Wireshark Network Traffic Analysis Basics

Slide Note
Embed
Share

Explore the fundamentals of Wireshark for capturing and analyzing network data. Learn about its powerful capabilities, basic functions, installation on various operating systems, and device classification methods. Discover insights into IPv4, network structures, and key concepts in cybersecurity.

bre_kis
bre_kis Follow

Uploaded on Oct 10, 2024 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript

  1. Attendance Form Cybersecurity UW - 10/27

  2. Introduction to Wireshark Network Traffic Analysis

  3. Why use Wireshark? Very powerful tool for capturing network data Very comprehensive Scriptable

  4. Wireshark Basic Functions Basic Network Protocols Capturing Viewing PCAP Files Wireshark is very good at breaking down large sets of data being passed through a network. To find a specific packet of data, the user can search and filter the data and then analyze the packets they need. For example, the user took the captured data in the left picture and filtered to only see the DNS data in the right picture. Through Wireshark, users can packet sniff data going through the Network Interface Card on a device. This is very crucial for network monitoring. To begin capturing, select Capture and then select the interface of choice. Packet Capture (PCAP) is used to analyze networks. By using Wireshark, you can capture packets and then view these packets using NMAP s PCAP or NPCAP. You can view these packets by clicking on File and then Open.

  5. Wireshark Installation Windows/Mac: https://www.wireshark.org/download.html Linux: check w/ your distro Ubuntu/Debian based distros: sudo apt install wireshark

  6. Network: A group of interconnected devices

  7. How to Classify devices IPv4 32 bit unsigned integer 0x0 - 0xFFFFFFFF Can be converted to human readable format x.x.x.x where (-1<x<256) 0xDEADBEEF -> 0xDE.0xAD.0xBE.0xEF -> 222.173.190.239 Older More standard MAC Address Media Access Control Address Unique identifier 00:00:00:00:00:00, but can vary

  8. SOME MATH

  9. IPv4 Format is a.b.c.d where a,b,c,d are some number between 0-255 256 * 256 * 256 * 256

  10. 4,294,967,296 Around 4 billion

  11. How many people are in the world?

  12. ~8 billion

  13. There is not enough addresses

  14. What is a Network Local Area Network (LAN) Small Scale Private Wide Area Network (WAN) The Internet

  15. Protocol Definition: A pre-agreed upon format to send data Like a language Examples: HTTP/HTTPS SMTP SSH

  16. Packets Small segments of data in a specific format

  17. IP Header of a Packet

  18. UDP Header Source: Wikipedia Given the UDP header c7 82 00 50 00 5d ?? ??, what is source port and destination port?

  19. 51074 -> 80

  20. TCP Header Way more complicated

  21. Analogy

  22. Analogy Length Everything else is the Header Destination Address Source Address Date shipped Etc

  23. This is a very very high level overview with many parts abstracted for simplicity

  24. Demo: Analyzing some HTTP traffic

  25. Demo: evilcorp.digital

  26. Challenge 1

Related


Network Traffic Analysis with Wireshark: Examples and Techniques

Network Traffic Analysis with Wireshark: Examples and Techniques

tommy-lee
Understanding Wireshark Filters for Efficient Packet Analysis

Understanding Wireshark Filters for Efficient Packet Analysis

slil
Wireshark Data Capture and UDP Analysis

Wireshark Data Capture and UDP Analysis

herd836
Understanding Traffic Education: A Lesson on Traffic Jams and Solutions

Understanding Traffic Education: A Lesson on Traffic Jams and Solutions

dcoll
PhD in Telematics Engineering: Traffic Prediction with Big Data Technologies

PhD in Telematics Engineering: Traffic Prediction with Big Data Technologies

gunn_l
Understanding Programmable Traffic Management for Network Optimization

Understanding Programmable Traffic Management for Network Optimization

humphrey
Exploring Traffic Anomalies with Traffic Taffy: Network Operators' Challenges

Exploring Traffic Anomalies with Traffic Taffy: Network Operators' Challenges

vilchez_m
Traffic Analysis and Forensic Investigation Puzzle

Traffic Analysis and Forensic Investigation Puzzle

eloisa
Understanding Traffic Engineering Studies in Civil Engineering

Understanding Traffic Engineering Studies in Civil Engineering

porreca_a
Network Monitoring Workshop - Incident Response Overview

Network Monitoring Workshop - Incident Response Overview

adalaid
Machine Learning Practices in Network Traffic Across Data Centers

Machine Learning Practices in Network Traffic Across Data Centers

ino_m
Network Sniffing and Protocol Analysis Overview

Network Sniffing and Protocol Analysis Overview

rosenblum_a
Luxury Big Island SEO Report - February 2017 Summary

Luxury Big Island SEO Report - February 2017 Summary

hafsah
Understanding Traffic Engineering Analysis in Telecommunication Networks

Understanding Traffic Engineering Analysis in Telecommunication Networks

cason
Principles of Traffic Demand Analysis and Highway Demand Forecasting

Principles of Traffic Demand Analysis and Highway Demand Forecasting

lolarose
Prioritizing Effective Traffic Management at the Workplace

Prioritizing Effective Traffic Management at the Workplace

indi
Traffic Flow Improvement at Gate 1 Pilot Project Overview

Traffic Flow Improvement at Gate 1 Pilot Project Overview

alix
Engaging Traffic Education Lesson for Students at Shaistagonj Kamil Madrasah

Engaging Traffic Education Lesson for Students at Shaistagonj Kamil Madrasah

dkay
Network Traffic Analysis of Multiplayer FPS Games

Network Traffic Analysis of Multiplayer FPS Games

karab
Efficient Traffic Monitoring for Science DMZ with Side-Channel Traffic Winnowing

Efficient Traffic Monitoring for Science DMZ with Side-Channel Traffic Winnowing

joyl_770
Network Design Challenges and Solutions in Business Data Communications

Network Design Challenges and Solutions in Business Data Communications

aviva
Next-Generation Network Security Solutions for Evolving Challenges

Next-Generation Network Security Solutions for Evolving Challenges

aailiyah
Understanding Traffic Turning Tendency Surveys in Transportation Studies

Understanding Traffic Turning Tendency Surveys in Transportation Studies

kamau
IEEE 802.11-21/1115r0 Traffic Prioritization Summary

IEEE 802.11-21/1115r0 Traffic Prioritization Summary

imran

More Related Content

Kingwood Traffic Signals Overview and Updates
Kingwood Traffic Signals Overview and Updates
Understanding Traffic Response to Tolling: Insights from Research
Understanding Traffic Response to Tolling: Insights from Research
Preventing Road Traffic Injuries: A Global Perspective
Preventing Road Traffic Injuries: A Global Perspective
Understanding the Role of NCUTCD in Traffic Control Management
Understanding the Role of NCUTCD in Traffic Control Management
Multi-AP Coordination for Low Latency Traffic Transmission
Multi-AP Coordination for Low Latency Traffic Transmission
Fine-Grained Dissection of WeChat in Cellular Networks
Fine-Grained Dissection of WeChat in Cellular Networks
Overlapped Indication for Event-Based Low Latency Traffic Support in IEEE 802.11
Overlapped Indication for Event-Based Low Latency Traffic Support in IEEE 802.11
Enhancing Network Performance with RoCE Technology
Enhancing Network Performance with RoCE Technology
Understanding Network Analysis: Whole Networks vs. Ego Networks
Understanding Network Analysis: Whole Networks vs. Ego Networks
Traffic Volume Counting Methods and Analysis in Civil Engineering
Traffic Volume Counting Methods and Analysis in Civil Engineering
Traffic Analysis for Measuring Tor from Within
Traffic Analysis for Measuring Tor from Within
Presto: Edge-based Load Balancing for Fast Datacenter Networks
Presto: Edge-based Load Balancing for Fast Datacenter Networks
Tradeoffs in CDN Designs for Throughput-Oriented Traffic
Tradeoffs in CDN Designs for Throughput-Oriented Traffic
Understanding Cellular Traffic Accounting and TCP Retransmissions
Understanding Cellular Traffic Accounting and TCP Retransmissions
Understanding Network Interference in CS590B/690B Lecture
Understanding Network Interference in CS590B/690B Lecture
Dell Network Consulting Services Overview
Dell Network Consulting Services Overview
Passive Attacks and Reconnaissance using NMAP for Network Scanning
Passive Attacks and Reconnaissance using NMAP for Network Scanning
Understanding Intrusion Detection Systems (IDS) and Snort in Network Security
Understanding Intrusion Detection Systems (IDS) and Snort in Network Security
Enhanced Scheduling Method for Low Latency Traffic in IEEE 802.11-24/0091r1
Enhanced Scheduling Method for Low Latency Traffic in IEEE 802.11-24/0091r1
Road Traffic Signs and Markings Overview
Road Traffic Signs and Markings Overview
Effective Traffic Flow Management Strategies at Gate 1
Effective Traffic Flow Management Strategies at Gate 1
Uganda Police 2017 Annual Traffic and Road Safety Report Overview
Uganda Police 2017 Annual Traffic and Road Safety Report Overview
Innovative Smart Traffic App Solution by Smart Road Technology Ltd
Innovative Smart Traffic App Solution by Smart Road Technology Ltd
Managing Speeding Opportunities on Arterial Streets Using Traffic Signals
Managing Speeding Opportunities on Arterial Streets Using Traffic Signals