.g. packet sniffer Copeland J. Computer Network Security, Sniffing,
6 Threats to network traffic: Modification Information Source Normal Flow Information Destination Normal Flow Normal process of transmitting data Information Source Modification Information Destination Modification E.g. content scanner, proxy Copeland J. Computer Network Security, Sniffing,
7 Protocol analysis Definitions: Protocol Analysis is the process of capturing network traffic (with sniffing programs) and looking at it closely in order to figure out what is going on. [Graham_Sniff_2000] A protocol analyzer interprets the sniffed packets and interprets ist fields (according to the protocols). Renders interpreting the result of sniffing much easier (or even possible)! Sniffing,
8 Sniffer example: Wireshark Sniffed, copied, and analyzed traffic Decoded single packet (on different levels) Full binary view of single packet Sniffing,
9 Areas of use Automatic sifting the traffic for cleartext passwords and usernames Copying the communication between certain entities (if in readable format) Normally: Persons. But may also be devices or programs E.g. reverse engineering of protocols Error analysis to discover/analyze/solve network problems E.g. to frequent topology changes (TCs) with STP (Spanning Tree Protocol) Performance analysis for locating bottlenecks Network Intrusion Detection to discover hacks/intruders Network Traffic Logging to generate logs a hacker cannot modify or delete On a system with read-only connection to the network; but: Crashing (Ping of Death)? Sniffing,
10 Classification of sniffers Breadth of functionality Universal sniffers (all / many protocols) Protocol-specific sniffers (e.g. only IP, only FTP / WWW /...) Depth of functionality How detailed the data/packets are analyzed Integrated specific functions, e.g. password sniffing Area of use Standalone Distributed (with central management/reporting/analysis system) or remote Detection/evasion measures MAC-Filter in sniffer software,... Sniffing,
11 Broadcast networks Intranets / LANs are often broadcast networks Because they employ Ethernet Broadcast means, that every sender pushes its data into the network and hopes (relies on), that only the intended recipient will read it Ethernet is a shared medium, i.e. from a logical view all clients are connected to a single medium (cable) Ethernet is based on collision detection (CSMA/CD). All segments connected by a hub build a SINGLE collision domain "But we use switches" This is good, but doesn't prevent problems You can still attack the switch so it acts like a hub (or other attacks) Sniffing,
12 Anatomy of an Ethernet frame preamble destination address source address typ/ len L L C S N A P data FCS Preamble: Synchronization of clocks, Also includes the "Start Frame Delimiter" Destination and source address are hardware addresses (=MAC addresses) Example: C-C3-FE EtherType or length: Indicates which protocol is encapsulated within LLC/SNAP/VLAN-Tag Note: Many NICs strip the VLAN tag so you can't see it Depends also on driver! Payload data FCS (Frame Check Sequence): CRC for error checking Sniffing,
13 MAC addresses (1) MAC = Media Access Control 48 Bit Ethernet MAC address The first Bit marks unicast addresses (0) resp. multicast addresses (1) If the second Bit is 0, the next 22 Bits identify the producer as OUI (=Organisationally Unique Identifier), who then manages the next 24 Bits himself. The uniqueness of these MAC addresses is essential for correct working in a LAN! Note: Outside of a LAN duplicates may exist, but can again produce problems Many identifiers are created based on the assumption of MAC addresses being worldwide unique, e.g. GUUIDs List of vendor / OUI codes: Special (destination) MAC address: Broadcast: FF-FF-FF-FF-FF-FF Sniffing,
14 MAC addresses (2) Identify your own MAC address: Windows >=XP: ipconfig /all or netsh Unix/Linux: ifconfig List the IP addresses in the local net which you are currently communicating with (via IP) : arp a Note: "Other" addresses might appear too, which "nearby" computer comm. with On switches, routers hp# show arp hp# show mac MAC addresses should be unique, but with most modern hardware spoofing is possible quite easily You cannot rely on them to be correct Changes through software or Re-Burn of the EEPROM Sniffing,
15 Filtering in the protocol stack Each layer of the protocol stack filters out that part of the traffic not destined for this system Aim: Get rid of unnecessary traffic as early as possible Goal: Reduce the amount of work necessary Application Presentation Session UDP/TCP (Transport) IP (Network) NIC Driver (Data Link) NIC (Physical) Discard Discard Discard Discard Sniffing,
16 How can a sniffer just "listen in"? The Ethernet hardware contains a filter, which normally drops any traffic not directed to this device (and not a broadcast): MAC filter Promiscuous Mode Sniffer switches the hardware (network device) to the promiscuous mode This turns off the MAC filter and consequently all of the traffic is delivered to the upper layers and potentially available If not filtered there! If this is a shared medium this is the complete traffic within a collision domain! Note: The load will be much higher, as every packet must be handled! "But shared mediums don't exist any more" Wrong: WLAN is a typical example! Sniffing,
17 Promiscuous mode Filtered traffic NIC (MAC filter) All traffic NIC (Promiscuous mode) Discard Discard nothing During normal operation the NIC drops (discards) traffic not for this system based on MAC addresses In promiscuous mode this filter is switched off All traffic will be passed on (up) and nothing is discarded Sniffing,
18 Components of a sniffer Hardware Capture driver Buffer Realtime analysis Decode Additional functionality: Packet editing (Re-)Transmission Specialty: Don't send anything Capture driver Promiscuous mode Application Presentation Session Transport Network Data Link Physical Sniffing,
19 Basic structure of a sniffer Display Capture Buffer Capture Filter Packet Decoder Display Filter Network Driver+ (Capture Driver) NIC (Promiscuous Mode) Realtime Analysis Border for distributed sniffing Sniffing,
20 Places to sniff (1) A hacker has the following options to listen in on the communication between two clients: Passive methods The attacker must only "plug in" the sniffer and can immediately access all data If you are one of the clients, this is always possible Useless? No! SW might hide a lot of details which you might be interested in! Active methods The attacker must actively do something because of the network architecture E.g. switches; these don not broadcast all traffic Disadvantage: He produces traffic this might be noticed! Local versus distributed sniffing Sniffing,
21 Places to sniff (2) active Route redirection Route redirection Intranet L-1 L-3 Internet L-3 L-2 Intranet Client ISP Router Client Sniff on the client Sniff in the LAN (HUB) Sniff at the ISP passive Sniffing,
22 Sniffing in WLANs WLAN = Wireless LAN Danger: Circumvention of firewall Just sniff from "outside" (e.g. the building) Signal distance: approx m But: With special antennas (e.g. parabolic antennas) reception from even longer distances become possible Countermeasures: MAC filtering: Allow allowing the "known good" MAC addresses to connect Why is this deficient on several levels? Think! En cryption Old: WEP = Wired Equivalent Privacy IPSec Not integrated (manually possible very good)! Newer standards i with WPA-2 (TKIP, AES, 802.1x,...) Sniffing,
23 Defending against sniffers Encryption (SSL, VPNs, PGP, SSH,...) Do not use broadcast networks, especially not WLANs Physical security for wires and equipment (switches) To prevent hardware manipulation Making the collision domains smaller Splitting on layer 2 Switches for the local network Will only help against "amateur hackers" Several attacks are still possible, e.g. ARP spoofing or flooding the switch so it will behave like a hub VLANs help, but it depends on how switches finds out assignment port VLAN Splitting on layer 3 Using routers And potentially also firewalls Sniffing,
24 Detecting sniffers Theoretically (solely passive sniffers) impossible, but Practically very often possible, because: Sniffers cause traffic distributed /remote sniffers communicate with each other/the server And these are the ones hacker will use when installing them remotely They use active methods (ARP spoofing,...) Perform reverse DNS lookups Sniffer detectors employ active methods (Decoys,...) Sniffer still suffer from bugs or peculiarities of their network stack The best method to detect sniffers, is to use a sniffer! Ping method, ARP method, DNS method, Note: Local sniffers (on the same computer) can be detected typically easily! Sniffing,
25 ex Detecting sniffers Sending special traffic to the network where sniffing is suspected Computers sniffing are hopefully acting differently than all other computers Victim L Host running sniffer detection Suspicious of sniffing Sniffing,
26 Detection: Ping method Assumption: A client with the IP and MAC C-C4-FE is under suspicion of employing a sniffer We are on the same Ethernet segment We construct a special ping packet (ICMP Echo Request) with following data: IP: A lightly modified MAC: C-C4-FD Theoretically nobody should answer to this ping, as the MAC address in it does not exist But a client in promiscuous mode looks at the packet and will (often) answer to it Why? Not filtered based on MAC ( Sniffing!), IP address is correct Answer Sniffing,
27 Detection: DNS method Create a packet with both a non-existing MAC and a non-existing IP address Send it out on the network where a sniffer is suspected to be running Any "normal" computer will ignore it, as it is not for him ( wrong MAC) The network should remain completely "silent" But a sniffer will inspect the packet and, hopefully, try to resolve the IP address in it to its hostname This DNS request is noted and shows that a sniffer exists (and who it is) Disadvantage: Will only work if the sniffer "cooperates", i.e. resolves IP addresses/names If it is completely passive, i.e. really only listening, this won't work! Sniffing,
28 Detection: ARP test Prerequisite: In the same Ethernet segment (local network) Prepare an ARP request (Almost) All systems react on receiving an ARP request Modify the destination for the ARP request In the layer 2 frame Instead of the broadcast address ffffff-ffffff use e.g. ffffff-fffffe If a computer answers, the NIC is probably in promiscuous mode This doesn't necessary mean that a sniffer is present, but it is very likely! Normal computers would not answer, as they only check for their own MAC address and the "real" broadcast address (all FFs) Other option: Send FF:00:00:00:00:00 Standard Windows NIC drivers (at least older ones) inspect only the first byte to find out whether a packet is a broadcast or not Sniffing,
29 But what to do in these cases? There is no protocol bound to the Sniffing Interface There will be no reaction at all to ARPs, pings,! Better method required! Dedicated wiretap-hardware Switch with mirroring functionality "Monitoring port", etc. Sniffing,
30 Detecting sniffers: AntiSniff No sniffer active Sniffing,
31 Detecting sniffers: AntiSniff Sniffer seems to be running! ARP test is positive Sniffing,
32 "Endangered species (protocols)" You cannot tell too often: All these protocols transmit passwords (or important data) unencrypted! Telnet, rlogin http (without TLS/SSL) SNMP (passwords), DNS (unsecured data very important for attackers) SMTP, POP, IMAP NNTP, FTP For most of these protocols secure alternatives already exist (TLS for HTTP, PGP with POP/IMAP/SMTP, ) But you have to use them! Also: "External = HTTPS, Internal = HTTP" Is this a good policy? An attacker might have a sniffer on the inside too Sniffing,
33 Summary Sniffing = Interception = Listening is a very dangerous technique You can get a lot of information without having to hack a computer Most of the techniques will not show up in any logs Therefore the following aspect are important: Encryption is important against sniffing Perhaps even locally: Try to use secure protocols also within your local network! Sniffing alone is very difficult, unless extended by active techniques If someone can tamper with your glass fibre cables, you're out of luck anyway! Investigate your equipment: Switches often support various forms of protection Lockdown, static assignments ( management issues!), DNS snooping, Partition your network: Routers, VLANs, Sniffing,
34 Thank you for your attention! Michael Sonntag Institute for Information processing and microprocessor technology (FIM) Johannes Kepler University Linz, Austria 34
Intrusion Detection, Packet Sniffing
Intrusion Detection, Packet Sniffing By : Eng. Ayman Amaireh Supervisor :Dr.: Lo'ai Tawalbeh New York Institute of Technology (NYIT)- Jordan s s campus-2006 12/2/2006 eng Ayman 1 What is a "packet sniffer"?
More informationPacket Sniffer Detection with AntiSniff
Ryan Spangler University of Wisconsin - Whitewater Department of Computer and Network Administration May 2003 Abstract Packet sniffing is a technique of monitoring every packet that crosses the network.
More informationLab VI Capturing and monitoring the network traffic
Lab VI Capturing and monitoring the network traffic 1. Goals To gain general knowledge about the network analyzers and to understand their utility To learn how to use network traffic analyzer tools (Wireshark)
More informationBASIC ANALYSIS OF TCP/IP NETWORKS
BASIC ANALYSIS OF TCP/IP NETWORKS INTRODUCTION Communication analysis provides powerful tool for maintenance, performance monitoring, attack detection, and problems fixing in computer networks. Today networks
More informationA Research Study on Packet Sniffing Tool TCPDUMP
A Research Study on Packet Sniffing Tool TCPDUMP ANSHUL GUPTA SURESH GYAN VIHAR UNIVERSITY, INDIA ABSTRACT Packet sniffer is a technique of monitoring every packet that crosses the network. By using this
More informationPacket Sniffers Submitted in partial fulfillment of the requirement for the award of degree Of MCA
A Seminar report On Packet Sniffers Submitted in partial fulfillment of the requirement for the award of degree Of MCA SUBMITTED TO: www.studymafia.org SUBMITTED BY: www.studymafia.org Preface I have made
More informationCourse Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network.
Course Name: TCP/IP Networking Course Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network. TCP/IP is the globally accepted group of protocols
More informationINTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY
INTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY A PATH FOR HORIZING YOUR INNOVATIVE WORK PACKET SNIFFING MS. SONALI A. KARALE 1, MS. PUNAM P. HARKUT 2 HVPM COET Amravati.
More informationTopics in Network Security
Topics in Network Security Jem Berkes MASc. ECE, University of Waterloo B.Sc. ECE, University of Manitoba www.berkes.ca February, 2009 Ver. 2 In this presentation Wi-Fi security (802.11) Protecting insecure
More informationSecuring end devices
Securing end devices Securing the network edge is already covered. Infrastructure devices in the LAN Workstations Servers IP phones Access points Storage area networking (SAN) devices. Endpoint Security
More informationGuide to Network Defense and Countermeasures Third Edition. Chapter 2 TCP/IP
Guide to Network Defense and Countermeasures Third Edition Chapter 2 TCP/IP Objectives Explain the fundamentals of TCP/IP networking Describe IPv4 packet structure and explain packet fragmentation Describe
More informationA host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.
A firewall is a software- or hardware-based network security system that allows or denies network traffic according to a set of rules. Firewalls can be categorized by their location on the network: A network-based
More informationNetwork Security: Workshop
Network Security: Workshop Protocol Analyzer Network analysis is the process of capturing network traffic and inspecting it closely to determine what is happening on the network decodes,, or dissects,,
More informationSecurity+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security
Security+ Guide to Network Security Fundamentals, Fourth Edition Chapter 6 Network Security Objectives List the different types of network security devices and explain how they can be used Define network
More informationLinux Network Security
Linux Network Security Course ID SEC220 Course Description This extremely popular class focuses on network security, and makes an excellent companion class to the GL550: Host Security course. Protocols
More informationTCP/IP Security Problems. History that still teaches
TCP/IP Security Problems History that still teaches 1 remote login without a password rsh and rcp were programs that allowed you to login from a remote site without a password The.rhosts file in your home
More informationCCNA R&S: Introduction to Networks. Chapter 5: Ethernet
CCNA R&S: Introduction to Networks Chapter 5: Ethernet 5.0.1.1 Introduction The OSI physical layer provides the means to transport the bits that make up a data link layer frame across the network media.
More informationCCT vs. CCENT Skill Set Comparison
Operation of IP Data Networks Recognize the purpose and functions of various network devices such as Routers, Switches, Bridges and Hubs Select the components required to meet a given network specification
More informationOverview. Securing TCP/IP. Introduction to TCP/IP (cont d) Introduction to TCP/IP
Overview Securing TCP/IP Chapter 6 TCP/IP Open Systems Interconnection Model Anatomy of a Packet Internet Protocol Security (IPSec) Web Security (HTTP over TLS, Secure-HTTP) Lecturer: Pei-yih Ting 1 2
More informationComputer Networks/DV2 Lab
Computer Networks/DV2 Lab Room: BB 219 Additional Information: http://www.fb9dv.uni-duisburg.de/ti/en/education/teaching/ss08/netlab Equipment for each group: - 1 Server computer (OS: Windows 2000 Advanced
More informationCTS2134 Introduction to Networking. Module 8.4 8.7 Network Security
CTS2134 Introduction to Networking Module 8.4 8.7 Network Security Switch Security: VLANs A virtual LAN (VLAN) is a logical grouping of computers based on a switch port. VLAN membership is configured by
More informationWireless Networks. Welcome to Wireless
Wireless Networks 11/1/2010 Wireless Networks 1 Welcome to Wireless Radio waves No need to be physically plugged into the network Remote access Coverage Personal Area Network (PAN) Local Area Network (LAN)
More informationGeneral Network Security
4 CHAPTER FOUR General Network Security Objectives This chapter covers the following Cisco-specific objectives for the Identify security threats to a network and describe general methods to mitigate those
More informationHow To Understand and Configure Your Network for IntraVUE
How To Understand and Configure Your Network for IntraVUE Summary This document attempts to standardize the methods used to configure Intrauve in situations where there is little or no understanding of
More informationAdvanced Higher Computing. Computer Networks. Homework Sheets
Advanced Higher Computing Computer Networks Homework Sheets Topic : Network Protocols and Standards. Name the organisation responsible for setting international standards and explain why network standards
More information1 Data information is sent onto the network cable using which of the following? A Communication protocol B Data packet
Review questions 1 Data information is sent onto the network cable using which of the following? A Communication protocol B Data packet C Media access method D Packages 2 To which TCP/IP architecture layer
More information7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?
7 Network Security 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework 7.4 Firewalls 7.5 Absolute Security? 7.1 Introduction Security of Communications data transport e.g. risk
More informationNetwork Security. Tampere Seminar 23rd October 2008. Overview Switch Security Firewalls Conclusion
Network Security Tampere Seminar 23rd October 2008 1 Copyright 2008 Hirschmann 2008 Hirschmann Automation and and Control GmbH. Contents Overview Switch Security Firewalls Conclusion 2 Copyright 2008 Hirschmann
More informationBuilding Secure Network Infrastructure For LANs
Building Secure Network Infrastructure For LANs Yeung, K., Hau; and Leung, T., Chuen Abstract This paper discusses the building of secure network infrastructure for local area networks. It first gives
More informationPromiscuous Monitoring in Ethernet and Wi-Fi Networks
Promiscuous Monitoring in Ethernet and Wi-Fi Networks Executive Summary This white paper examines the problems related to the deployment and usage of software-based network monitoring solutions in wired
More informationESSENTIALS. Understanding Ethernet Switches and Routers. April 2011 VOLUME 3 ISSUE 1 A TECHNICAL SUPPLEMENT TO CONTROL NETWORK
VOLUME 3 ISSUE 1 A TECHNICAL SUPPLEMENT TO CONTROL NETWORK Contemporary Control Systems, Inc. Understanding Ethernet Switches and Routers This extended article was based on a two-part article that was
More informationCUSTOMIZED ASSESSMENT BLUEPRINT COMPUTER SYSTEMS NETWORKING PA. Test Code: 8148 Version: 01
CUSTOMIZED ASSESSMENT BLUEPRINT COMPUTER SYSTEMS NETWORKING PA Test Code: 8148 Version: 01 Specific competencies and skills tested in this assessment: Personal and Environmental Safety Wear personal protective
More informationWiFi Security Assessments
WiFi Security Assessments Robert Dooling Dooling Information Security Defenders (DISD) December, 2009 This work is licensed under a Creative Commons Attribution 3.0 Unported License. Table of Contents
More informationSSVP SIP School VoIP Professional Certification
SSVP SIP School VoIP Professional Certification Exam Objectives The SSVP exam is designed to test your skills and knowledge on the basics of Networking and Voice over IP. Everything that you need to cover
More informationSession Hijacking Exploiting TCP, UDP and HTTP Sessions
Session Hijacking Exploiting TCP, UDP and HTTP Sessions Shray Kapoor shray.kapoor@gmail.com Preface With the emerging fields in e-commerce, financial and identity information are at a higher risk of being
More informationCOMPUTER NETWORK TECHNOLOGY (40)
PAGE 1 OF 9 CONTESTANT ID# Time Rank COMPUTER NETWORK TECHNOLOGY (40) Regional 2012 TOTAL POINTS (450) Failure to adhere to any of the following rules will result in disqualification: 1. Contestant must
More information12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust
Security in Wireless LANs and Mobile Networks Wireless Magnifies Exposure Vulnerability Information going across the wireless link is exposed to anyone within radio range RF may extend beyond a room or
More informationOutline. CSc 466/566. Computer Security. 18 : Network Security Introduction. Network Topology. Network Topology. Christian Collberg
Outline Network Topology CSc 466/566 Computer Security 18 : Network Security Introduction Version: 2012/05/03 13:59:29 Department of Computer Science University of Arizona collberg@gmail.com Copyright
More informationOverview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs
Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Why Network Security? Keep the bad guys out. (1) Closed networks
More informationTechnical Support Information Belkin internal use only
The fundamentals of TCP/IP networking TCP/IP (Transmission Control Protocol / Internet Protocols) is a set of networking protocols that is used for communication on the Internet and on many other networks.
More informationCOMPUTER NETWORK TECHNOLOGY (300)
Page 1 of 10 Contestant Number: Time: Rank: COMPUTER NETWORK TECHNOLOGY (300) REGIONAL 2014 TOTAL POINTS (500) Failure to adhere to any of the following rules will result in disqualification: 1. Contestant
More informationThis Lecture. The Internet and Sockets. The Start 1969. If everyone just sends a small packet of data, they can all use the line at the same.
This Lecture The Internet and Sockets Computer Security Tom Chothia How the Internet works. Some History TCP/IP Some useful network tools: Nmap, WireShark Some common attacks: The attacker controls the
More informationProtocols and Architecture. Protocol Architecture.
Protocols and Architecture Protocol Architecture. Layered structure of hardware and software to support exchange of data between systems/distributed applications Set of rules for transmission of data between
More informationPost-Class Quiz: Telecommunication & Network Security Domain
1. What type of network is more likely to include Frame Relay, Switched Multi-megabit Data Services (SMDS), and X.25? A. Local area network (LAN) B. Wide area network (WAN) C. Intranet D. Internet 2. Which
More informationCMPT 471 Networking II
CMPT 471 Networking II Firewalls Janice Regan, 2006-2013 1 Security When is a computer secure When the data and software on the computer are available on demand only to those people who should have access
More informationNetworks: IP and TCP. Internet Protocol
Networks: IP and TCP 11/1/2010 Networks: IP and TCP 1 Internet Protocol Connectionless Each packet is transported independently from other packets Unreliable Delivery on a best effort basis No acknowledgments
More informationIP Networking. Overview. Networks Impact Daily Life. IP Networking - Part 1. How Networks Impact Daily Life. How Networks Impact Daily Life
Overview Dipl.-Ing. Peter Schrotter Institute of Communication Networks and Satellite Communications Graz University of Technology, Austria Fundamentals of Communicating over the Network Application Layer
More information20-CS-6053-00X Network Security Spring, 2014. An Introduction To. Network Security. Week 1. January 7
20-CS-6053-00X Network Security Spring, 2014 An Introduction To Network Security Week 1 January 7 Attacks Criminal: fraud, scams, destruction; IP, ID, brand theft Privacy: surveillance, databases, traffic
More informationZarząd (7 osób) F inanse (13 osób) M arketing (7 osób) S przedaż (16 osób) K adry (15 osób)
QUESTION NO: 8 David, your TestKing trainee, asks you about basic characteristics of switches and hubs for network connectivity. What should you tell him? A. Switches take less time to process frames than
More informationConsiderations In Developing Firewall Selection Criteria. Adeptech Systems, Inc.
Considerations In Developing Firewall Selection Criteria Adeptech Systems, Inc. Table of Contents Introduction... 1 Firewall s Function...1 Firewall Selection Considerations... 1 Firewall Types... 2 Packet
More informationNetworking Basics and Network Security
Why do we need networks? Networking Basics and Network Security Shared Data and Functions Availability Performance, Load Balancing What is needed for a network? ISO 7-Layer Model Physical Connection Wired:
More informationWireless Encryption Protection
Wireless Encryption Protection We re going to jump around a little here and go to something that I really find interesting, how do you secure yourself when you connect to a router. Now first and foremost
More informationInternet Control Protocols Reading: Chapter 3
Internet Control Protocols Reading: Chapter 3 ARP - RFC 826, STD 37 DHCP - RFC 2131 ICMP - RFC 0792, STD 05 1 Goals of Today s Lecture Bootstrapping an end host Learning its own configuration parameters
More informationOverview. Summary of Key Findings. Tech Note PCI Wireless Guideline
Overview The following note covers information published in the PCI-DSS Wireless Guideline in July of 2009 by the PCI Wireless Special Interest Group Implementation Team and addresses version 1.2 of the
More informationCSE331: Introduction to Networks and Security. Lecture 6 Fall 2006
CSE331: Introduction to Networks and Security Lecture 6 Fall 2006 Open Systems Interconnection (OSI) End Host Application Reference model not actual implementation. Transmits messages (e.g. FTP or HTTP)
More informationIntroduction on Low level Network tools
Georges Da Costa dacosta@irit.fr http: //www.irit.fr/~georges.da-costa/cours/addis/ 1 Introduction 2 Aircrack-ng 3 Wireshark Low level tools Hacking tools Aircrack-ng (ex Aircrack, ex Airsnort) WEP/WPA
More informationNetworking Test 4 Study Guide
Networking Test 4 Study Guide True/False Indicate whether the statement is true or false. 1. IPX/SPX is considered the protocol suite of the Internet, and it is the most widely used protocol suite in LANs.
More informationWIRELESS SECURITY. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006
WIRELESS SECURITY Information Security in Systems & Networks Public Development Program Sanjay Goel University at Albany, SUNY Fall 2006 1 Wireless LAN Security Learning Objectives Students should be able
More informationCollecting information
Mag. iur. Dr. techn. Michael Sonntag Collecting information E-Mail: sonntag@fim.uni-linz.ac.at http://www.fim.uni-linz.ac.at/staff/sonntag.htm Institute for Information Processing and Microprocessor Technology
More informationNetworking: EC Council Network Security Administrator NSA
coursemonster.com/uk Networking: EC Council Network Security Administrator NSA View training dates» Overview The EC-Council's NSA certification looks at network security from a defensive view. The NSA
More informationFirewalls. Chapter 3
Firewalls Chapter 3 1 Border Firewall Passed Packet (Ingress) Passed Packet (Egress) Attack Packet Hardened Client PC Internet (Not Trusted) Hardened Server Dropped Packet (Ingress) Log File Internet Border
More information2. HOW PACKET SNIFFER WORKS
An Approach to Detect Packets Using Packet Sniffing Rupam 1, Atul Verma 2, Ankita Singh 3 Department of Computer Science, Sri Ram Swroop Memorial Group of Professional Colleges Tiwari Gang Faizabad Road,
More informationCape Girardeau Career Center CISCO Networking Academy Bill Link, Instructor. 2.,,,, and are key services that ISPs can provide to all customers.
Name: 1. What is an Enterprise network and how does it differ from a WAN? 2.,,,, and are key services that ISPs can provide to all customers. 3. Describe in detail what a managed service that an ISP might
More informationOwn your LAN with Arp Poison Routing
Own your LAN with Arp Poison Routing By: Rorik Koster April 17, 2006 Security is a popular buzzword heard every day throughout our American culture and possibly even more so in our global economy. From
More informationNetwork Forensics: Log Analysis
Network Forensics: Analysis Richard Baskerville Agenda P Terms & -based Tracing P Application Layer Analysis P Lower Layer Analysis Georgia State University 1 2 Two Important Terms PPromiscuous Mode
More informationSCADA System Security. ECE 478 Network Security Oregon State University March 7, 2005
SCADA System Security ECE 478 Network Security Oregon State University March 7, 2005 David Goeke Hai Nguyen Abstract Modern public infrastructure systems
More informationFirewall VPN Router. Quick Installation Guide M73-APO09-380
Firewall VPN Router Quick Installation Guide M73-APO09-380 Firewall VPN Router Overview The Firewall VPN Router provides three 10/100Mbit Ethernet network interface ports which are the Internal/LAN, External/WAN,
More informationSSVVP SIP School VVoIP Professional Certification
SSVVP SIP School VVoIP Professional Certification Exam Objectives The SSVVP exam is designed to test your skills and knowledge on the basics of Networking, Voice over IP and Video over IP. Everything that
More informationInternet Protocol: IP packet headers. vendredi 18 octobre 13
Internet Protocol: IP packet headers 1 IPv4 header V L TOS Total Length Identification F Frag TTL Proto Checksum Options Source address Destination address Data (payload) Padding V: Version (IPv4 ; IPv6)
More informationChapter 1 Personal Computer Hardware------------------------------------------------ 7 hours
Essential Curriculum Networking Essentials Total Hours: 244 Cisco Discovery 1: Networking for Home and Small Businesses 81.5 hours teaching time Chapter 1 Personal Computer Hardware------------------------------------------------
More informationNetworks. Connecting Computers. Measures for connection speed. Ethernet. Collision detection. Ethernet protocol
Connecting Computers Networks Computers use networks to communicate like people use telephones or the postal service Requires either some sort of cable point-to-point links connect exactly 2 computers
More information9 Simple steps to secure your Wi-Fi Network.
9 Simple steps to secure your Wi-Fi Network. Step 1: Change the Default Password of Modem / Router After opening modem page click on management - access control password. Select username, confirm old password
More informationLecture Objectives. Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks. Agenda. References
Lecture Objectives Wireless Networks and Mobile Systems Lecture 8 Mobile Networks: Security in Wireless LANs and Mobile Networks Introduce security vulnerabilities and defenses Describe security functions
More informationco Characterizing and Tracing Packet Floods Using Cisco R
co Characterizing and Tracing Packet Floods Using Cisco R Table of Contents Characterizing and Tracing Packet Floods Using Cisco Routers...1 Introduction...1 Before You Begin...1 Conventions...1 Prerequisites...1
More informationFirewalls and VPNs. Principles of Information Security, 5th Edition 1
Firewalls and VPNs Principles of Information Security, 5th Edition 1 Learning Objectives Upon completion of this material, you should be able to: Understand firewall technology and the various approaches
More informationCSCI 362 Computer and Network Security
The Purpose of ing CSCI 362 Computer and Security Introduction to ing Goals: Remote exchange and remote process control. A few desirable properties: Interoperability, Flexibility, Geographical range, Scalability,
More informationCisco Certified Network Associate Exam. Operation of IP Data Networks. LAN Switching Technologies. IP addressing (IPv4 / IPv6)
Cisco Certified Network Associate Exam Exam Number 200-120 CCNA Associated Certifications CCNA Routing and Switching Operation of IP Data Networks Operation of IP Data Networks Recognize the purpose and
More informationNetworked AV Systems Pretest
Networked AV Systems Pretest Instructions Choose the best answer for each question. Score your pretest using the key on the last page. If you miss three or more out of questions 1 11, consider taking Essentials
More informationSecurity Type of attacks Firewalls Protocols Packet filter
Overview Security Type of attacks Firewalls Protocols Packet filter Computer Net Lab/Praktikum Datenverarbeitung 2 1 Security Security means, protect information (during and after processing) against impairment
More informationNetworking 4 Voice and Video over IP (VVoIP)
Networking 4 Voice and Video over IP (VVoIP) Course Objectives This course will give delegates a good understanding of LANs, WANs and VVoIP (Voice and Video over IP). It is aimed at those who want to move
More informationDistinct. Network Monitor. User s Guide
Distinct Network Monitor Version 4.2 User s Guide Distinct Corporation 3315 Almaden Expressway San Jose, CA 95118 USA Phone: +1 408-445-3270 Fax: +1 408-445-3274 Email: sales@distinct.com WWW: http://www.distinct.com
More informationEKT 332/4 COMPUTER NETWORK
UNIVERSITI MALAYSIA PERLIS SCHOOL OF COMPUTER & COMMUNICATIONS ENGINEERING EKT 332/4 COMPUTER NETWORK LABORATORY MODULE LAB 2 NETWORK PROTOCOL ANALYZER (SNIFFING AND IDENTIFY PROTOCOL USED IN LIVE NETWORK)
More informationCYBER ATTACKS EXPLAINED: PACKET CRAFTING
CYBER ATTACKS EXPLAINED: PACKET CRAFTING Protect your FOSS-based IT infrastructure from packet crafting by learning more about it. In the previous articles in this series, we explored common infrastructure
More informationChapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding
Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding This chapter describes the configuration for the SSL VPN Tunnel Client and for Port Forwarding. When a remote user accesses the SSL VPN
More informationConfiguring Switch Ports and VLAN Interfaces for the Cisco ASA 5505 Adaptive Security Appliance
CHAPTER 5 Configuring Switch Ports and VLAN Interfaces for the Cisco ASA 5505 Adaptive Security Appliance This chapter describes how to configure the switch ports and VLAN interfaces of the ASA 5505 adaptive
More informationINTRUSION DETECTION SYSTEMS and Network Security
INTRUSION DETECTION SYSTEMS and Network Security Intrusion Detection System IDS A layered network security approach starts with : A well secured system which starts with: Up-to-date application and OS
More information> Technical Configuration Guide for Microsoft Network Load Balancing. Ethernet Switch and Ethernet Routing Switch Engineering
Ethernet Switch and Ethernet Routing Switch Engineering > Technical Configuration Guide for Microsoft Network Load Balancing Enterprise Solutions Engineering Document Date: March 9, 2006 Document Version:
More informationHow do I get to www.randomsite.com?
Networking Primer* *caveat: this is just a brief and incomplete introduction to networking to help students without a networking background learn Network Security. How do I get to www.randomsite.com? Local
More informationcnds@napier Slide 1 Introduction cnds@napier 1 Lecture 6 (Network Layer)
Slide 1 Introduction In today s and next week s lecture we will cover two of the most important areas in networking and the Internet: IP and TCP. These cover the network and transport layer of the OSI
More informationLab 1: Packet Sniffing and Wireshark
Introduction CSC 5991 Cyber Security Practice Lab 1: Packet Sniffing and Wireshark The first part of the lab introduces packet sniffer, Wireshark. Wireshark is a free opensource network protocol analyzer.
More information- Hubs vs. Switches vs. Routers -
1 Layered Communication - Hubs vs. Switches vs. Routers - Network communication models are generally organized into layers. The OSI model specifically consists of seven layers, with each layer representing
More informationSecurity Technology White Paper
Security Technology White Paper Issue 01 Date 2012-10-30 HUAWEI TECHNOLOGIES CO., LTD. 2012. All rights reserved. No part of this document may be reproduced or transmitted in any form or by any means without
More informationN-CAP Users Guide Everything You Need to Know About Using the Internet! How Firewalls Work
N-CAP Users Guide Everything You Need to Know About Using the Internet! How Firewalls Work How Firewalls Work By: Jeff Tyson If you have been using the internet for any length of time, and especially if
More information- Basic Router Security -
1 Enable Passwords - Basic Router Security - The enable password protects a router s Privileged mode. This password can be set or changed from Global Configuration mode: Router(config)# enable password
More informationEthernet. Ethernet. Network Devices
Ethernet Babak Kia Adjunct Professor Boston University College of Engineering ENG SC757 - Advanced Microprocessor Design Ethernet Ethernet is a term used to refer to a diverse set of frame based networking
More informationChapter 1 Network Security
Chapter 1 Network Security 1.1 Network Security Router Functions Routers connect networks generally based on network addresses, usually IP network addresses. They create subnets (sub-networks) which isolate
More informationVoice over IP. VoIP (In) Security. Presented by Darren Bilby NZISF 14 July 2005
Voice over IP VoIP (In) Security Presented by Darren Bilby NZISF 14 July 2005 Security-Assessment.com Who We Are NZ s only pure-play security firm Largest team of security professionals in NZ Offices in
More informationSecurity Awareness. Wireless Network Security
Security Awareness Wireless Network Security Attacks on Wireless Networks Three-step process Discovering the wireless network Connecting to the network Launching assaults Security Awareness, 3 rd Edition
More informationFirewall Firewall August, 2003
Firewall August, 2003 1 Firewall and Access Control This product also serves as an Internet firewall, not only does it provide a natural firewall function (Network Address Translation, NAT), but it also
More informationDetecting Threats in Network Security by Analyzing Network Packets using Wireshark
1 st International Conference of Recent Trends in Information and Communication Technologies Detecting Threats in Network Security by Analyzing Network Packets using Wireshark Abdulalem Ali *, Arafat Al-Dhaqm,
More information