Computers
Introduction to programming-WIRESHARK and other traffic monitoring tools
Notes:
API- Application programming interface
WinRT - Windows real time, suite used by windows developers
App Container - separate memory space
.NET Framework
- provides secure environment for web apps to run
-uses security transparency to separate different kinds of code while running
- premission sets define what application code has to access
Managing Data App
HTTP is a stateless protocol, can't remember, when closing an app data close automatically without saving
USES of Packet Analysis:
-Analyze network problems
-Detect network intrusion attempts
-perform regular compliance
-monitor bandwidth utilization
-verify
WIRESHARK
formerly Ethereal,an open source packet analyzer.
Other packet analyzers
--------------------------TRANSCRIPT---------------------------------
- Network administrators use a packet sniffer, network monitor, or network analyzer to monitor and troubleshoot network traffic. As data flows across the network, the sniffer captures each packet, decodes the packet's raw bits, and then displays the field values in the packetaccording the appropriate RFC or other specification. This information can help identify bottlenecks, and help maintain efficient network data transmission. There are many uses for packet analysis.
We can analyze network problems, detect network intrusion attempts, and network misuse,perform regulatory compliance through content monitoring perimeter and endpoint traffic,monitor bandwidth usage per application and process, and verify endpoint security status to see unwanted protocols, such as, bogus ARP traffic and Multicast DNS, and gather and report network statistics. The tool we will use for this demonstration is Wireshark, formerly Ethereal,an open source packet analyzer.
In the late 1990s, Gerald Combs needed a tool for analyzing network problems. Portable sniffers were available at the time, but they were costly. Gerald developed Ethereal with the help of some friends, and this later became Wireshark. It has been around for over 15 years. In addition to Wireshark, there are some other packet analyzers. Cain and Abel recovers passwords by sniffing the network and can record voice-over IP conversations. NarusInsight, formerly Carnivore, can monitor all internet traffic.
dSniff, passively monitors a network for interesting traffic, such as, passwords, emails, and files. Ettercap, intercepts traffic on a network segment, captures passwords and conducts active eavesdropping. Tcpdump, a common protocol analyzer that runs from the command line. Placement is key. All traffic is not created equally. Dependent on the placement, you may only capture a portion of the total network traffic. Off of a switch, the traffic may be unicast, broadcast, or multicast.
To see all traffic on a switch, use Port Monitoring or SPAN. Also use a full duplex tap in line with traffic. You may need a special adapter. Network administrators should be familiar with Wireshark because Wireshark is built into the Cisco Nexus 7000 series, and many other devices.
API- Application programming interface
WinRT - Windows real time, suite used by windows developers
App Container - separate memory space
.NET Framework
- provides secure environment for web apps to run
-uses security transparency to separate different kinds of code while running
- premission sets define what application code has to access
Managing Data App
HTTP is a stateless protocol, can't remember, when closing an app data close automatically without saving
USES of Packet Analysis:
-Analyze network problems
-Detect network intrusion attempts
-perform regular compliance
-monitor bandwidth utilization
-verify
WIRESHARK
formerly Ethereal,an open source packet analyzer.
Other packet analyzers
- Cain and Abel - recovers passwords by sniffing the network, can record Voip conversation
- NarusInsight (carnivor) - monitors all internet traffic
- dSniff - monitors interesting traffics such as pw, emials, files
- Ettercap - intercepts traffic on a network segments, captures pw, condcust active eavesdropping
- tcp dump - common protocol analyzer that runs in a command line
--------------------------TRANSCRIPT---------------------------------
- Network administrators use a packet sniffer, network monitor, or network analyzer to monitor and troubleshoot network traffic. As data flows across the network, the sniffer captures each packet, decodes the packet's raw bits, and then displays the field values in the packetaccording the appropriate RFC or other specification. This information can help identify bottlenecks, and help maintain efficient network data transmission. There are many uses for packet analysis.
We can analyze network problems, detect network intrusion attempts, and network misuse,perform regulatory compliance through content monitoring perimeter and endpoint traffic,monitor bandwidth usage per application and process, and verify endpoint security status to see unwanted protocols, such as, bogus ARP traffic and Multicast DNS, and gather and report network statistics. The tool we will use for this demonstration is Wireshark, formerly Ethereal,an open source packet analyzer.
In the late 1990s, Gerald Combs needed a tool for analyzing network problems. Portable sniffers were available at the time, but they were costly. Gerald developed Ethereal with the help of some friends, and this later became Wireshark. It has been around for over 15 years. In addition to Wireshark, there are some other packet analyzers. Cain and Abel recovers passwords by sniffing the network and can record voice-over IP conversations. NarusInsight, formerly Carnivore, can monitor all internet traffic.
dSniff, passively monitors a network for interesting traffic, such as, passwords, emails, and files. Ettercap, intercepts traffic on a network segment, captures passwords and conducts active eavesdropping. Tcpdump, a common protocol analyzer that runs from the command line. Placement is key. All traffic is not created equally. Dependent on the placement, you may only capture a portion of the total network traffic. Off of a switch, the traffic may be unicast, broadcast, or multicast.
To see all traffic on a switch, use Port Monitoring or SPAN. Also use a full duplex tap in line with traffic. You may need a special adapter. Network administrators should be familiar with Wireshark because Wireshark is built into the Cisco Nexus 7000 series, and many other devices.
Post a Comment
0 Comments