Introduction on Low level Network tools



Similar documents
BASIC ANALYSIS OF TCP/IP NETWORKS

Wireless Encryption Protection

Virtual Server and DDNS. Virtual Server and DDNS. For BIPAC 741/743GE

Lab 2. CS-335a. Fall 2012 Computer Science Department. Manolis Surligas

Lab Organizing CCENT Objectives by OSI Layer

CONNECTING THE RASPBERRY PI TO A NETWORK

Cisco Networking Professional-6Months Project Based Training

MITM Man in the Middle

Procedure: You can find the problem sheet on Drive D: of the lab PCs. 1. IP address for this host computer 2. Subnet mask 3. Default gateway address

CYBER ATTACKS EXPLAINED: PACKET CRAFTING

How To Classify A Dnet Attack

EAGLE EYE Wi-Fi. 1. Introduction

CS197U: A Hands on Introduction to Unix

This Lecture. The Internet and Sockets. The Start If everyone just sends a small packet of data, they can all use the line at the same.

Solution of Exercise Sheet 5

Cisco Configuring Commonly Used IP ACLs

Connecting to and Setting Up a Network

Internet Protocol: IP packet headers. vendredi 18 octobre 13

Some Tools for Computer Security Incident Response Team (CSIRT)

41376 UDP performing get device status Command Workstation (CWS), Harmony, Bi-directional Driver TCP/UDP

Exam Questions SY0-401

Firewall VPN Router. Quick Installation Guide M73-APO09-380


Advanced Higher Computing. Computer Networks. Homework Sheets

Multi-Homing Dual WAN Firewall Router

1 Introduction: Network Applications

Configuring Check Point VPN-1/FireWall-1 and SecuRemote Client with Avaya IP Softphone via NAT - Issue 1.0

1 Data information is sent onto the network cable using which of the following? A Communication protocol B Data packet

Course Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network.

Linux Network Security

Technical Support Information Belkin internal use only

Computer Networks I Laboratory Exercise 1

Computer Networks/DV2 Lab

Determine if the expectations/goals/strategies of the firewall have been identified and are sound.

Proxies. Chapter 4. Network & Security Gildas Avoine

Lab 1: Packet Sniffing and Wireshark

Looking for Trouble: ICMP and IP Statistics to Watch

Securing end devices

SCADA Security Example

Lab Configuring Access Policies and DMZ Settings

9 Simple steps to secure your Wi-Fi Network.

Wireless Network Security. Pat Wilbur Wireless Networks March 30, 2007

CCNA Discovery Networking for Homes and Small Businesses Student Packet Tracer Lab Manual

Virtual private network. Network security protocols VPN VPN. Instead of a dedicated data link Packets securely sent over a shared network Internet VPN

Internet Control Protocols Reading: Chapter 3

Network Traffic Analysis

H3C SSL VPN RADIUS Authentication Configuration Example

SSL VPN Technology White Paper

General Network Security

EKT 332/4 COMPUTER NETWORK

ADSL Router Quick Installation Guide Revised, edited and illustrated by Neo

Laboration, Ping, Traceroute, etc

PasserellesNumeriquesCambodia (PNC)

Raritan Valley Community College Academic Course Outline. CISY Advanced Computer Networking

Lab VI Capturing and monitoring the network traffic

CONNECTING WINDOWS XP PROFESSIONAL TO A NETWORK

LESSON Networking Fundamentals. Understand TCP/IP

Using IPM to Measure Network Performance

CS2107 Introduction to Information and System Security (Slid. (Slide set 8)

Topics in Network Security

Interconnecting Cisco Networking Devices, Part 1 (ICND1) v3.0

Network Pop Quiz 5 Brought to you by please visit our site!

Network Forensics Network Traffic Analysis

HREP Series DVR DDNS Configuration Application Note

Lab Developing ACLs to Implement Firewall Rule Sets

Figure 41-1 IP Filter Rules

CTS2134 Introduction to Networking. Module Network Security

Chapter 8 Security Pt 2

HomeWorks P5 Processor Ethernet TCP / IP Networking Specification

Lab Conducting a Network Capture with Wireshark

Introduction to Passive Network Traffic Monitoring

You can probably work with decimal. binary numbers needed by the. Working with binary numbers is time- consuming & error-prone.

Question: 3 When using Application Intelligence, Server Time may be defined as.

EXPLORER. TFT Filter CONFIGURATION

Step-by-Step Configuration

Computer Networks/DV2 Lab

Chapter 10 Troubleshooting

Configuring IPSec VPN Tunnel between NetScreen Remote Client and RN300

Lab - Using Wireshark to View Network Traffic

- Basic Router Security -

ABB solar inverters. User s manual ABB Remote monitoring portal

Topic 7 DHCP and NAT. Networking BAsics.

Instructor Notes for Lab 3

WEP WPA WPS :: INDEX : Introduction :

CSSIA CompTIA Security+ Domain. Network Security. Network Security. Network Security. Network Security. Network Security

Hands-on Network Traffic Analysis Cyber Defense Boot Camp

finger, ftp, host, hostname, mesg, rcp, rlogin, rsh, scp, sftp, slogin, ssh, talk, telnet, users, w, walla, who, write,...

TFTP TRIVIAL FILE TRANSFER PROTOCOL OVERVIEW OF TFTP, A VERY SIMPLE FILE TRANSFER PROTOCOL FOR SIMPLE AND CONSTRAINED DEVICES

Step-by-Step Setup Guide Wireless File Transmitter FTP Mode

Introduction to Network Security Lab 1 - Wireshark

Firewalls. Chapter 3

Security Awareness. Wireless Network Security

Computer Networks. Secure Systems

: Interconnecting Cisco Networking Devices Part 1 v2.0 (ICND1)

TELE 301 Network Management. Lecture 17: File Transfer & Web Caching

Firewall Firewall August, 2003

School of Information Science (IS 2935 Introduction to Computer Security, 2003)

Firewalls. Network Security. Firewalls Defined. Firewalls

Transcription:

Georges Da Costa dacosta@irit.fr http: //www.irit.fr/~georges.da-costa/cours/addis/

1 Introduction 2 Aircrack-ng 3 Wireshark

Low level tools Hacking tools Aircrack-ng (ex Aircrack, ex Airsnort) WEP/WPA cracking program Wireshark (ex ethereal) Capture and analyze network frames

1 Introduction 2 Aircrack-ng 3 Wireshark

Aircrack-ng 802.11a/b/g WEP/WPA cracking program Can recover a 40-bit, 104-bit, 256-bit or 512-bit WEP key Method: Gather encrypted frames Once enough frames are acquired (10th of thousand) determines the key Can inject dummy packet to acquired frames Can attack WPA1/2 networks with some advanced methods or simply by brute force. Webpage: http://www.aircrack-ng.org/

1 Introduction 2 Aircrack-ng 3 Wireshark

Wireshark Packet sniffer Packet analyzer It provides multi-level analyze of frames It provides semantics for large number of protocols It can save sniffed packet for later analyze Webpage: http://www.wireshark.org/

Interface Three main parts Filter Frame list Content of the current frame Filter can be used on protocol (http, bootp or ftp) or combination of them (http or ftp) or on other frame fields. We will start with ethereal.cap.

DHCP Filter on bootp DHCP messages are send over UDP or TCP? Draw temporal diagram of communications between dhcp client and server What is the DHCP server IP? Which message contains the new client IP? Which is this IP? What is the time life of this IP?

Telnet How to filter on the telnet messages? Telnet messages are send over UDP or TCP? What is the login used? What is the password? What is the remote command? What is the result? Draw temporal diagram of communications between client and server.

DNS Filter on dns, we will focus on request 113 (on ftp.kernel.org) Filter on dns, are messages send over UDP or TCP? What is the IP of the dns server used? What is the type of DNS request? Are there answers in the requests? Look closely on the answers, how many answers are given? Why? Draw temporal diagram of communications between client and server.

Ping Two ping command are issued. The first (ping 204.152.191.37) starts message 101, the second (ping ftp.kernel.org) message 113. Which protocol is used? How to filter on the ping messages? Why those frames do not have a local or remote port? Remove filters and explain the difference between the two pings For the two pings, draw temporal diagram of communications between client and server for the first round.

ftp Find the filter to show the 44 messages of the ftp session. Is ftp based on UDP or TCP? What is the login used? What is the password? What is the name of the file transferred? What is the content of the file? Draw temporal diagram of communications between client and server.

Http, part 1 HTTP requests comes from two requests: One single image and one complete web page. For the single image (request frame 236) Which is the version of the HTTP protocol asked by the client? Which is the version of the HTTP protocol used by the server for answering? Which is the status replied by the server? What is the date of last modification? What is the size of the answer? (at the different levels) This file is large, how do the transfer occurs at the different levels? Draw temporal diagram of communications between client and server.

Http, part2 For the whole web site (frame 274) What is the Operating system of the client? What is the maximum number of files requested at the same time? The image of the first part is displayed but not requested, why?

traceroute For this part, switch to ethereal traceroute.cap traceroute allows to obtain information on routers on a IP path between a client and a server. It uses TTL (Time To Live) When a server receive an IP message with a TTL of 0, it answers back that the remote host could not be attained.

traceroute, bis What is the name of the server? What are the values of TTL? What is the protocol used? Why? What else occurs than knowing IP of routers? Why?