Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.

Packet analysis using wireshark

1 023 vues

Publié le

Brief introduction about wireshark and practical usecases of packet analysis

Publié dans : Technologie
  • Soyez le premier à commenter

Packet analysis using wireshark

  1. 1. PACKET ANALYSIS USING WIRESHARK CEH TWITTER:@BASAVESWARK
  2. 2. WHAT IS WIRESHARK ? WIRESHARK IS A FREE AND OPEN SOURCE PACKET ANALYZER. IT IS USED FOR NETWORK TROUBLESHOOTING, ANALYSIS, SOFTWARE AND COMMUNICATIONS PROTOCOL DEVELOPMENT, AND EDUCATION
  3. 3. FEATURES • DEEP INSPECTION OF HUNDREDS OF PROTOCOLS, WITH MORE BEING ADDED ALL THE TIME • LIVE CAPTURE AND OFFLINE ANALYSIS • MULTI-PLATFORM: RUNS ON WINDOWS, LINUX, MACOS, SOLARIS, FREEBSD, NETBSD, AND MANY OTHERS • CAPTURED NETWORK DATA CAN BE BROWSED VIA A GUI, OR VIA THE TTY-MODE TSHARK UTILITY • THE MOST POWERFUL DISPLAY FILTERS IN THE INDUSTRY • RICH VOIP ANALYSIS • READ/WRITE MANY DIFFERENT CAPTURE FILE FORMATS: TCPDUMP (LIBPCAP), PCAP NG, CATAPULT DCT2000, CISCO SECURE IDS IPLOG, MICROSOFT NETWORK MONITOR, NETWORK GENERAL SNIFFER® (COMPRESSED AND UNCOMPRESSED), SNIFFER® PRO, AND NETXRAY®, NETWORK INSTRUMENTS OBSERVER, NETSCREEN SNOOP, NOVELL LANALYZER, RADCOM WAN/LAN ANALYZER, SHOMITI/FINISAR SURVEYOR, TEKTRONIX K12XX, VISUAL NETWORKS VISUAL UPTIME, WILDPACKETS ETHERPEEK/TOKENPEEK/AIROPEEK, AND MANY OTHERS • CAPTURE FILES COMPRESSED WITH GZIP CAN BE DECOMPRESSED ON THE FLY • COLORING RULES CAN BE APPLIED TO THE PACKET LIST FOR QUICK, INTUITIVE ANALYSIS • OUTPUT CAN BE EXPORTED TO XML, POSTSCRIPT®, CSV, OR PLAIN TEXT
  4. 4. CAPTURING LIVE TRAFFIC
  5. 5. COLORING RULES
  6. 6. DISPLAY FILTERS • Filter specific addresses ip.addr == 192.168.1.5 ip.src ==192.168.1.5 ip.dest ==192.168.1.5 • Filter specific protocols dns || http (OR) dns or http • Filter specific ports tcp.port == 443 udp.port == 1234 • Identity TCP issues, packet loss tcp.analysis.flag • Cleaning up or Pruning noise !(arp or dns or icmp)
  7. 7. DISPLAY FILTERS (CONTINUED) • Follow tcp stream tcp.stream eq 32 • DNS Queries udp contains facebook • HTTP Request/Responses http.request http.response.code == 200 • TCP Traffic flags tcp.flags.syn == 1 tcp.flags.reset == 1 • SIP Traffic sip rtp
  8. 8. DEMO TIME
  9. 9. SOME QUICK SHORTCUTS
  10. 10. USE CASE # 1 VOIP CALL RECORDING
  11. 11. VOIP CALL RECORDING (CONTINUED..)
  12. 12. VOIP CALL RECORDING (CONTINUED..)
  13. 13. USE CASE # 2 DNS QUERY
  14. 14. USE CASE # 2 DNS QUERY (CONTINUED)
  15. 15. USE CASE # 3 TROUBLESHOOTING INTERNET ACCESS ISSUE (UNABLE TO ACCESS A PARTICULAR MUSIC SITE)
  16. 16. USE CASE # 4 UNDERSTANDING SSL FLOW
  17. 17. USE CASE # 4 UNDERSTANDING SSL FLOW (CONTINUED..)
  18. 18. REFERENCES • https://en.wikipedia.org/wiki/Wires hark • https://www.wireshark.org/ • Practical Packet Analysis by by Chris Sanders • https://www.youtube.com/watch?v= 68t07-KOH9Y • https://en.wikipedia.org/wiki/User_ Datagram_Protocol • https://en.wikipedia.org/wiki/Trans mission_Control_Protocol • http://www.informatics.buzdo.com/ _images/f912-1.gif • http://1.bp.blogspot.com/- gTRV25VTdb8/T55rvji6cEI/AAAAAA AACXM/9clbBo- y0nY/s1600/dnslookups.png
  19. 19. APPENDIX
  20. 20. APPENDIX (CONTINUED)

×