LinuxCBT PackCapAnal Edition

Product Description | Syllabus | Below

Course Objective

Packet Capture Analysis Security feat. Ethereal® - Module VI

Introduction - Topology - Features
- Discuss course outline
- Explore system configuration
- Identify key network interfaces to be used for captures
- Identify connected interfaces on Cisco Switch
- Explore network topology - IPv4 & IPv6
- Identify Ethereal installation
- Enumerate and discuss key Ethereal features
Ethereal® Graphical User Interface (GUI)
- Identify installation footprint
- Differentiate between promiscuous and non-promiscuous modes
- Configure X.org to permit non-privileged user to write output to screen
- Launch Ethereal GUI
- Identify the primary GUI components /Packet List | Packet Details | Packet Bytes/
- Discuss defaults
- Explore key menu items
TCPDump | WinDump - Packet Capturing for /Linux|Unix|Windows/
- Discuss defaults, features and applications
- Use TCPDump on Linux to capture packets
- Log traffic using default PCAP/TCPDump format
- Discuss Berkeley Packet Filters (BPFs)
- Capture and log specific packets using BPFs for analysis with Ethereal
- Connect to Windows 2003 Server using Remote Desktop (RDesktop) utility
- Install WinDump and WinPCAP on Windows 2003 Server
- Identify available network interfaces using WinDump
- Capture and log packets using WinDump
- Capture and log specific packets using BPFs with WinDump for analysis with Ethereal
- Upload captures to Linux system for analysis in Ethereal
Snort® NIDS Packet Capturing & Logging
- Discuss Snort NIDS's features
- Confirm prerequisites - /PCRE|LibPCAP|GCC|Make/
- Download and Import Snort G/PGP key and MD5SUM for Snort NIDS
- Download, verify, compile and install Snort NIDS
- Discuss BPF directional, type, and protocol qualifiers
- Identify clear-text based network applications and define appropriate BPFs
- Execute Snort NIDS in sniffer mode with BPFs enabled to match interesting traffic
- Log to the active pseudo-terminal console and examine the packet flows
- Combine BPF qualifiers to increase packet-matching capabilities
- Use logical operators to define more flexible BPFs
- Create captures for further analysis with Ethereal
Sun Snoop Packet Capturing & Logging
- Connect to Solaris 10 system and prepare to use Snoop
- Draw parallels to TCPDump
- Enumerate key features
- Sniff and log generic traffic
- Sniff and log specific traffic using filters
- Sniff using Snoop, HTTP and FTP traffic
- Save filters for analysis by Ethereal
- Snoop various Solaris interfaces for interesting traffic
Layer-2 & Internet Control Messaging Protocol (ICMP) Captures
- Launch Ethereal
- Identify sniffing interfaces
- Capture Address Resolution Protocol (ARP) Packets using Capture Filters
- Discuss and Identify Protocol Data Units (PDUs)
- Identify default Ethereal capture file
- Peruse packet capture statistics
- Identify Cisco VOIP router generating ARP requests
- Peruse time precision features - deci - nano-seconds
- Discuss time manipulations - relative to first packet - actual time
- Reveal protocol information from layer-1 through 7
- Identify network broadcasts in the packet stream
- Generate Layer-2 ARP traffic using PING and capture and analyze results
- Sniff traffic based on MAC addresses using Ethereal and Capture FIlters
User Datagram Protocol (UDP) Captures & Analyses
- Discuss UDP Characteristics
- Focus on Network Time Protocol (NTP)
- Setup NTP strata for testing between multiple systems
- Analyze NTP - UDP traffic using Ethereal
- Focus on Domain Name Service (DNS)
- Install a BIND DNS Caching-Only Server
- Analyze DIG queries
- Analyze 'nslookup' queries
Transmission Control Protocol (TCP) Captures & Analyses
- Discuss TCP Characteristics - Connection-Oriented Services
- Explain TCP connection rules - Socket creation
- Sniff TCP traffic using Capture Filters in Ethereal
- Use Display Filters to parse TCP traffic
- Sniff FTP traffic
- Reconstruct FTP flows using TCP Stream Reassembly
- Differentiate between client and server flows
- Quantify client and server flows
- Discuss embedded Protocol Data Units (PDUs)
- Sniff Internet Protocol Version 6 (IPv6) traffic
- Peruse and discuss the IPv6:TCP:FTP traffic dump
- Analyze TCP Sockets
Ethereal Display Filters - Post Processing Filters
- Identify previously captured - TCPDump - Ethereal - Snort - Snoop - Dumps
- Discuss features
- Explain Display Filter syntax
- Post-process previously captured traffic dumps
- Identify the various methods to exact display filters
- Filter data using the expression builder
- Filter traffic based on interesting properties
- Filter traffic using logical operators
Ethereal Statistics

Discuss features
Explore the summary (metadata) of captured packets
Peruse the protocol hierarchy - Layer's 1 - 7 of OSI
Examine network conversations of captured packets
Identify Destinations in packet dumps
Examine ICMP statistics

Text-based Captures with Tethereal
- Discuss features and applications
- Identify 'tethereal' and invoke
- Enumerate network interfaces
- Sniff generic network traffic
- Suppress capture output
- Apply Capture Filters
- Capture UDP Traffic
- Capture TCP Traffic
Intranet-based Captures & Analysis
- Discuss Intranet monitoring objectives
- Analyze the network topology drawing
- Discuss Unicast, Broadcast and Multicast traffic
- Discuss Switch Port Mirroring - SPAN
- Configure Port Mirroring - SPAN on Cisco Switch for interesting ports
- Dedicate a network interface for sniffing traffic
- Configure Snort NIDS to sniff traffic on dedicated network interface
- Analyze Snort NIDS captures in Ethereal
- Sniff traffic between various Intranet hosts
Internet-based Captures & Analysis
- Discuss Internet monitoring objectives
- Identify key external interfaces to monitor
- Update the Port Mirroring configuration to capture Internet traffic
- Capture external traffic
- Analyze using Ethereal
Wireless-based Captures & Analysis
- Discuss Wireless monitoring objectives
- Connect to remote system with wireless interface
- Enable wireless interface
- Sniff traffic on wireless network
- Analyze using Ethereal
Windows-based Captures & Analysis on Windows
- Download and Install Ethereal for Windows
- Explore interface
- Load previously captured data
- Analyze data
- Compare and contrast with Ethereal for Linux|Unix systems
WireShark® on MacOSX®
- Download and Install
- Explore interface
- Load previously captured data
- Analyze data
- Capture new data
- Evaluate results
top

Contact Us Today

+1 888.573.4943

+1 203.548.7393

Have a Sales Enquiry? Please leave us a message

Send Message

Clients

Accenture
AccuWeather
Actel
AIG
Akamai
Alcatel
Alliant Energy
ARRIS
Assurant
AutoDesk
Avocent
Baptist Health Sys
Bechtel Corp
Bentley College
Blue Cross BS - MS
Blue Man Group
BNP Paribas
Cadence
CalState PolyTech
CALTECH
Canada Space Agency
Canadian Forces
Chrysler
Cisco Systems
CNET
Computer Sciences
Continental Airlines
DELL
Dept. of Labor
DISA.GOV
DisplayTech
Double-Take
DRAFTFCB
Dublin AA
Duke B. School
Duke Energy
EMC
ENTRUST
FBI
FH Cancer Research
Fuji Film Canada
Georgia Lottery
GIA.edu
Good Year
Google
Greater Orlando AA
GTECH
Hewlett Packard
Ingersoll Rand
Iowa State U.
ISAGENIX
JP Morgan Chase
L-3 Communications
Liz Claiborne
Louisville Tech
Maui HPCC
McGill University
Methodist University

Mt. Sinai Medical
NASA - JPL
NATS
NAVY
NICHIA Corp
NIH
NLN
NOAA
NOKIA
NORTEL
Northrop Grumman
Ontario Power Gen.
OpenBet
PA State Senate
Park Nicollet
Phelps Dodge
Piper Jaffray
QinetiQ
RackSpace UK
Raytheon
RCMP
REUTERS
ROGERS
SafeNet, Inc.
SAIC
Sanofi-Aventis
Sarah Lawrence
Seton Hall
SGI
Simon & Schuster
SLCC.EDU
Smiths Aerospace
Sony DADC
Spectra Labs
Symantec
Syracuse Research
TD Ameritrade
Tendril
Texas Instruments
The Open University
U. of Afghanistan
UC Irvine
UC San Francisco
UC Santa Cruz
UCLA
UMass Med School
Unilever
Unisys
United Nations
Univ. of Alaska
Univ. of Cambridge
Univ. of Colorado
Univ. of Louisville
Univ. of Maryland
Univ. of New Haven
University of Iowa
University of Oslo
World Bank