Ethereal: Network Security - PowerPoint PPT Presentation

About This Presentation
Title:

Ethereal: Network Security

Description:

Filter packets on many criteria. Search for packets on many criteria. ... Sun Solaris/Sparc. Tru64 UNIX (formerly Digital UNIX) Linux. Debian GNU/Linux. Gentoo Linux ... – PowerPoint PPT presentation

Number of Views:94
Avg rating:3.0/5.0
Slides: 19
Provided by: onr6
Learn more at: http://nia.ecsu.edu
Category:

less

Transcript and Presenter's Notes

Title: Ethereal: Network Security


1
Ethereal Network Security
  • Team Members Anthony Anderson, Jerome Mitchell,
    and Napoleon Paxton
  • Team Mentors Mr. C. Edwards Mr. K. Hayden

2
Abstract
3
What is Ethereal
  • Ethereal is a network packet analyzer. A network
    packet analyzer will try to capture network
    packets and tries to display that packet data as
    detailed as possible

4
Ethereal Intended Purposes
  • network administrators use it to troubleshoot
    network problems
  • network security engineers use it to examine
    security problems
  • developers use it to debug protocol
    implementations
  • people use it to learn network protocol internals

5
Ethereal Features
  • Available for UNIX and Windows.
  • Capture live packet data from a network
    interface.
  • Display packets with very detailed protocol
    information.
  • Open and Save packet data captured.
  • Import and Export packet data from and to a lot
    of other capture programs.
  • Filter packets on many criteria.
  • Search for packets on many criteria.
  • Colorize packet display based on filters.
  • Create various statistics.

6
Platforms Ethereal Runs On
  • Unix
  • Apple Mac OS X
  • BeOS
  • FreeBSD
  • HP-UX
  • IBM AIX
  • NetBSD
  • OpenBSD
  • SCO UnixWare/OpenUnix
  • SGI Irix
  • Sun Solaris/Intel
  • Sun Solaris/Sparc
  • Tru64 UNIX (formerly Digital UNIX)
  • Linux
  • Debian GNU/Linux
  • Gentoo Linux
  • IBM S/390 Linux (Red Hat)
  • Mandrake Linux
  • PLD Linux

7
The "Capture Options" dialog box
8
Lester Hall Connection To The WWW
9
Protocol Analyzer Monitoring Network Traffic
10
What is a packet?
A piece of a message transmitted over a
packet-switching network. The messages are
divided into packets before they are sent. Each
packet is then transmitted individually and can
even follow different routes to its destination.
Once all the packets forming a message arrive at
the destination, they are recompiled into the
original message.
11
Using Ethereal or Another Packer Analyzer
  • Formulate a capture statement. What do you want
    to find out?
  • Do you want to identify what traffic is crossing
    your network?
  • Identify unauthorized protocols?
  • Identify top talkers?
  • Other?
  • Create a network diagram and determine the best
    place to capture traffic that is related to your
    statement.
  • Create and save three capture files.
  • Limit capture files to 1000 packets.
  • Capture network traffic during different times of
    the day.
  • Analyze the traffic you captured.
  • What protocols do you see?
  • Can you find any unauthorized traffic?
  • Can you identify the two top talkers?
  • Follow a TCP stream (HTTP) and save it as a file.
  • Write a brief description of what you found
    through network analysis.

12
The Interface
13
The "User Interface Columns
  • No. The number of the packet in the capture file.
    This number won't change, even if a display
    filter is used.
  • Time The timestamp of the packet. The
    presentation format of this timestamp can be
    changed, see the section called Time display
    formats and time references.
  • Source The address where this packet is coming
    from.
  • Destination The address where this packet is
    going to.
  • Protocol The protocol name in a short (perhaps
    abbreviated) version.
  • Info Additional information about the packet
    content.

14
The "Packet List" Pane
15
The "Packet Details" Pane
This pane shows the protocols and protocol fields
of the packet selected in the "Packet List" pane.
The protocols and fields of the packet are
displayed using a tree, which can be expanded and
collapsed.
16
The "Packet Bytes" Pane
The packet bytes pane shows the data of the
current packet (selected in the "Packet List"
pane) in a hexdump style. the left side shows the
offset in the packet data, in the middle the
packet data is shown in a hexadecimal
representation and on the right the corresponding
ASCII characters (or . if not appropriate) are
displayed.
17
Following TCP Streams
To see the data from a TCP session in the order
that the application layer sees it, such as,
passwords in a Telnet stream, or just trying to
make sense of a data stream. Ethereal has the
capability to follow a TCP stream.
18
TCP Stream
Write a Comment
User Comments (0)
About PowerShow.com