Title: Ethereal: Network Security
1Ethereal Network Security
- Team Members Anthony Anderson, Jerome Mitchell,
and Napoleon Paxton - Team Mentors Mr. C. Edwards Mr. K. Hayden
2Abstract
3What is Ethereal
- Ethereal is a network packet analyzer. A network
packet analyzer will try to capture network
packets and tries to display that packet data as
detailed as possible
4Ethereal Intended Purposes
- network administrators use it to troubleshoot
network problems - network security engineers use it to examine
security problems - developers use it to debug protocol
implementations - people use it to learn network protocol internals
5Ethereal Features
- Available for UNIX and Windows.
- Capture live packet data from a network
interface. - Display packets with very detailed protocol
information. - Open and Save packet data captured.
- Import and Export packet data from and to a lot
of other capture programs. - Filter packets on many criteria.
- Search for packets on many criteria.
- Colorize packet display based on filters.
- Create various statistics.
6Platforms Ethereal Runs On
- Unix
- Apple Mac OS X
- BeOS
- FreeBSD
- HP-UX
- IBM AIX
- NetBSD
- OpenBSD
- SCO UnixWare/OpenUnix
- SGI Irix
- Sun Solaris/Intel
- Sun Solaris/Sparc
- Tru64 UNIX (formerly Digital UNIX)
- Linux
- Debian GNU/Linux
- Gentoo Linux
- IBM S/390 Linux (Red Hat)
- Mandrake Linux
- PLD Linux
7The "Capture Options" dialog box
8Lester Hall Connection To The WWW
9Protocol Analyzer Monitoring Network Traffic
10What is a packet?
A piece of a message transmitted over a
packet-switching network. The messages are
divided into packets before they are sent. Each
packet is then transmitted individually and can
even follow different routes to its destination.
Once all the packets forming a message arrive at
the destination, they are recompiled into the
original message.
11Using Ethereal or Another Packer Analyzer
- Formulate a capture statement. What do you want
to find out? - Do you want to identify what traffic is crossing
your network? - Identify unauthorized protocols?
- Identify top talkers?
- Other?
- Create a network diagram and determine the best
place to capture traffic that is related to your
statement. - Create and save three capture files.
- Limit capture files to 1000 packets.
- Capture network traffic during different times of
the day. - Analyze the traffic you captured.
- What protocols do you see?
- Can you find any unauthorized traffic?
- Can you identify the two top talkers?
- Follow a TCP stream (HTTP) and save it as a file.
- Write a brief description of what you found
through network analysis.
12The Interface
13The "User Interface Columns
- No. The number of the packet in the capture file.
This number won't change, even if a display
filter is used. - Time The timestamp of the packet. The
presentation format of this timestamp can be
changed, see the section called Time display
formats and time references. - Source The address where this packet is coming
from. - Destination The address where this packet is
going to. - Protocol The protocol name in a short (perhaps
abbreviated) version. - Info Additional information about the packet
content.
14The "Packet List" Pane
15The "Packet Details" Pane
This pane shows the protocols and protocol fields
of the packet selected in the "Packet List" pane.
The protocols and fields of the packet are
displayed using a tree, which can be expanded and
collapsed.
16The "Packet Bytes" Pane
The packet bytes pane shows the data of the
current packet (selected in the "Packet List"
pane) in a hexdump style. the left side shows the
offset in the packet data, in the middle the
packet data is shown in a hexadecimal
representation and on the right the corresponding
ASCII characters (or . if not appropriate) are
displayed.
17Following TCP Streams
To see the data from a TCP session in the order
that the application layer sees it, such as,
passwords in a Telnet stream, or just trying to
make sense of a data stream. Ethereal has the
capability to follow a TCP stream.
18TCP Stream