packet analysis (basic)

Report

Tags:

Post on 18-May-2015

1.179 Views

Category:

Documents

1 Downloads

Preview:

Click to see full reader

TRANSCRIPT

Network Packet Analysis (basic)

Ahmad Muammar W.K. OSCP

Technical Workshop (25 Oktober 2012)

Tuesday, January 22, 13

Introduction

• A.K.A y3dips

• Pro. Bandwidth Hunter

• IT(Sec) Consultant/Pentester/py.Coder

• Founder echo.or.id, ubuntu-id, idsecconf

• @y3dips, me@ammar.web.id

Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13

Packet Analysis

• Captured Network Traffic

• Analyze the protocols, carve out the files, search for strings

Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13

• Analyze fileds within protocols

• Analyze Protocols within packets

• Analyze Packets within streams

• Reconstruct higher-layer protocols

Packet Analysis

Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13

• Too many stream packet

• Packet corrupted or truncated

• Contents encrypted at different layers

• Unstandard protocols

Issue Found

Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13

• Examination of one or more fields within the protocol’s data structure.

Protocol Analysis

Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13

• Packet Analysis

Packet Analysis

Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13

WiresharkAhmad Muammar W.K. OSCP

Network Packet Analysis Technical Workshop (25 Oktober 2012)

Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13

WireSharkAdvance Usage

Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13

Wireshark Display

• Packet List

• Packet Details

• Packet Bytes

Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13

Packet ListPacket List

Packet Details

Packet Bytes

Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13

WiresharkColoring Rules

Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13

Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13

Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13

WiresharkCapture Filters

Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13

Capture Filtersfor the shake of the performance

Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13

Capture/BPF syntax

• Type: host, net, port

• Direction: src, dst

• Proto: ether, ip, tcp, udp

• Logical oepration: &&, ||, !

Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13

Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13

Capture Filters

• Filtering the host

• host ipv4/ipv6

• host hostname

• ether host mac (00-11-22-33-44-55)

• src/dst host 192.168.1.1

Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13

Capture Filters

• Filtering the Protocol/Port

• port 443

• !port 443

• protocol name (e.g: icmp)

• !protocol name (e.g !icmp)

Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13

Capture Filters

• Protocol Field

• icmp[0] == 3 (unreachable)

• icmp[0] == 8 (echo request)

• tcp[13] & 4 == 4 (RST)

• tcp[13] & 1 == 1 (FIN)

Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13

Display FiltersSee only what you wanna see

Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13

Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13

Display Filters

• !tcp.port=443

• tcp.flag.syn=1

• !arp

• tcp.port==21 || tcp.port==23

• smtp || pop || imap

Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13

Packet AnalysisWrong Dissector

Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13

Protocol Dissector

• Allow Wireshark to automatically break down into various section so that it can be analyzed

• Translator, decoder

• Not work for non-standard/default port.

Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13

Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13

Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13

Wrong Dissector

• So its an SSL traffic

• But, why we able to see all info

• FTP Traffic using port 443?

• Decode it with FTP

Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13

Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13

Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13

Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13

Packet AnalysisReconstruct File and Data

Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13

Reconstruct Data

• nc -lv 110 > confidential.pdf

• nc -vv 192.168.1.222 110 < confidential.pdf

• non standard port send pdf and zip

Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13

Packet AnalysisReconstruct PDF File

Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13

Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13

Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13

Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13

Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13

Packet AnalysisReconstruct Zip File from NC file transfer

Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13

Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13

Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13

Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13

Packet AnalysisReconstruct Zip File from FTP server

Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13

Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13

Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13

Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13

Packet AnalysisDecrypting and decode ssl packet

Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13

Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13

Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13

Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13

Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13

Network Packet Analysis

Ahmad Muammar W.K. OSCP

Technical Workshop (25 Oktober 2012)

Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13

top related

basic emt education application information packet...
Documents
packet sniffing packet forgery (spoofed from address) dns...
Documents
packet analysis using wireshark
Technology
sip introduction and packet analysis
Documents
basic circuit analysis - razorjr.files.wordpress.comeie209...
Documents
basic law enforcement orientation packet - mdc.edu...
Documents
basic law enforcement phase one application packet
Documents
full-time basic/ part time basic/ refresher training...
Documents
snmp packet analysis
Documents
rdp packet analysis 삽질기 - basic level 1
Technology
addition and subtraction basic math packet 2009-2010
Documents
wireshark practical packet analysis
Documents
packet analysis digital forensics - ubnetdef
Documents
analysis of packet loss probing in packet...
Documents
basic enrollment packet entities/businesses - louisiana
Documents
using packet analysis for quality of experience monitoring...
Documents
packet tracer 6.1 tutorial - ip telephony basic...
Documents
council on law enforcement education and training basic ......
Documents
packet network timing measurements, metrics, and...
Documents
wireless packet captures & connection analysis- a...
Documents