Wireshark Network Traffic Analysis Basics

Explore the fundamentals of Wireshark for capturing and analyzing network data. Learn about its powerful capabilities, basic functions, installation on various operating systems, and device classification methods. Discover insights into IPv4, network structures, and key concepts in cybersecurity.

• Wireshark
• Network Analysis
• Cybersecurity
• IPv4
• Device Classification

bre_kis Follow

Uploaded on Oct 10, 2024 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

Presentation Transcript

1. Attendance Form Cybersecurity UW - 10/27

2. Introduction to Wireshark Network Traffic Analysis

3. Why use Wireshark? Very powerful tool for capturing network data Very comprehensive Scriptable

4. Wireshark Basic Functions Basic Network Protocols Capturing Viewing PCAP Files Wireshark is very good at breaking down large sets of data being passed through a network. To find a specific packet of data, the user can search and filter the data and then analyze the packets they need. For example, the user took the captured data in the left picture and filtered to only see the DNS data in the right picture. Through Wireshark, users can packet sniff data going through the Network Interface Card on a device. This is very crucial for network monitoring. To begin capturing, select Capture and then select the interface of choice. Packet Capture (PCAP) is used to analyze networks. By using Wireshark, you can capture packets and then view these packets using NMAP s PCAP or NPCAP. You can view these packets by clicking on File and then Open.

5. Wireshark Installation Windows/Mac: https://www.wireshark.org/download.html Linux: check w/ your distro Ubuntu/Debian based distros: sudo apt install wireshark

6. Network: A group of interconnected devices

8. How to Classify devices IPv4 32 bit unsigned integer 0x0 - 0xFFFFFFFF Can be converted to human readable format x.x.x.x where (-1<x<256) 0xDEADBEEF -> 0xDE.0xAD.0xBE.0xEF -> 222.173.190.239 Older More standard MAC Address Media Access Control Address Unique identifier 00:00:00:00:00:00, but can vary

9. SOME MATH

10. IPv4 Format is a.b.c.d where a,b,c,d are some number between 0-255 256 * 256 * 256 * 256

11. 4,294,967,296 Around 4 billion

12. How many people are in the world?

13. ~8 billion

14. There is not enough addresses

15. What is a Network Local Area Network (LAN) Small Scale Private Wide Area Network (WAN) The Internet

17. Protocol Definition: A pre-agreed upon format to send data Like a language Examples: HTTP/HTTPS SMTP SSH

18. Packets Small segments of data in a specific format

19. IP Header of a Packet

20. UDP Header Source: Wikipedia Given the UDP header c7 82 00 50 00 5d ?? ??, what is source port and destination port?

21. 51074 -> 80

22. TCP Header Way more complicated

23. Analogy

24. Analogy Length Everything else is the Header Destination Address Source Address Date shipped Etc

25. This is a very very high level overview with many parts abstracted for simplicity

26. Demo: Analyzing some HTTP traffic

27. Demo: evilcorp.digital

28. Challenge 1