lab 1: packet sniffing and wireshark - computer … sniffer (cont’d) • applicaons ( web...
TRANSCRIPT
Lab1:PacketSniffingandWireshark
FengweiZhang
WayneStateUniversity CSC5991CyberSecurityPrac@ce 1
PacketSniffer• Packetsnifferisabasictoolforobservingnetworkpacketexchangesinacomputer
• Capturing(“sniffs”)packetsbeingsent/receivedfrom/byyourcomputer
• Apacketsnifferitselfispassive
• Displayingthecontentsofthevariousprotocolfieldsinthesecapturedpackets,butneversendingpacketsitself
WayneStateUniversity CSC5991CyberSecurityPrac@ce 2
PacketSnifferStructure
WayneStateUniversity CSC5991CyberSecurityPrac@ce 3
PacketSniffer(cont’d)• Applica@ons(webbrowsers,FTPclients,emailclients)
• Networkprotocols(Internetprotocol)
• Packetcapture– Thepacketcapturelibraryreceivesacopyofeverylink-layerframe
thatissentfromorreceivedbyyourcomputer
• PacketAnalyzer– Displayingthecontentsofallfieldswithinaprotocolmessage– Understandingthestructureofallmessagesexchangedbyprotocols– IP,TCP,HTTPheaders
• Wireshark,TCPDump
WayneStateUniversity CSC5991CyberSecurityPrac@ce 4
TCP/IPNetworkStack• TCP/IPisthemostcommonlyusednetworkmodelfor
Internetservices.
• Becauseitsmostimportantprotocols,theTransmissionControlProtocol(TCP)andtheInternetProtocol(IP)werethefirstnetworkingprotocolsdefinedinthisstandard,itisnamedasTCP/IP.
• Itcontainsmul@plelayersincluding:– Applica@onlayer– Transportlayer– Networklayer– Datalinklayer
WayneStateUniversity CSC5991CyberSecurityPrac@ce 5
AnExampleLayeredApproach
WayneStateUniversity CSC5991CyberSecurityPrac@ce 6
NetworkLayers
WayneStateUniversity CSC5991CyberSecurityPrac@ce 7
Applica@onLayer
• Theapplica@onlayerincludestheprotocolsusedbymostapplica@onsforprovidinguserservices
• Examplesofapplica@onlayerprotocolsareHypertextTransferProtocol(HTTP),SecureShell(SSH),FileTransferProtocol(FTP),andSimpleMailTransferProtocol(SMTP)
WayneStateUniversity CSC5991CyberSecurityPrac@ce 8
TransportLayer• Thetransportlayerestablishesprocess-to-process
connec@vity,anditprovidesend-to-endservicesthatareindependentofunderlyinguserdata.
• Toimplementtheprocess-to-processcommunica@on,theprotocolintroducesaconceptofport.TheexamplesoftransportlayerprotocolsareTransportControlProtocol(TCP)andUserDatagramProtocol(UDP).
• TheTCPprovidesflowcontrol,connec@onestablishment,andreliabletransmissionofdata,whiletheUDPisaconnec@onlesstransmissionmodel.
WayneStateUniversity CSC5991CyberSecurityPrac@ce 9
InternetLayer• TheInternetlayerisresponsibleforsendingpacketstoacrossnetworks.
• Ithastwofunc@ons:1)Hostiden@fica@onbyusingIPaddressingsystem(IPv4andIPv6);and2)packetsrou@ngfromsourcetodes@na@on.
• TheexamplesofInternetlayerprotocolsareInternetProtocol(IP),InternetControlMessageProtocol(ICMP),andAddressResolu@onProtocol(ARP).
WayneStateUniversity CSC5991CyberSecurityPrac@ce 10
LinkLayer
• Thelinklayerdefinesthenetworkingmethodswithinthescopeofthelocalnetworklink.
• Itisusedtomovethepacketsbetweentwohostsonthesamelink.AncommonexampleoflinklayerprotocolsisEthernet.
WayneStateUniversity CSC5991CyberSecurityPrac@ce 11
DataEncapsula@oninNetworkStack
WayneStateUniversity CSC5991CyberSecurityPrac@ce 12
Lab0
• SigntheCSC5991CyberSecurityPrac@ceClassStudentAgreement
• MakesureyoucanloginasCSC5991studentonZeroClient– UsingyourWSUaccessIDandpassword– ProvidingVMimagesforlabexperiments
WayneStateUniversity CSC5991CyberSecurityPrac@ce 13
Lab0(cont’d)
• [email protected]– ListHomepage(webinterfaceforsubscriberstojoin/leavelist,postmessages,viewarchives):hip://lists.wayne.edu/cgi-bin/wa?A0=csc5991-security
• Sendanemailtothelisttointroduceyourselfbynextclass
• Sendazippedtest.txtfileonBackboardbythisweek
WayneStateUniversity CSC5991CyberSecurityPrac@ce 14