You are using an outdated browser. For a faster, safer browsing experience, upgrade for free today.

Modules

Details

Release Info

What's on the wire? And above? Only one way to find out. Sniff. In doing so, numerous layers of data are captured. They must be analyzed and labeled. BPF-oriented tools provide such useful facilities to Capture and Analyze flows of information traversing our Net Interfaces. Use WireShark to help filter those packets and make sense of those flows.

Release Syllabus

Wireshark® | TCPDump Packet Capturing

Packet Capture Analysis Security feat. Ethereal® - Module VI

  • Introduction - Topology - Features
    • Discuss course outline
    • Explore system configuration
    • Identify key network interfaces to be used for captures
    • Identify connected interfaces on Cisco Switch
    • Explore network topology - IPv4 & IPv6
    • Identify Ethereal installation
    • Enumerate and discuss key Ethereal features
  •  
  • Ethereal® Graphical User Interface (GUI)
    • Identify installation footprint
    • Differentiate between promiscuous and non-promiscuous modes
    • Configure X.org to permit non-privileged user to write output to screen
    • Launch Ethereal GUI
    • Identify the primary GUI components /Packet List | Packet Details | Packet Bytes/
    • Discuss defaults
    • Explore key menu items
  •  
  • TCPDump | WinDump - Packet Capturing for /Linux|Unix|Windows/
    • Discuss defaults, features and applications
    • Use TCPDump on Linux to capture packets
    • Log traffic using default PCAP/TCPDump format
    • Discuss Berkeley Packet Filters (BPFs)
    • Capture and log specific packets using BPFs for analysis with Ethereal
    • Connect to Windows 2003 Server using Remote Desktop (RDesktop) utility
    • Install WinDump and WinPCAP on Windows 2003 Server
    • Identify available network interfaces using WinDump
    • Capture and log packets using WinDump
    • Capture and log specific packets using BPFs with WinDump for analysis with Ethereal
    • Upload captures to Linux system for analysis in Ethereal
  •  
  • Snort® NIDS Packet Capturing & Logging
    • Discuss Snort NIDS's features
    • Confirm prerequisites - /PCRE|LibPCAP|GCC|Make/
    • Download and Import Snort G/PGP key and MD5SUM for Snort NIDS
    • Download, verify, compile and install Snort NIDS
    • Discuss BPF directional, type, and protocol qualifiers
    • Identify clear-text based network applications and define appropriate BPFs
    • Execute Snort NIDS in sniffer mode with BPFs enabled to match interesting traffic
    • Log to the active pseudo-terminal console and examine the packet flows
    • Combine BPF qualifiers to increase packet-matching capabilities
    • Use logical operators to define more flexible BPFs
    • Create captures for further analysis with Ethereal
  •  
  • Sun Snoop Packet Capturing & Logging
    • Connect to Solaris 10 system and prepare to use Snoop
    • Draw parallels to TCPDump
    • Enumerate key features
    • Sniff and log generic traffic
    • Sniff and log specific traffic using filters
    • Sniff using Snoop, HTTP and FTP traffic
    • Save filters for analysis by Ethereal
    • Snoop various Solaris interfaces for interesting traffic
  •  
  • Layer-2 & Internet Control Messaging Protocol (ICMP) Captures
    • Launch Ethereal
    • Identify sniffing interfaces
    • Capture Address Resolution Protocol (ARP) Packets using Capture Filters
    • Discuss and Identify Protocol Data Units (PDUs)
    • Identify default Ethereal capture file
    • Peruse packet capture statistics
    • Identify Cisco VOIP router generating ARP requests
    • Peruse time precision features - deci - nano-seconds
    • Discuss time manipulations - relative to first packet - actual time
    • Reveal protocol information from layer-1 through 7
    • Identify network broadcasts in the packet stream
    • Generate Layer-2 ARP traffic using PING and capture and analyze results
    • Sniff traffic based on MAC addresses using Ethereal and Capture FIlters
  •  
  • User Datagram Protocol (UDP) Captures & Analyses
    • Discuss UDP Characteristics
    • Focus on Network Time Protocol (NTP)
    • Setup NTP strata for testing between multiple systems
    • Analyze NTP - UDP traffic using Ethereal
    • Focus on Domain Name Service (DNS)
    • Install a BIND DNS Caching-Only Server
    • Analyze DIG queries
    • Analyze 'nslookup' queries
  •  
  • Transmission Control Protocol (TCP) Captures & Analyses
    • Discuss TCP Characteristics - Connection-Oriented Services
    • Explain TCP connection rules - Socket creation
    • Sniff TCP traffic using Capture Filters in Ethereal
    • Use Display Filters to parse TCP traffic
    • Sniff FTP traffic
    • Reconstruct FTP flows using TCP Stream Reassembly
    • Differentiate between client and server flows
    • Quantify client and server flows
    • Discuss embedded Protocol Data Units (PDUs)
    • Sniff Internet Protocol Version 6 (IPv6) traffic
    • Peruse and discuss the IPv6:TCP:FTP traffic dump
    • Analyze TCP Sockets
  •  
  • Ethereal Display Filters - Post Processing Filters
    • Identify previously captured - TCPDump - Ethereal - Snort - Snoop - Dumps
    • Discuss features
    • Explain Display Filter syntax
    • Post-process previously captured traffic dumps
    • Identify the various methods to exact display filters
    • Filter data using the expression builder
    • Filter traffic based on interesting properties
    • Filter traffic using logical operators
  •  
  • Ethereal Statistics
    • Discuss features
    • Explore the summary (metadata) of captured packets
    • Peruse the protocol hierarchy - Layer's 1 - 7 of OSI
    • Examine network conversations of captured packets
    • Identify Destinations in packet dumps
    • Examine ICMP statistics
  •  
  • Text-based Captures with Tethereal
    • Discuss features and applications
    • Identify 'tethereal' and invoke
    • Enumerate network interfaces
    • Sniff generic network traffic
    • Suppress capture output
    • Apply Capture Filters
    • Capture UDP Traffic
    • Capture TCP Traffic
  •  
  • Intranet-based Captures & Analysis
    • Discuss Intranet monitoring objectives
    • Analyze the network topology drawing
    • Discuss Unicast, Broadcast and Multicast traffic
    • Discuss Switch Port Mirroring - SPAN
    • Configure Port Mirroring - SPAN on Cisco Switch for interesting ports
    • Dedicate a network interface for sniffing traffic
    • Configure Snort NIDS to sniff traffic on dedicated network interface
    • Analyze Snort NIDS captures in Ethereal
    • Sniff traffic between various Intranet hosts
  •  
  • Internet-based Captures & Analysis
    • Discuss Internet monitoring objectives
    • Identify key external interfaces to monitor
    • Update the Port Mirroring configuration to capture Internet traffic
    • Capture external traffic
    • Analyze using Ethereal
  •  
  • Wireless-based Captures & Analysis
    • Discuss Wireless monitoring objectives
    • Connect to remote system with wireless interface
    • Enable wireless interface
    • Sniff traffic on wireless network
    • Analyze using Ethereal
  •  
  • Windows-based Captures & Analysis on Windows
    • Download and Install Ethereal for Windows
    • Explore interface
    • Load previously captured data
    • Analyze data
    • Compare and contrast with Ethereal for Linux|Unix systems
  •  
  • WireShark® on MacOSX®
    • Download and Install
    • Explore interface
    • Load previously captured data
    • Analyze data
    • Capture new data
    • Evaluate results
  •  

Tokyo Time

16:9

Rate

1.25x

Watched

1

Completed

1 of 5

Recent