Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

nslab

advertisement 
+
Network Security
Lab 6 Background
CS161 Computer Security, Spring 2012
UC Berkeley --- Dawn Song
+
Domain Name System

Hierarchical distributed naming scheme for mapping hostnames
to IP addresses


Like the phonebook!
User Datagram Protocol (UDP)

port number 53

DNS queries is a single UDP request from the client followed by
a single UDP reply from the server.

DNS Protocol Overview

http://www.freesoft.org/CIE/Topics/77.htm
+
Domain Name System
+
Kaminsky Attack
DNS Poisoning!
+
Wireshark

Network protocol analyzer

PCAP trace format

Variety of languages have pcap libraries

Capture filters

Trace filters

Analyze TCP streams, HTTP traffic, ETC
Example filtering HTTP and TCP traffic
+
+
+
+
+
+
Wireshark Useful Filters
•
ip.addr == 10.0.0.1
sets a filter for any packet with 10.0.0.1, as either the source or dest
•
ip.addr ==10.0.0.1 && ip.addr ==10.0.0.2
sets a conversation filter between the two defined IP addresses
•
http or dns
sets a filter to display all http and dns
•
tcp.port ==4000
sets a filter for any TCP packet with 4000 as a source or dest port
•
tcp.flags.reset ==1
displays all TCP resets
http://www.lovemytool.com/blog/2010/04/top-10-wireshark-filters-by-chris-greer.html
+
Wireshark Useful Filters

http.request
displays all HTTP GET requests

tcp contains traffic
displays all TCP packets that contain the word ‘traffic’. Excellent
when searching on a specific string or user ID

!(arp or icmp or dns)
masks out arp, icmp, dns, or whatever other protocols may be
background noise. Allowing you to focus on the traffic of interest

udp contains 33:27:58
sets a filter for the HEX values of 0x33 0x27 0x58 at any offset

tcp.analysis.retransmission
displays all retransmissions in the trace. Helps when tracking down
slow application performance and packet loss
+
Notes

Feel free to use any tools to analyze the data

Or, write your own! PCAP libraries for variety of popular languages.

Recall GET, POST, cookies and sessions

HTTP data may be gzipped!

A total of 3 questions

Work in pairs

Finish quickly and then work on project!
Related documents
View File
View File
Q13 Why do manufacturers of network hardware and software follow
Q13 Why do manufacturers of network hardware and software follow
Learn TCP/IP Quiz
Learn TCP/IP Quiz
Chapter3
Chapter3
上課要求(Network Requirement)
上課要求(Network Requirement)
TCP or UDP
TCP or UDP
Wireshark Lab: TCP
Wireshark Lab: TCP
REFERENCE MODELS FOR COMPUTER NETWORKS
REFERENCE MODELS FOR COMPUTER NETWORKS
Exam Overview
Exam Overview
midterm-review
midterm-review
No Slide Title
No Slide Title
chapter2ccna
chapter2ccna
Fall 2014 - 75 minutes - University of Windsor
Fall 2014 - 75 minutes - University of Windsor
Review Sheet, CMP405/CMP743 (The exam will focus on, but not
Review Sheet, CMP405/CMP743 (The exam will focus on, but not
Week 6 (Network Traffic)
Week 6 (Network Traffic)
ppt
ppt
CCNA Discovery
CCNA Discovery
Chapter One - Drexel University
Chapter One - Drexel University
Slides - Ymir Vigfusson
Slides - Ymir Vigfusson
ppt
ppt
Hacking_Exposed_7_ch3
Hacking_Exposed_7_ch3
Chapter 4 - Wright State University
Chapter 4 - Wright State University
Download
advertisement