USC CSCI 530 - lab-sniffing-color (16 pages)

Previewing pages 1, 2, 3, 4, 5 of 16 page document View the full content.
View Full Document

lab-sniffing-color



Previewing pages 1, 2, 3, 4, 5 of actual document.

View the full content.
View Full Document
View Full Document

lab-sniffing-color

222 views


Pages:
16
School:
University of Southern California
Course:
Csci 530 - Security Systems
Unformatted text preview:

Network sniffing packet capture and analysis October 3 2014 Administrative submittal instructions answer the lab assignment s 13 questions in numbered list form in a Word document file 13th response is to embed a screenshot graphic email to csci530l usc edu exact subject title must be snifflab deadline is start of your lab session the following week reports not accepted zero for lab if late you did not attend the lab except DEN or prior arrangement email subject title deviates 1 DETER preparations coming soon next lecture topic will be done on DETER so will 3 of the 4 remaining thereafter you have an account created Wednesday late afternoon you received an advisory email at that time to do for you in next 24 hours read your advisory email and note changes it requests you make within 72 hours from Weds 24 hours from now Dateline Friday 9 26 14 while we were busy discussing exploits here media drumbeat plagues us may be more sesationalized than necessary or maybe not footnote to last week week s app security security topic 2 Client unexgate gets server dmorgan us s passwd file extraneous text would return passwd file if executed Packet sniffer A tool that captures interprets and stores network packets for analysis also known as network sniffer network monitor packet capture utility protocol analyzer is intimately network y 3 Sniffing in security context an introductory counterpoint conventional wisdom hacking is emblematic of poplular security talk and is all about the outside menace popular conculsion security is about networks reality the outside is there but don t forget the inside too does security vanish when net cable unplugged Half of security unrelated to nets purely local dimensions physical security BIOS bootloader security filesystem permissions execution jails encrypted filesystems etc network aspects packet sniffing remote backup and logging port scanning tunnels pigcory o t s cate t bu aye network d t o in t h is 4 Wireshark product background principal author Gerald Combs original name ethereal changed 2006 legal reasons open source equivalent linux and Windows versions Related software pcap the underlying library pcap captures the packets Wireshark displays them graphically tcpdump rides on pcap like Wireshark displays what pcap captures character mode very widespread others tshark character mode version in Wireshark s stable Network Monitor Microsoft snoop Sun Microsystems ettercap snort 5 netcat product background a general purpose client and server there s more than one hobbit s GNU s different authors different features different syntax cryptcat adds filestream en de cryption for you to generate something to send a server in this exercise ssh secure shell creates an encrypted network conversation for you to compare with an unencrypted one in this exercise by capturing both 6 Foundation concept frames are what Wireshark is for capturing a k a packets datagrams segments protocol data units they come in nested groups Nesting successive enveloping Russian laquer dolls 7 How data gets enveloped Packets Packets have detailed structure 8 Packets have detailed structure Wireshark knows the structures for 1400 protocols turns byte dump into intelligible decode in the details pane Wireshark interface components packet list pane packet details pane packet bytes pane packet 6 s details packet 6 s bytes 9 Stack correlation application transport network data link physical highest layer protocol that each packet contains Wireshark taps interfaces probe takes measurement where it is sees whatever is at the interface e g NIC sees nothing else does not see what s on the network limits value on host connected to a switch versus a hub 10 It s 70o in L A No it s 70o right here There s a port scan on the network wire shark No there s a port scan right here 11 Two what to capture restrictions Involuntary can t capture what doesn t appear on the interface in the first place Voluntary packet filter expressions Packet filter expressions using address primitives host 200 2 2 1 src host 200 2 2 2 dst host 200 2 2 2 ip 16 224 ip 2 2 512 ether 0 1 1 12 Packet filter expressions using protocol primitives ip tcp udp icmp Booleans and or not 13 2 different filters 2 different syntaxes capture filters during capture shares same syntax as tcpdump uses display filters after the fact Wireshark s own syntax can auto generate filter expression from model packet These syntaxes semantically same enter display filter here while displaying enter capture filter here before capturing 14 Wireshark SSL decrypt feature given key with key without key but where do we get the key info If you want to see network traffic besides your own make sure NIC is in promiscuous mode operate in a network with a hub not a switch not your choice if you re not net admin use a switch with a management port that receives all traffic sniff by remote access on computers at other places in the network save the capture to a file transfer the file to Wireshark 15 info http www wireshark org http wiki wireshark org Packet Sniffing In a Switched Environment https www sans org reading room whitepapers networkdevs packetsniffing switched environment 244 SSL TLS What s Under the Hood https www sans org reading room whitepapers authentication ssl tlswhats hood 34297 16


View Full Document

Access the best Study Guides, Lecture Notes and Practice Exams

Loading Unlocking...
Login

Join to view lab-sniffing-color and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view lab-sniffing-color and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?