Lab 1: Packet Sniffing and Wireshark - Computer Science · Lab 1: Packet Sniffing and Wireshark ... – Applicaon layer – Transport layer – Network layer ... services • Examples

Lab1:PacketSniffingandWireshark

FengweiZhang

WayneStateUniversity Course:CyberSecurityPrac?ce 1

PacketSniffer•  Packetsnifferisabasictoolforobservingnetworkpacketexchangesinacomputer

•  Capturing(“sniffs”)packetsbeingsent/receivedfrom/byyourcomputer

•  Apacketsnifferitselfispassive

•  Displayingthecontentsofthevariousprotocolfieldsinthesecapturedpackets,butneversendingpacketsitself

WayneStateUniversity Course:CyberSecurityPrac?ce 2

PacketSnifferStructure

WayneStateUniversity Course:CyberSecurityPrac?ce 3

PacketSniffer(cont’d)•  Applica?ons(webbrowsers,FTPclients,emailclients)

•  Networkprotocols(Internetprotocol)

•  Packetcapture–  Thepacketcapturelibraryreceivesacopyofeverylink-layerframe

thatissentfromorreceivedbyyourcomputer

•  PacketAnalyzer–  Displayingthecontentsofallfieldswithinaprotocolmessage–  Understandingthestructureofallmessagesexchangedbyprotocols–  IP,TCP,HTTPheaders

•  Wireshark,TCPDump

WayneStateUniversity Course:CyberSecurityPrac?ce 4

TCP/IPNetworkStack•  TCP/IPisthemostcommonlyusednetworkmodelfor

Internetservices.

•  Becauseitsmostimportantprotocols,theTransmissionControlProtocol(TCP)andtheInternetProtocol(IP)werethefirstnetworkingprotocolsdefinedinthisstandard,itisnamedasTCP/IP.

•  Itcontainsmul?plelayersincluding:–  Applica?onlayer–  Transportlayer–  Networklayer–  Datalinklayer

WayneStateUniversity Course:CyberSecurityPrac?ce 5

AnExampleLayeredApproach

WayneStateUniversity Course:CyberSecurityPrac?ce 6

NetworkLayers

WayneStateUniversity Course:CyberSecurityPrac?ce 7

Applica?onLayer

•  Theapplica?onlayerincludestheprotocolsusedbymostapplica?onsforprovidinguserservices

•  Examplesofapplica?onlayerprotocolsareHypertextTransferProtocol(HTTP),SecureShell(SSH),FileTransferProtocol(FTP),andSimpleMailTransferProtocol(SMTP)

WayneStateUniversity Course:CyberSecurityPrac?ce 8

TransportLayer•  Thetransportlayerestablishesprocess-to-process

connec?vity,anditprovidesend-to-endservicesthatareindependentofunderlyinguserdata.

•  Toimplementtheprocess-to-processcommunica?on,theprotocolintroducesaconceptofport.TheexamplesoftransportlayerprotocolsareTransportControlProtocol(TCP)andUserDatagramProtocol(UDP).

•  TheTCPprovidesflowcontrol,connec?onestablishment,andreliabletransmissionofdata,whiletheUDPisaconnec?onlesstransmissionmodel.

WayneStateUniversity Course:CyberSecurityPrac?ce 9

InternetLayer•  TheInternetlayerisresponsibleforsendingpacketstoacrossnetworks.

•  Ithastwofunc?ons:1)Hostiden?fica?onbyusingIPaddressingsystem(IPv4andIPv6);and2)packetsrou?ngfromsourcetodes?na?on.

•  TheexamplesofInternetlayerprotocolsareInternetProtocol(IP),InternetControlMessageProtocol(ICMP),andAddressResolu?onProtocol(ARP).

WayneStateUniversity Course:CyberSecurityPrac?ce 10

LinkLayer

•  Thelinklayerdefinesthenetworkingmethodswithinthescopeofthelocalnetworklink.

•  Itisusedtomovethepacketsbetweentwohostsonthesamelink.AncommonexampleoflinklayerprotocolsisEthernet.

WayneStateUniversity Course:CyberSecurityPrac?ce 11

DataEncapsula?oninNetworkStack

WayneStateUniversity Course:CyberSecurityPrac?ce 12

Lab0

•  SigntheCSC4992CyberSecurityPrac?ceClassStudentAgreement

•  MakesureyoucanloginasCSC4992studentonZeroClient– UsingyourWSUaccessIDandpassword– ProvidingVMimagesforlabexperiments

WayneStateUniversity Course:CyberSecurityPrac?ce 13

Lab0(cont’d)•  Subscribecoursemailing-list–  csc4992@lists.wayne.edu–  ListHomepage(webinterfaceforsubscriberstojoin/leavelist,postmessages,viewarchives):hip://lists.wayne.edu

•  Sendanemailtothelisttointroduceyourselfbynextclass

•  Sendazippedtest.txtfileonBackboardbythisweek

WayneStateUniversity Course:CyberSecurityPrac?ce 14