1 / 9

Traffic Analysis with Ethereal

Traffic Analysis with Ethereal. Traffic Analysis. What is Traffic Analysis? Network analysis is the process of capturing network traffic and inspecting it closely to determine what is happening on the network. - Ethereal Packet Sniffing. Rockland, MA: Syngress Publishing, Inc., 2004

maesl
Télécharger la présentation

Traffic Analysis with Ethereal

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Traffic Analysis with Ethereal

  2. Traffic Analysis • What is Traffic Analysis? • Network analysis is the process of capturing network traffic and inspecting it closely to determine what is happening on the network. -Ethereal Packet Sniffing. Rockland, MA: Syngress Publishing, Inc., 2004 • Traffic analysis, network analysis, protocol analysis, packet analysis and packet sniffing all typically refer to the same thing

  3. Traffic Analysis • Reason to analyze traffic • Legitimate • Identify network or communication issues • Monitor network performance • Verify network security • Track communication transactions • Log network traffic • Discover source of unwanted traffic • Discover compromised workstations • Ensure users are adhering to AUP • Illegitimate • Capture passwords • Capture network information • Read confidential information • Determine network information

  4. Network Analyzers – What’s Available? • Differences are usually in the features. • EtherPeek • Windows 2000/NT Server Network Monitor • Network Associates Sniffer and SnifferPro • Network Instruments Observer • Ethereal • Packetyzer • Features can include: • Number of protocols supported • User interface • Graphing and statistical analysis • Expert analysis features

  5. Ethereal • Features • Free (Open source software) • Runs on multiple platforms • Supports over 480 protocols • Reads capture files from other products (MS Network Monitor, TCPdump, Sniffer, Novell Lanalyzer) • Installation • 1. WinPcap : http://winpcap.polito.it • 2. Ethereal : http://www.ethereal.com

  6. Exercise 1: Installing ethereal • Install WinPcap and Ethereal to your PC. • http://www.ethereal.com • Run Ethereal.

  7. Exercise 2: Capturing packets • 1.From the main window, select "Capture:Start ". • 2.This displays the following “Capture Preferences”window: • • Select "Capture packets in promiscuous mode". • • Select "Update list of packets in real time". • • Select "Automatic scrolling in live capture". • 3. Starting the traffic capture: Start the packet capture by clicking “OK” in the “Capture Preferences” window. • 4. Generating traffic: In a separate window on your PC, execute a ping command to a target. • ping –c <local network address> • Observe the output in the ethereal main window. • Click and highlight a captured packet in the ethereal window, and view the headers of the captured traffic. • 5. Stopping the traffic capture: Click "Stop" in the window "Ethernet Capture". • 6. Saving captured traffic

  8. Understanding ethereal Overview of Packet Info Click on one of these lines or fields and watch the packet being highlighted below. Details about header of Packet highlighted. Info about packet and Its contents.

  9. Exercise 3: Filtering • Ethereal uses the libpcap filter lanaguage for capture filters. • Example 1: A capture filter for telnet traffic to and from a particular hosttcp port 23 and host 141.223.14.147 • Example 2: A capture filter for all icmp trafficicmp Filtering rules

More Related