Safe network analysis



Similar documents
Networks and Security Lab. Network Forensics

COMP416 Lab (1) Wireshark I. 23 September 2013

Linux Network Security

Network Packet Analysis and Scapy Introduction

Make a folder named Lab3. We will be using Unix redirection commands to create several output files in that folder.

Intrusion Detection and Prevention: Network and IDS Configuration and Monitoring using Snort

This Lecture. The Internet and Sockets. The Start If everyone just sends a small packet of data, they can all use the line at the same.

SOUTHERN POLYTECHNIC STATE UNIVERSITY. Snort and Wireshark. IT-6873 Lab Manual Exercises. Lucas Varner and Trevor Lewis Fall 2013

Figure 1. Wireshark Menu Bar

Network Traffic Analysis

Cain & Abel v 2.5. Password Cracking Via ARP Cache Poisoning Attacks. v.1. Page 1 of 15

Lab Conducting a Network Capture with Wireshark

Wireshark Deep packet inspection with Wireshark

Large-Scale TCP Packet Flow Analysis for Common Protocols Using Apache Hadoop

Firewalls, IDS and IPS

Networks & Security Course. Web of Trust and Network Forensics

Lab VI Capturing and monitoring the network traffic

CS 640 Introduction to Computer Networks. Network security (continued) Key Distribution a first step. Lecture24

Presentation_ID. 2001, Cisco Systems, Inc. All rights reserved.

Hands-on Network Traffic Analysis Cyber Defense Boot Camp

USING WIRESHARK TO CAPTURE AND ANALYZE NETWORK DATA

Solution of Exercise Sheet 5

Detecting Threats in Network Security by Analyzing Network Packets using Wireshark

Wireshark. Fakrul (Pappu) Alam

LEARNING COMPUTER SYSTEMS VULNERABILITIES EXPLOITATION THROUGH PENETRATION TEST EXPERIMENTS

Flow-level analysis: wireshark and Bro. Prof. Anja Feldmann, Ph.D. Dr. Nikolaos Chatzis

Network sniffing packet capture and analysis

Customer Tips. Network Packet Analyzer Tips. for the user. Purpose. Introduction to Packet Capture. Xerox Multifunction Devices.

Lab Objectives & Turn In

EKT 332/4 COMPUTER NETWORK

Network Forensics: Log Analysis

Collecting information

PRINTER SECURITY AUDIT: THE UNIVERSITY OF VIRGINIA. Kevin Savoy, CPA, CISA, CISSP Brian Daniels, CISA, GCFA

IPv6 Security Best Practices. Eric Vyncke Distinguished System Engineer

P Principles of Network Forensics P Terms & Log-based Tracing P Application Layer Log Analysis P Lower Layer Log Analysis

Packet Sniffing with Wireshark and Tcpdump

Dynamic Honeypot Construction

Network Traffic Analysis and Intrusion Detection using Packet Sniffer

1. Introduction. 2. DoS/DDoS. MilsVPN DoS/DDoS and ISP. 2.1 What is DoS/DDoS? 2.2 What is SYN Flooding?

Network Security, ISA 656, Angelos Stavrou. Snort Lab

INTRUSION DETECTION SYSTEM

1. LAB SNIFFING LAB ID: 10

Lab 1: Packet Sniffing and Wireshark

Network sniffing packet capture and analysis

Lab exercise: Working with Wireshark and Snort for Intrusion Detection

Chapter 15. Firewalls, IDS and IPS

Vulnerability Assessment and Penetration Testing

Wireshark Lab: Assignment 1w (Optional)

Packet Sniffers Submitted in partial fulfillment of the requirement for the award of degree Of MCA

Network Forensics Network Traffic Analysis

CSE331: Introduction to Networks and Security. Lecture 12 Fall 2006

SCADA Security Example

Network Defense Tools

Ethereal: Getting Started

CS197U: A Hands on Introduction to Unix

Attack Lab: Attacks on TCP/IP Protocols

Passive Network Traffic Analysis: Understanding a Network Through Passive Monitoring Kevin Timm,


A Brief Overview of VoIP Security. By John McCarron. Voice of Internet Protocol is the next generation telecommunications method.

Information Security Training. Assignment 1 Networking

Virtual private network. Network security protocols VPN VPN. Instead of a dedicated data link Packets securely sent over a shared network Internet VPN

EXPLORER. TFT Filter CONFIGURATION

Firewall implementation and testing

Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme. Firewall

Comparison of Firewall, Intrusion Prevention and Antivirus Technologies

An Overview of the Bro Intrusion Detection System

Chapter 8 Phase3: Gaining Access Using Network Attacks

From traditional to alternative approach to storage and analysis of flow data. Petr Velan, Martin Zadnik

Firewalls. Test your Firewall knowledge. Test your Firewall knowledge (cont) (March 4, 2015)

CS2107 Introduction to Information and System Security (Slid. (Slide set 8)

A Research Study on Packet Sniffing Tool TCPDUMP

ITTC Communication Networks Laboratory The University of Kansas EECS 780 Introduction to Protocol Analysis with Wireshark

Evaluating IPv6 Firewalls & Verifying Firewall Security Performance

IDS and Penetration Testing Lab III Snort Lab

Network Security: Workshop

The Evolution of Information Security at Wayne State University

How To Stop A Ddos Attack On A Network From Tracing To Source From A Network To A Source Address

cinderella: A Prototype For A Specification-Based NIDS

A S B

Malicious Network Traffic Analysis

Track 2 Workshop PacNOG 7 American Samoa. Firewalling and NAT

GregSowell.com. Mikrotik Security

Evidence Acquisition. Network Forensics. Jae Woong Joo

How to protect your home/office network?

Network Attacks and Defenses

Sniffing in a Switched Network

Topics in Network Security

C)PTC Certified Penetration Testing Consultant

CSCI 4250/6250 Fall 2015 Computer and Networks Security

Firewall Firewall August, 2003

Cisco Secure PIX Firewall with Two Routers Configuration Example

Firewall Testing. Cameron Kerr Telecommunications Programme University of Otago. May 16, 2005

Bro at 10 Gps: Current Testing and Plans

Information Security. Training

Monitor and Secure Linux System with Open Source Tripwire

When Recognition Matters THE COMPARISON OF PROGRAMS FOR NETWORK MONITORING.

Transcription:

Safe network analysis Generating network traffic captures within a virtual network. Presented by Andrew Martin 1

Introduction What is a sniffer How does sniffing work Usages Scenarios Building safe repositories using VM technologies Wireshark Movie 2

What is a sniffer Sniffer is a term given to applications that capture network data Some examples include: Wireshark Snort EtherApe 3

How does sniffing work? Data enters the network NICs are supposed to be honest and turn away packets not meant for them Sniffing applications simply tell the NIC card to lie 4

Applications Both legitimate and illegitimate purposes End users complaining of network problems User cannot connect to a machine Curiosity over one s instant messenger conversation Need access to a system to which you currently have no access 5

Problem Educate students about network sniffing technologies Production networks generate massive amounts of traffic Realtime analysis is impractical Protect privacy of network users 6

Situation Capture data and store it for later educational analysis AND keep network users data private? 7

Solution Solution 1: Capture traffic and analyze it later Chances are private data will be captured Solution 2: Capture traffic on a non-production network Costly to create a non-production network Solution 3: Create virtual network and capture traffic Ding ding ding, we have a winner! 8

Virtualization It s not new Been around since the 1960s Cheap Can run off a fairly low-end PC One PC can host a slew of VM Create a heterogeneous virtual lab with just one PC 9

Virtual Lab Setup Host: VMWare Workstation Guests: FreeBSD, Red Hat 7.3, Windows 2000 FreeBSD - extensive collection of software apps security utilities easily installed via port Red Hat 7.3 & Windows 2000 relatively old and susceptible to network attacks 10

Virtual Lab Setup Cont d Network is a virtual network controlled by VMWare workstation Uses private addresses Connected to the outside world via using N.A.T. 11

Capturing network traffic Build a repository consisting of two types of traffic Normal FTP, HTTP, SMTP, IRC, SSH... Irregular Network scans, exploits, infected computers using tools such as nmap, or metasploit framework 12

Personal Favorite Wireshark (formally Ethereal) Network traffic capturer and analyzer Uses libpcap (or winpcap) library to abstract network types and support many more networks Intuitive interface Supports capture and display filters 13

Useful Techniques ARP Spoofing / Poisoning Detection Attacker will try to trick a target into thinking that the attacker is not who they say they are Wireshark can easily detect such attacks ARP -- simple filter tshark can be scripted to automatically capture traffic scripts can be written to parse data to look for certain types of network data - lua.org 14

Getting what you want There are many filters that can be applied network - net 192.168.1.0/24 source - src 192.168.1.15 destination - dst 192.168.1.10 host - host 192.168.1.1 Combining filters is quite useful dst port 135 and tcp port 135 and ip[2:2]==48 (blaster worm) 15

Display filters Capture filters and display filters sometimes have different reserved words Display filters have a nice front end for assistance 16

TCP Streams Follow TCP stream wireshark will display the application layer data in the order in which it was received 17

Packet reassembly Save packets that contain binary data, and fuse them together 18

19

Conclusion Privacy is incredibly important while educating students on the importance of network analyzation Best to generate samples on a private network Virtual networks are much cheaper than physical networks Wireshark in the hands of a skillful user is both powerful and dangerous 20

References http://www.wireshark.org/docs/wsug_html_chunked/ http://wiki.wireshark.org/tcp_reassembly http://www.wiresharktraining.com/ http://en.wikipedia.org/wiki/arp_spoofing P. Li, C. Li, T. de Mohammed. Building a repository of network traffic captures for information assurance education. Journal of Computing Sciences in Colleges 2009. Pages 99-105 http://www.vmware.com/ http://www.youtube.com/watch?v=7ezgtp99xsw 21

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information