protocolunique 1 Report post Posted February 22, 2010 (edited) Course 1 Course Introduction The TCP/IP protocol suite is the foundation of the Internet. TCP/IP is robust, scalable and offers a choice of reliable transport or simplistic, unreliable transport. All these attributes lead to a protocol suite that is complex and highly sophisticated. That is where network sniffing plays a useful role. Network sniffing refers to the listening and capturing of all or selected packets of network traffic, traveling over a network, and thus, provide a basis for analysis or investigation needed in trouble-shooting the network. You will learn -Fundamental of TCP/IP -basic skill to effectively set up TCP/IP networks -How to understand and construct secure,robust local area network -How to diagnose and fix problems with TCP/IP utulities -How to plan and design improved networks -How to troubleshoot TCP/IP Networks -How to use Protocol Analyser to diagnose real TCP/IP problems Course Pre-requisites To gain the most from this course, participants should know a little on TCP/IP networking and Ethernet technology. Important aspects of TCP/IP and Ethernet relevant to sniffing will be reviewed briefly. Some exposure to UNIX will be useful but not essential. Course Duration This course will run for 2 consecutive days. The first day will provide a brush up skills on network as well as explain the purpose and usage of network sniffers. The second day will provide an in dept training on how a sniffer could be used to help diagnose and trouble shoot problem on the network. Course Outline Day 1 Quick Overview Review of TCP/IP Review of TCP/IP Headers Review of Netmask Calculation Review of Ethernet Networking Network Sniffing Principles What is Promiscuous Mode? Switching in an Ethernet Hub environment Switching in a switched environment Simple Sniffing Exercise Using the TCPdump/Wireshark/tshark network Sniffer Introduction to TCPdump/Tcpick/Tcptrack/p0f/ettercap/brian How to capture ARP/RARP Traffic with TCPdump/Tcpick/Tcptrack/Arpon How to capture ICMP Traffic with TCPdump/Tcpick/Tcptrack/p0f/ettercap/brian How to capture UDP Traffic with TCPdump/Tcpick/Tcptrack/p0f/ettercap/brian How to capture TCP Traffic with TCPdump/Tcpick/Tcptrack/p0f/ettercap/brian Complex Filtering Rules Extensive Practices Using the Wireshark/tshark network Sniffer for baseline Analyse Domain Name System(DNS) Address Resolution Protocol(ARP) traffic Internet Protocol Ver 4(IPV4) Internet Control Message traffic(ICMP) User Datagram Protocol(UDP) traffic Transmission Control Protocol(TCP) traffic Dynamic Host Configuration Protocol(DHCP) traffic Hypertext Transfer Protocol(HTTP) traffic -Understanding Packet Structure -Filter on each layer -Analyze Normal/Unusual Traffic/abnormal Day 2- Advance Network Troubleshooting with packet sniffer Troubleshooting TCP/IP Network Using Sniffers to Debug the Network Examples of how to trouble shoot a network problem (ARP, DHCP, TCP,ICMP etc) Unique Troubleshooting with Sniffers Principles/Methodology Port scanners -nmap/unicornscan/sinfp/arp-scan Os fingerprinting -p0f/disco/unicornscan/sinfp honeynet/honeypot -labrea/honeyd/netwox Packet Generator -arp-sk/netwox/tcpreplay/bitwistb PortKnocking -aldaba-suite/honeyd/knockd Examples Denial of service(DOS) -layer 2 attack and countermeasure -layer 4 attack and countermeasure Simple Sniffing and Intrusion Detection System Sniffing and Intrusion Detection Sniffing and Computer Forensics Open Discussion Section Participants are encouraged to bring their Problems and questions for discussion About the Practical Sessions All the practice session will be conducted in Windows and Linux based machines using the TCPdump and Wireshark packet sniffer. The practical sessions will include the following: 1. Sniffing all traffic to a host. 2. Sniffing selected traffic to a host based on protocol and ports. 3. Sniffing all traffic to a subnet. 4. Sniffing group of traffic 4. Sniffing selected traffic to a subnet based on protocol and ports. 5. Complex sniffing filters involving different protocols and many ports. 6. Analyzing network traffic in depth with Wireshark 7. TCP exchange following. 8. Large capture files manipulation for analysis. 9. Network troubleshooting with sniffers. Livecd:pentoo-nsttoolkit Slackware Linux virtual box(virtual machine) window xp/2003/vista tools sila berhubung dgn saya [email protected] Edited February 25, 2010 by protocolunique Quote Share this post Link to post Share on other sites