An Introduction To Network Analyzers New
An Introduction To Network Analyzers New
An Introduction To Network Analyzers New
Analyzers
System administrators
Understand system problems and performance
Malicious individuals (intruders)
Capture cleartext data
Passively collect data on vulnerable protocols
FTP, POP3, IMAP, SMATP, rlogin, HTTP, etc.
Capture VoIP data
Mapping the target network
Traffic pattern discovery
Actively break into the network (backdoor techniques)
Basic Operation
Ethernet traffic is broadcasted to all nodes on the
same segment
Sniffer can capture all the incoming data when the
NIC is in promiscuous mode:
ifconfig eth0 promisc
ifconfig eth0 –promisc
Default setup is non-promiscuous (only receives the data
destined for the NIC)
Remember: a hub receives all the data!
If switches are used the sniffer must perform port
spanning
Also known as port mirroring
The traffic to each port is mirrored to the sniffer
Port Monitoring
Protecting Against Remember: 00:01:02:03:04:05
MAC address (HWaddr)=
Sniffers Vender Address + Unique NIC #
./config
make
Tool Bar
Filter Bar
Summary
Window
Info
Field Protocol Tree Window
Disp.
Data View Window
Info field
Packet
number 8
– BGP
Protocol Tree (Boarder
Window: Gateway
Details of the Prot)
selected
packet (#8)
Use: arp –a
Use: ipconfig
OSI Model
Physical
Data link; sublayers:
MAC: Physical addressing: moving packets from one NIC
card to another
LLC (Logical Link Control) Flow control and error control
Network
Logical addressing (IP protocol)
Transport
Provides reliable end-to-end transport
Can be connectionless (UDP) or connection oriented (TCP)
Connection oriented requires ACK
Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.
Alternative Proxies: