LinuxCBT.com

Syllabus

Focus: Wireshark® | TCPDump Packet Capturing

Duration: 10-Hours

  • Packet Capture Analysis Security feat. Ethereal® - Module VI

    • Introduction - Topology - Features
      • Discuss course outline
      • Explore system configuration
      • Identify key network interfaces to be used for captures
      • Identify connected interfaces on Cisco Switch
      • Explore network topology - IPv4 & IPv6
      • Identify Ethereal installation
      • Enumerate and discuss key Ethereal features
    •  
    • Ethereal® Graphical User Interface (GUI)
      • Identify installation footprint
      • Differentiate between promiscuous and non-promiscuous modes
      • Configure X.org to permit non-privileged user to write output to screen
      • Launch Ethereal GUI
      • Identify the primary GUI components /Packet List | Packet Details | Packet Bytes/
      • Discuss defaults
      • Explore key menu items
    •  
    • TCPDump | WinDump - Packet Capturing for /Linux|Unix|Windows/
      • Discuss defaults, features and applications
      • Use TCPDump on Linux to capture packets
      • Log traffic using default PCAP/TCPDump format
      • Discuss Berkeley Packet Filters (BPFs)
      • Capture and log specific packets using BPFs for analysis with Ethereal
      • Connect to Windows 2003 Server using Remote Desktop (RDesktop) utility
      • Install WinDump and WinPCAP on Windows 2003 Server
      • Identify available network interfaces using WinDump
      • Capture and log packets using WinDump
      • Capture and log specific packets using BPFs with WinDump for analysis with Ethereal
      • Upload captures to Linux system for analysis in Ethereal
    •  
    • Snort® NIDS Packet Capturing & Logging
      • Discuss Snort NIDS's features
      • Confirm prerequisites - /PCRE|LibPCAP|GCC|Make/
      • Download and Import Snort G/PGP key and MD5SUM for Snort NIDS
      • Download, verify, compile and install Snort NIDS
      • Discuss BPF directional, type, and protocol qualifiers
      • Identify clear-text based network applications and define appropriate BPFs
      • Execute Snort NIDS in sniffer mode with BPFs enabled to match interesting traffic
      • Log to the active pseudo-terminal console and examine the packet flows
      • Combine BPF qualifiers to increase packet-matching capabilities
      • Use logical operators to define more flexible BPFs
      • Create captures for further analysis with Ethereal
    •  
    • Sun Snoop Packet Capturing & Logging
      • Connect to Solaris 10 system and prepare to use Snoop
      • Draw parallels to TCPDump
      • Enumerate key features
      • Sniff and log generic traffic
      • Sniff and log specific traffic using filters
      • Sniff using Snoop, HTTP and FTP traffic
      • Save filters for analysis by Ethereal
      • Snoop various Solaris interfaces for interesting traffic
    •  
    • Layer-2 & Internet Control Messaging Protocol (ICMP) Captures
      • Launch Ethereal
      • Identify sniffing interfaces
      • Capture Address Resolution Protocol (ARP) Packets using Capture Filters
      • Discuss and Identify Protocol Data Units (PDUs)
      • Identify default Ethereal capture file
      • Peruse packet capture statistics
      • Identify Cisco VOIP router generating ARP requests
      • Peruse time precision features - deci - nano-seconds
      • Discuss time manipulations - relative to first packet - actual time
      • Reveal protocol information from layer-1 through 7
      • Identify network broadcasts in the packet stream
      • Generate Layer-2 ARP traffic using PING and capture and analyze results
      • Sniff traffic based on MAC addresses using Ethereal and Capture FIlters
    •  
    • User Datagram Protocol (UDP) Captures & Analyses
      • Discuss UDP Characteristics
      • Focus on Network Time Protocol (NTP)
      • Setup NTP strata for testing between multiple systems
      • Analyze NTP - UDP traffic using Ethereal
      • Focus on Domain Name Service (DNS)
      • Install a BIND DNS Caching-Only Server
      • Analyze DIG queries
      • Analyze 'nslookup' queries
    •  
    • Transmission Control Protocol (TCP) Captures & Analyses
      • Discuss TCP Characteristics - Connection-Oriented Services
      • Explain TCP connection rules - Socket creation
      • Sniff TCP traffic using Capture Filters in Ethereal
      • Use Display Filters to parse TCP traffic
      • Sniff FTP traffic
      • Reconstruct FTP flows using TCP Stream Reassembly
      • Differentiate between client and server flows
      • Quantify client and server flows
      • Discuss embedded Protocol Data Units (PDUs)
      • Sniff Internet Protocol Version 6 (IPv6) traffic
      • Peruse and discuss the IPv6:TCP:FTP traffic dump
      • Analyze TCP Sockets
    •  
    • Ethereal Display Filters - Post Processing Filters
      • Identify previously captured - TCPDump - Ethereal - Snort - Snoop - Dumps
      • Discuss features
      • Explain Display Filter syntax
      • Post-process previously captured traffic dumps
      • Identify the various methods to exact display filters
      • Filter data using the expression builder
      • Filter traffic based on interesting properties
      • Filter traffic using logical operators
    •  
    • Ethereal Statistics
      • Discuss features
      • Explore the summary (metadata) of captured packets
      • Peruse the protocol hierarchy - Layer's 1 - 7 of OSI
      • Examine network conversations of captured packets
      • Identify Destinations in packet dumps
      • Examine ICMP statistics
    •  
    • Text-based Captures with Tethereal
      • Discuss features and applications
      • Identify 'tethereal' and invoke
      • Enumerate network interfaces
      • Sniff generic network traffic
      • Suppress capture output
      • Apply Capture Filters
      • Capture UDP Traffic
      • Capture TCP Traffic
    •  
    • Intranet-based Captures & Analysis
      • Discuss Intranet monitoring objectives
      • Analyze the network topology drawing
      • Discuss Unicast, Broadcast and Multicast traffic
      • Discuss Switch Port Mirroring - SPAN
      • Configure Port Mirroring - SPAN on Cisco Switch for interesting ports
      • Dedicate a network interface for sniffing traffic
      • Configure Snort NIDS to sniff traffic on dedicated network interface
      • Analyze Snort NIDS captures in Ethereal
      • Sniff traffic between various Intranet hosts
    •  
    • Internet-based Captures & Analysis
      • Discuss Internet monitoring objectives
      • Identify key external interfaces to monitor
      • Update the Port Mirroring configuration to capture Internet traffic
      • Capture external traffic
      • Analyze using Ethereal
    •  
    • Wireless-based Captures & Analysis
      • Discuss Wireless monitoring objectives
      • Connect to remote system with wireless interface
      • Enable wireless interface
      • Sniff traffic on wireless network
      • Analyze using Ethereal
    •  
    • Windows-based Captures & Analysis on Windows
      • Download and Install Ethereal for Windows
      • Explore interface
      • Load previously captured data
      • Analyze data
      • Compare and contrast with Ethereal for Linux|Unix systems
    •  
    • WireShark® on MacOSX®
      • Download and Install
      • Explore interface
      • Load previously captured data
      • Analyze data
      • Capture new data
      • Evaluate results
    •  

LinuxCBT PackCapAnal Edition

  •  
DEMO