Post on 29-May-2018
transcript
Lab1:PacketSniffingandWireshark
FengweiZhang
WayneStateUniversity Course:CyberSecurityPractice 1
PacketSniffer• Packetsnifferisabasictoolforobservingnetworkpacketexchangesinacomputer
• Capturing(“sniffs”)packetsbeingsent/receivedfrom/byyourcomputer
• Apacketsnifferitselfispassive
• Displayingthecontentsofthevariousprotocolfieldsinthesecapturedpackets,butneversendingpacketsitself
WayneStateUniversity Course:CyberSecurityPractice 2
PacketSnifferStructure
WayneStateUniversity Course:CyberSecurityPractice 3
PacketSniffer(cont’d)• Applications(webbrowsers,FTPclients,emailclients)
• Networkprotocols(Internetprotocol)
• Packetcapture– Thepacketcapturelibraryreceivesacopyofeverylink-layerframe
thatissentfromorreceivedbyyourcomputer
• PacketAnalyzer– Displayingthecontentsofallfieldswithinaprotocolmessage– Understandingthestructureofallmessagesexchangedbyprotocols– IP,TCP,HTTPheaders
• Wireshark,TCPDump
WayneStateUniversity Course:CyberSecurityPractice 4
TCP/IPNetworkStack• TCP/IPisthemostcommonlyusednetworkmodelfor
Internetservices.
• Becauseitsmostimportantprotocols,theTransmissionControlProtocol(TCP)andtheInternetProtocol(IP)werethefirstnetworkingprotocolsdefinedinthisstandard,itisnamedasTCP/IP.
• Itcontainsmultiplelayersincluding:– Applicationlayer– Transportlayer– Networklayer– Datalinklayer
WayneStateUniversity Course:CyberSecurityPractice 5
AnExampleLayeredApproach
WayneStateUniversity Course:CyberSecurityPractice 6
NetworkLayers
WayneStateUniversity Course:CyberSecurityPractice 7
ApplicationLayer
• Theapplicationlayerincludestheprotocolsusedbymostapplicationsforprovidinguserservices
• ExamplesofapplicationlayerprotocolsareHypertextTransferProtocol(HTTP),SecureShell(SSH),FileTransferProtocol(FTP),andSimpleMailTransferProtocol(SMTP)
WayneStateUniversity Course:CyberSecurityPractice 8
TransportLayer• Thetransportlayerestablishesprocess-to-process
connectivity,anditprovidesend-to-endservicesthatareindependentofunderlyinguserdata.
• Toimplementtheprocess-to-processcommunication,theprotocolintroducesaconceptofport.TheexamplesoftransportlayerprotocolsareTransportControlProtocol(TCP)andUserDatagramProtocol(UDP).
• TheTCPprovidesflowcontrol,connectionestablishment,andreliabletransmissionofdata,whiletheUDPisaconnectionlesstransmissionmodel.
WayneStateUniversity Course:CyberSecurityPractice 9
InternetLayer• TheInternetlayerisresponsibleforsendingpacketstoacrossnetworks.
• Ithastwofunctions:1)HostidentificationbyusingIPaddressingsystem(IPv4andIPv6);and2)packetsroutingfromsourcetodestination.
• TheexamplesofInternetlayerprotocolsareInternetProtocol(IP),InternetControlMessageProtocol(ICMP),andAddressResolutionProtocol(ARP).
WayneStateUniversity Course:CyberSecurityPractice 10
LinkLayer
• Thelinklayerdefinesthenetworkingmethodswithinthescopeofthelocalnetworklink.
• Itisusedtomovethepacketsbetweentwohostsonthesamelink.AncommonexampleoflinklayerprotocolsisEthernet.
WayneStateUniversity Course:CyberSecurityPractice 11
DataEncapsulationinNetworkStack
WayneStateUniversity Course:CyberSecurityPractice 12
Lab0
• MakesureyoucanloginasCSC4992studentonZeroClient– UsingyourWSUaccessIDandpassword– ProvidingVMimagesforlabexperiments
WayneStateUniversity Course:CyberSecurityPractice 13
Lab0(cont’d)• Subscribecoursemailing-list– csc4992@lists.wayne.edu– ListHomepage(webinterfaceforsubscriberstojoin/leavelist,postmessages,viewarchives):http://lists.wayne.edu
• Sendanemailtothelisttointroduceyourselfbynextclass
• Sendazippedtest.txtfileonBackboardbythisweek
WayneStateUniversity Course:CyberSecurityPractice 14