lab 1: packet sniffing and wireshark - computer science · lab 1: packet sniffing and wireshark ......
TRANSCRIPT
Lab1:PacketSniffingandWireshark
FengweiZhang
WayneStateUniversity Course:CyberSecurityPrac?ce 1
PacketSniffer• Packetsnifferisabasictoolforobservingnetworkpacketexchangesinacomputer
• Capturing(“sniffs”)packetsbeingsent/receivedfrom/byyourcomputer
• Apacketsnifferitselfispassive
• Displayingthecontentsofthevariousprotocolfieldsinthesecapturedpackets,butneversendingpacketsitself
WayneStateUniversity Course:CyberSecurityPrac?ce 2
PacketSnifferStructure
WayneStateUniversity Course:CyberSecurityPrac?ce 3
PacketSniffer(cont’d)• Applica?ons(webbrowsers,FTPclients,emailclients)
• Networkprotocols(Internetprotocol)
• Packetcapture– Thepacketcapturelibraryreceivesacopyofeverylink-layerframe
thatissentfromorreceivedbyyourcomputer
• PacketAnalyzer– Displayingthecontentsofallfieldswithinaprotocolmessage– Understandingthestructureofallmessagesexchangedbyprotocols– IP,TCP,HTTPheaders
• Wireshark,TCPDump
WayneStateUniversity Course:CyberSecurityPrac?ce 4
TCP/IPNetworkStack• TCP/IPisthemostcommonlyusednetworkmodelfor
Internetservices.
• Becauseitsmostimportantprotocols,theTransmissionControlProtocol(TCP)andtheInternetProtocol(IP)werethefirstnetworkingprotocolsdefinedinthisstandard,itisnamedasTCP/IP.
• Itcontainsmul?plelayersincluding:– Applica?onlayer– Transportlayer– Networklayer– Datalinklayer
WayneStateUniversity Course:CyberSecurityPrac?ce 5
AnExampleLayeredApproach
WayneStateUniversity Course:CyberSecurityPrac?ce 6
NetworkLayers
WayneStateUniversity Course:CyberSecurityPrac?ce 7
Applica?onLayer
• Theapplica?onlayerincludestheprotocolsusedbymostapplica?onsforprovidinguserservices
• Examplesofapplica?onlayerprotocolsareHypertextTransferProtocol(HTTP),SecureShell(SSH),FileTransferProtocol(FTP),andSimpleMailTransferProtocol(SMTP)
WayneStateUniversity Course:CyberSecurityPrac?ce 8
TransportLayer• Thetransportlayerestablishesprocess-to-process
connec?vity,anditprovidesend-to-endservicesthatareindependentofunderlyinguserdata.
• Toimplementtheprocess-to-processcommunica?on,theprotocolintroducesaconceptofport.TheexamplesoftransportlayerprotocolsareTransportControlProtocol(TCP)andUserDatagramProtocol(UDP).
• TheTCPprovidesflowcontrol,connec?onestablishment,andreliabletransmissionofdata,whiletheUDPisaconnec?onlesstransmissionmodel.
WayneStateUniversity Course:CyberSecurityPrac?ce 9
InternetLayer• TheInternetlayerisresponsibleforsendingpacketstoacrossnetworks.
• Ithastwofunc?ons:1)Hostiden?fica?onbyusingIPaddressingsystem(IPv4andIPv6);and2)packetsrou?ngfromsourcetodes?na?on.
• TheexamplesofInternetlayerprotocolsareInternetProtocol(IP),InternetControlMessageProtocol(ICMP),andAddressResolu?onProtocol(ARP).
WayneStateUniversity Course:CyberSecurityPrac?ce 10
LinkLayer
• Thelinklayerdefinesthenetworkingmethodswithinthescopeofthelocalnetworklink.
• Itisusedtomovethepacketsbetweentwohostsonthesamelink.AncommonexampleoflinklayerprotocolsisEthernet.
WayneStateUniversity Course:CyberSecurityPrac?ce 11
DataEncapsula?oninNetworkStack
WayneStateUniversity Course:CyberSecurityPrac?ce 12
Lab0
• SigntheCSC4992CyberSecurityPrac?ceClassStudentAgreement
• MakesureyoucanloginasCSC4992studentonZeroClient– UsingyourWSUaccessIDandpassword– ProvidingVMimagesforlabexperiments
WayneStateUniversity Course:CyberSecurityPrac?ce 13
Lab0(cont’d)• Subscribecoursemailing-list– [email protected]– ListHomepage(webinterfaceforsubscriberstojoin/leavelist,postmessages,viewarchives):hip://lists.wayne.edu
• Sendanemailtothelisttointroduceyourselfbynextclass
• Sendazippedtest.txtfileonBackboardbythisweek
WayneStateUniversity Course:CyberSecurityPrac?ce 14