lab 1: packet sniffing and...

14
Lab 1: Packet Sniffing and Wireshark Fengwei Zhang Wayne State University Course: Cyber Security Practice 1

Upload: others

Post on 11-Jul-2020

19 views

Category:

Documents


0 download

TRANSCRIPT

Page 1: Lab 1: Packet Sniffing and Wiresharkwebpages.eng.wayne.edu/~fy8421/19sp-csc5290/slides/lab1-slides.pdf– IP, TCP, HTTP headers • Wireshark, TCPDump Wayne State University Course:

Lab1:PacketSniffingandWireshark

FengweiZhang

WayneStateUniversity Course:CyberSecurityPractice 1

Page 2: Lab 1: Packet Sniffing and Wiresharkwebpages.eng.wayne.edu/~fy8421/19sp-csc5290/slides/lab1-slides.pdf– IP, TCP, HTTP headers • Wireshark, TCPDump Wayne State University Course:

PacketSniffer•  Packetsnifferisabasictoolforobservingnetworkpacketexchangesinacomputer

•  Capturing(“sniffs”)packetsbeingsent/receivedfrom/byyourcomputer

•  Apacketsnifferitselfispassive

•  Displayingthecontentsofthevariousprotocolfieldsinthesecapturedpackets,butneversendingpacketsitself

WayneStateUniversity Course:CyberSecurityPractice 2

Page 3: Lab 1: Packet Sniffing and Wiresharkwebpages.eng.wayne.edu/~fy8421/19sp-csc5290/slides/lab1-slides.pdf– IP, TCP, HTTP headers • Wireshark, TCPDump Wayne State University Course:

PacketSnifferStructure

WayneStateUniversity Course:CyberSecurityPractice 3

Page 4: Lab 1: Packet Sniffing and Wiresharkwebpages.eng.wayne.edu/~fy8421/19sp-csc5290/slides/lab1-slides.pdf– IP, TCP, HTTP headers • Wireshark, TCPDump Wayne State University Course:

PacketSniffer(cont’d)•  Applications(webbrowsers,FTPclients,emailclients)

•  Networkprotocols(Internetprotocol)

•  Packetcapture–  Thepacketcapturelibraryreceivesacopyofeverylink-layerframe

thatissentfromorreceivedbyyourcomputer

•  PacketAnalyzer–  Displayingthecontentsofallfieldswithinaprotocolmessage–  Understandingthestructureofallmessagesexchangedbyprotocols–  IP,TCP,HTTPheaders

•  Wireshark,TCPDump

WayneStateUniversity Course:CyberSecurityPractice 4

Page 5: Lab 1: Packet Sniffing and Wiresharkwebpages.eng.wayne.edu/~fy8421/19sp-csc5290/slides/lab1-slides.pdf– IP, TCP, HTTP headers • Wireshark, TCPDump Wayne State University Course:

TCP/IPNetworkStack•  TCP/IPisthemostcommonlyusednetworkmodelfor

Internetservices.

•  Becauseitsmostimportantprotocols,theTransmissionControlProtocol(TCP)andtheInternetProtocol(IP)werethefirstnetworkingprotocolsdefinedinthisstandard,itisnamedasTCP/IP.

•  Itcontainsmultiplelayersincluding:–  Applicationlayer–  Transportlayer–  Networklayer–  Datalinklayer

WayneStateUniversity Course:CyberSecurityPractice 5

Page 6: Lab 1: Packet Sniffing and Wiresharkwebpages.eng.wayne.edu/~fy8421/19sp-csc5290/slides/lab1-slides.pdf– IP, TCP, HTTP headers • Wireshark, TCPDump Wayne State University Course:

AnExampleLayeredApproach

WayneStateUniversity Course:CyberSecurityPractice 6

Page 7: Lab 1: Packet Sniffing and Wiresharkwebpages.eng.wayne.edu/~fy8421/19sp-csc5290/slides/lab1-slides.pdf– IP, TCP, HTTP headers • Wireshark, TCPDump Wayne State University Course:

NetworkLayers

WayneStateUniversity Course:CyberSecurityPractice 7

Page 8: Lab 1: Packet Sniffing and Wiresharkwebpages.eng.wayne.edu/~fy8421/19sp-csc5290/slides/lab1-slides.pdf– IP, TCP, HTTP headers • Wireshark, TCPDump Wayne State University Course:

ApplicationLayer

•  Theapplicationlayerincludestheprotocolsusedbymostapplicationsforprovidinguserservices

•  ExamplesofapplicationlayerprotocolsareHypertextTransferProtocol(HTTP),SecureShell(SSH),FileTransferProtocol(FTP),andSimpleMailTransferProtocol(SMTP)

WayneStateUniversity Course:CyberSecurityPractice 8

Page 9: Lab 1: Packet Sniffing and Wiresharkwebpages.eng.wayne.edu/~fy8421/19sp-csc5290/slides/lab1-slides.pdf– IP, TCP, HTTP headers • Wireshark, TCPDump Wayne State University Course:

TransportLayer•  Thetransportlayerestablishesprocess-to-process

connectivity,anditprovidesend-to-endservicesthatareindependentofunderlyinguserdata.

•  Toimplementtheprocess-to-processcommunication,theprotocolintroducesaconceptofport.TheexamplesoftransportlayerprotocolsareTransportControlProtocol(TCP)andUserDatagramProtocol(UDP).

•  TheTCPprovidesflowcontrol,connectionestablishment,andreliabletransmissionofdata,whiletheUDPisaconnectionlesstransmissionmodel.

WayneStateUniversity Course:CyberSecurityPractice 9

Page 10: Lab 1: Packet Sniffing and Wiresharkwebpages.eng.wayne.edu/~fy8421/19sp-csc5290/slides/lab1-slides.pdf– IP, TCP, HTTP headers • Wireshark, TCPDump Wayne State University Course:

InternetLayer•  TheInternetlayerisresponsibleforsendingpacketstoacrossnetworks.

•  Ithastwofunctions:1)HostidentificationbyusingIPaddressingsystem(IPv4andIPv6);and2)packetsroutingfromsourcetodestination.

•  TheexamplesofInternetlayerprotocolsareInternetProtocol(IP),InternetControlMessageProtocol(ICMP),andAddressResolutionProtocol(ARP).

WayneStateUniversity Course:CyberSecurityPractice 10

Page 11: Lab 1: Packet Sniffing and Wiresharkwebpages.eng.wayne.edu/~fy8421/19sp-csc5290/slides/lab1-slides.pdf– IP, TCP, HTTP headers • Wireshark, TCPDump Wayne State University Course:

LinkLayer

•  Thelinklayerdefinesthenetworkingmethodswithinthescopeofthelocalnetworklink.

•  Itisusedtomovethepacketsbetweentwohostsonthesamelink.AncommonexampleoflinklayerprotocolsisEthernet.

WayneStateUniversity Course:CyberSecurityPractice 11

Page 12: Lab 1: Packet Sniffing and Wiresharkwebpages.eng.wayne.edu/~fy8421/19sp-csc5290/slides/lab1-slides.pdf– IP, TCP, HTTP headers • Wireshark, TCPDump Wayne State University Course:

DataEncapsulationinNetworkStack

WayneStateUniversity Course:CyberSecurityPractice 12

Page 13: Lab 1: Packet Sniffing and Wiresharkwebpages.eng.wayne.edu/~fy8421/19sp-csc5290/slides/lab1-slides.pdf– IP, TCP, HTTP headers • Wireshark, TCPDump Wayne State University Course:

Lab0

•  MakesureyoucanloginasCSC5290studentonZeroClient– UsingyourWSUaccessIDandpassword– ProvidingVMimagesforlabexperiments

WayneStateUniversity Course:CyberSecurityPractice 13

Page 14: Lab 1: Packet Sniffing and Wiresharkwebpages.eng.wayne.edu/~fy8421/19sp-csc5290/slides/lab1-slides.pdf– IP, TCP, HTTP headers • Wireshark, TCPDump Wayne State University Course:

Lab0(cont’d)•  Subscribecoursemailing-list–  [email protected]–  ListHomepage(webinterfaceforsubscriberstojoin/leavelist,postmessages,viewarchives):http://lists.wayne.edu

•  Sendanemailtothelisttointroduceyourselfbynextclass

•  Sendazippedtest.txtfileonBackboardbythisweek

WayneStateUniversity Course:CyberSecurityPractice 14