Transcription
Sniffer’sNetwork Packet AnalyzerBasics
Sniffer Network Analysis Range of techniques that networkengineers and designers employ to studythe properties of networks, includingconnectivity, capacity and performance.Network packet analyzer Tries to capture network packets andthen display that packet data as detailedas possible. Captureand decode
Sniffer Intended purposes: Continuednetwork administrators use them to troubleshootnetwork problemsnetwork security engineers use them to examinesecurity problemsdevelopers use them to debug protocolimplementationspeople use them to learn network protocolinternalsYou could think of a network packet analyzer asa measuring device used to examine what'sgoing on inside a network cable, just like avoltmeter is used by an electrician to examinewhat's going on inside an electric cable (but ata higher level, of course).
Popular Sniffer’s EtherPeek(http://www.wildpackets.com/)EtherPeek product family has beenspecifically designed to address theunique challenges of today’s networkenvironments Designed to accelerate thetroubleshooting of Ethernet-specificproblems EtherPeek features powerful problemdetection and Ethernet-specificdiagnostic capabilities
EtherPeek ContinuedVerisons EtherPeek VX WildPackets Expert VoIP Network Analyzer EtherPeek NX WildPackets’ Expert Ethernet Network Analyzer is the ultimate solution for intelligent diagnosis of preand post-deployment VoIP and Ethernet networkissues within enterprisesprovides network engineers with the expert diagnosticsthey need to deploy, secure, and troubleshoot EthernetnetworksEtherPeek SE WildPackets’ Ethernet Protocol Analyzer is an intuitive, powerful network and protocol analyzerfor Ethernet networks
Ethereal (http://www.ethereal.com)Ethereal is a downloadable - networkpacket analyzer Some of the many features Etherealprovides: Available for UNIX and Windows. Capture live packet data from anetwork interface. Display packets with very detailedprotocol information.
EtherealFeatures continuedOpen and Save packet data captured. Import and Export packet data fromand to a lot of other capture programs. Filter packets on many criteria. Search for packets on many criteria. Colorize packet display based on filters. Create various statistics.
EtherealFiltersRich set of display filters (40,855 as ofversion 0.10.14) that let you quickly drilldown to the traffic Downloadable manual Filters areaEach protocol page you will find a list ofsupported display filters for that protocol, alongwith data type and version information
Open captured files Input File Formats fromdifferent tools libpcap, tcpdump andvarious other tools usingtcpdump's capture formatSun snoop and atmsnoopShomiti/Finisar SurveyorcapturesNovell LANalyzer capturesMicrosoft NetworkMonitor capturesAIX's iptrace capturesCinco Networks NetXraycaptures Network AssociatesWindows-based Snifferand Sniffer Pro capturesNetworkGeneral/NetworkAssociates DOS-basedSniffer (compressed oruncompressed) capturesAG rHelp/PacketGrabber capturesRADCOM's WAN/LANAnalyzer capturesNetwork InstrumentsObserver version 9captures
Terms, Concepts and Models Protocols Transmission Control Protocol (TCP) special set of rules that end points in atelecommunication connection use when theycommunicate.which uses a set of rules to exchangemessages with other Internet points at theinformation packet levelInternet Protocol (IP) which uses a set of rules to send and receivemessages at the Internet address level
Terms, Concepts and Models MAC or physical address unique identifier attached to most formsof networking equipment.Internet Protocol Address (IPaddress) unique number that devices use in orderto identify and communicate with eachother on a network utilizing the InternetProtocol standard.
Open System Interconnection(OSI) Model OSI established in1984describes howinformation from asoftware application inone computer movesthrough a networkmedium to a softwareapplication in anothercomputer.
Issues Sniffer software Computer system shouldbe connected to a hub or monitoringport on switch Network card set correctly Must be Authorized to capture packets Network Connectionlocated where traffic of interestis best captured Internet traffic close to gatewaySpecific department – connected off one of theirswitches.
Screen Shots Ethereal
Interface Summary Line Area Detail Displays a one-line summary of thehighest-layer protocol contained in theframe, time of capture, source anddestination.Provides details on all the layers insidethe frame.Hex Displays the raw captured data in thehexadecimal format.
SUMMARY LINE AreaYou can inspect the captured data in great detail, even while a capturesession is in progress. Items in the packet list can be shown in any coloryou like.DETAIL areaHEX area
Recent Capture
Ethereal Capture Tab
Google Search
Follow TCP stream (Google)
Summary 1269 Packets27.004 seconds
Tools at work
Tools capture
Tools Scan/Capture42,000 packets 39.003 seconds
Tools Protocol Hierarchy
DNS lookup from the server's perspective. It's interesting to note thatthe server issued four queries to resolve the name, and the client resent its query before the server could respond.
Follow TCP Stream" item under the "Analyze" menu allows you toinspect the ASCII contents of a TCP data stream in a separate window.This can be invaluable for tracking down HTTP, SMTP, and POP serverproblems.
The filter-creation GUI allows you to create filters on any protocol or fieldthat Ethereal knows about.
Questions or Comments
Sniffer Network Analysis Range of techniques that network engineers and designers employ to study the properties of networks, including connectivity, capacity and performance. Network packet analyzer Tries to capture network
