Jump to content
Sign in to follow this  
Followers 0
protocolunique

Class Tcp-Ip Sniffer Tool

By protocolunique, in Bisnes

Recommended Posts

protocolunique    1

protocolunique
Posted (edited)
Course 1
Course Introduction

The TCP/IP protocol suite is the foundation of the Internet. TCP/IP is robust, scalable and offers a choice of reliable transport or simplistic, unreliable transport. All these attributes lead to a protocol suite that is complex and highly sophisticated. That is where network sniffing plays a useful role. Network sniffing refers to the listening and capturing of all or selected packets of network traffic, traveling over a network, and thus, provide a basis for analysis or investigation needed in trouble-shooting the network.

You will learn
-Fundamental of TCP/IP
-basic skill to effectively set up TCP/IP networks
-How to understand and construct secure,robust local area network
-How to diagnose and fix problems with TCP/IP utulities
-How to plan and design improved networks
-How to troubleshoot TCP/IP Networks
-How to use Protocol Analyser to diagnose real TCP/IP problems
Course Pre-requisites

To gain the most from this course, participants should know a little on TCP/IP networking and Ethernet technology. Important aspects of TCP/IP and Ethernet relevant to sniffing will be reviewed briefly. Some exposure to UNIX will be useful but not essential.

Course Duration

This course will run for 2 consecutive days. The first day will provide a brush up skills on network as well as explain the purpose and usage of network sniffers. The second day will provide an in dept training on how a sniffer could be used to help diagnose and trouble shoot problem on the network.

Course Outline

Day 1

Quick Overview

Review of TCP/IP
Review of TCP/IP Headers
Review of Netmask Calculation
Review of Ethernet Networking

Network Sniffing Principles

What is Promiscuous Mode?
Switching in an Ethernet Hub environment
Switching in a switched environment
Simple Sniffing Exercise

Using the TCPdump/Wireshark/tshark network Sniffer

Introduction to TCPdump/Tcpick/Tcptrack/p0f/ettercap/brian
How to capture ARP/RARP Traffic with TCPdump/Tcpick/Tcptrack/Arpon
How to capture ICMP Traffic with TCPdump/Tcpick/Tcptrack/p0f/ettercap/brian
How to capture UDP Traffic with TCPdump/Tcpick/Tcptrack/p0f/ettercap/brian
How to capture TCP Traffic with TCPdump/Tcpick/Tcptrack/p0f/ettercap/brian
Complex Filtering Rules
Extensive Practices

Using the Wireshark/tshark network Sniffer for baseline Analyse
Domain Name System(DNS)
Address Resolution Protocol(ARP) traffic
Internet Protocol Ver 4(IPV4)
Internet Control Message traffic(ICMP)
User Datagram Protocol(UDP) traffic
Transmission Control Protocol(TCP) traffic
Dynamic Host Configuration Protocol(DHCP) traffic
Hypertext Transfer Protocol(HTTP) traffic
-Understanding Packet Structure
-Filter on each layer
-Analyze Normal/Unusual Traffic/abnormal


Day 2- Advance Network Troubleshooting with packet sniffer

Troubleshooting TCP/IP Network

Using Sniffers to Debug the Network
Examples of how to trouble shoot a network problem (ARP, DHCP, TCP,ICMP etc)

Unique Troubleshooting with Sniffers

Principles/Methodology
Port scanners
-nmap/unicornscan/sinfp/arp-scan
Os fingerprinting
-p0f/disco/unicornscan/sinfp
honeynet/honeypot
-labrea/honeyd/netwox
Packet Generator
-arp-sk/netwox/tcpreplay/bitwistb
PortKnocking
-aldaba-suite/honeyd/knockd
Examples
Denial of service(DOS)
-layer 2 attack and countermeasure
-layer 4 attack and countermeasure

Simple Sniffing and Intrusion Detection System

Sniffing and Intrusion Detection
Sniffing and Computer Forensics


Open Discussion Section

Participants are encouraged to bring their
Problems and questions for discussion

About the Practical Sessions

All the practice session will be conducted in Windows and Linux based machines using the TCPdump and Wireshark packet sniffer.

The practical sessions will include the following:

1. Sniffing all traffic to a host.
2. Sniffing selected traffic to a host based on protocol and ports.
3. Sniffing all traffic to a subnet.
4. Sniffing group of traffic
4. Sniffing selected traffic to a subnet based on protocol and ports.
5. Complex sniffing filters involving different protocols and many ports.
6. Analyzing network traffic in depth with Wireshark
7. TCP exchange following.
8. Large capture files manipulation for analysis.
9. Network troubleshooting with sniffers.

Livecd:pentoo-nsttoolkit
Slackware Linux
virtual box(virtual machine)
window xp/2003/vista tools

sila berhubung dgn saya
[email protected] Edited by protocolunique

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
Sign in to follow this  
Followers 0
Go To Topic Listing
×
×
  • Create New...