tcpdump-wireshark
DESCRIPTION
TRANSCRIPT
Line ups:
Amar The Rock Anil The Assassin
Harsh The Conductor Atomic Ant Ganeshan
Terrible Tabrez Himanshu The Wonder Kid
Pavan The Powerhouse Manjunath The Spark
1. Introduction. 1. Introduction.2. Prerequisite – TCP/IP model. 2. Installation.3. Installation. 3. Analysis.4. Commands -------------------------------------------------Demo----------------------------------------------------------------------------------------------------Packet Analysis----------------------------------------------------------------------------------COMPARISON B/W TCPdump and NPA------------------------------------------------------------------------------- Acknowledgement--------------------------------------------------
What is TCPdump????
Characteristics of TCPdump
How and where is it used????
Transmission Media
TCP dump can be installed in many ways in Linux(Ubuntu):
1.Synaptic Packet Manager
i.Searching through in Synaptic Packet Manager for tcpdump.ii.Downloading and installing from the provided options.
1.Through Terminal
i.Terminal is to be opened.ii.sudo su -> prompts for a password and please do enter it.iii.#apt –get install tcpdump
#t
#tcpdump#
10/26/09
#tcpdump -v
10/26/09
#tcpdump -n
10/26/09
#tcpdump -D
10/26/09
#tcpdump -q
10/26/09
#tcpdump udp
10/26/09
NETWORK PROTOCAL ANALIYSIS DEFINITION ?
INTRODUCTION TO WIRESHARK
FEATURES OF WIRESHARK
WHY IS WIRESHARK PREFERED OVER TCPDUMP ?
Computer s/w or h/w, intercepts & logs traffic passing over the networkCaptures packets, decodes & analyzes contentsA network Analyzer is used for
Troubleshooting problems on the networkAnalyzing the performance of a network to discover
bottlenecksNetwork intrusion detectionAnalyzing the operations of applications
It is a packet sniffer Computer application
Functionality is very similar to tcpdump
Has a GUI front-end and many more information sorting and filtering options
Download and install
# apt-get install wireshark
10/26/09
10/26/09
This checkbox allows you to specify that Wireshark should put the interface in promiscuous mode when capturing. If you do not specify this, Wireshark will only capture the packets going to or from your computer (not all packets on your LAN segment).
Exposing VOIP problems
Supports Malware Detection
Helps recognize DOS attack
Downloading FLV files
10/26/09
10/26/09
Here is a quick reference for TCP flags:
10/26/09
4510 0068 7e87 4000 4006 3862 c0a8 011ec0a8 0128 0016 0479 b6c8 a8de 621e 87db5018 4470 1813 0000 e492 152f 23c3 8a2b4ee7 dbf8 0d48 88e8 0110 2b01 4295 39f452c9 a05b 31d7 e3ae 1c62 2dbd d955 d604b5d2 63d1 8fbc 4ab7 1615 b382 571c 70e0a368 a03f 425b 6211
10/26/09
TCPdump Network Protocol Analyzer
No Proper Interface Decent Graphical User Interface
Uncontrolled Output Decently Sorted Output
It is an old tool More modern tool
No Graph Graph can be viewed
Have to remember all the commands
All commands are available in the GUI
Not user friendly, but hardcore programmer friendly
User Friendly
10/26/09
10/26/0910/26/09
We thank our referee(s) for the game, we invite your suggestions and comments.
For audience/fans, a post match press conference will be held which is for questions on the match….
Thank you