Line ups:

Amar The Rock Anil The Assassin

Harsh The Conductor Atomic Ant Ganeshan

Terrible Tabrez Himanshu The Wonder Kid

Pavan The Powerhouse Manjunath The Spark

1. Introduction. 1. Introduction.2. Prerequisite – TCP/IP model. 2. Installation.3. Installation. 3. Analysis.4. Commands -------------------------------------------------Demo----------------------------------------------------------------------------------------------------Packet Analysis----------------------------------------------------------------------------------COMPARISON B/W TCPdump and NPA------------------------------------------------------------------------------- Acknowledgement--------------------------------------------------

What is TCPdump????

Characteristics of TCPdump

How and where is it used????

Transmission Media

TCP dump can be installed in many ways in Linux(Ubuntu):

1.Synaptic Packet Manager

i.Searching through in Synaptic Packet Manager for tcpdump.ii.Downloading and installing from the provided options.

1.Through Terminal

i.Terminal is to be opened.ii.sudo su -> prompts for a password and please do enter it.iii.#apt –get install tcpdump

#t

#tcpdump#

10/26/09

#tcpdump -v

10/26/09

#tcpdump -n

10/26/09

#tcpdump -D

10/26/09

#tcpdump -q

10/26/09

#tcpdump udp

10/26/09

NETWORK PROTOCAL ANALIYSIS DEFINITION ?

INTRODUCTION TO WIRESHARK

FEATURES OF WIRESHARK

WHY IS WIRESHARK PREFERED OVER TCPDUMP ?

Computer s/w or h/w, intercepts & logs traffic passing over the networkCaptures packets, decodes & analyzes contentsA network Analyzer is used for

Troubleshooting problems on the networkAnalyzing the performance of a network to discover

bottlenecksNetwork intrusion detectionAnalyzing the operations of applications

It is a packet sniffer Computer application

Functionality is very similar to tcpdump

Has a GUI front-end and many more information sorting and filtering options

Download and install

# apt-get install wireshark

10/26/09

10/26/09

This checkbox allows you to specify that Wireshark should put the interface in promiscuous mode when capturing. If you do not specify this, Wireshark will only capture the packets going to or from your computer (not all packets on your LAN segment).

Exposing VOIP problems

Supports Malware Detection

Helps recognize DOS attack

Downloading FLV files

10/26/09

10/26/09

Here is a quick reference for TCP flags:

10/26/09

4510 0068 7e87 4000 4006 3862 c0a8 011ec0a8 0128 0016 0479 b6c8 a8de 621e 87db5018 4470 1813 0000 e492 152f 23c3 8a2b4ee7 dbf8 0d48 88e8 0110 2b01 4295 39f452c9 a05b 31d7 e3ae 1c62 2dbd d955 d604b5d2 63d1 8fbc 4ab7 1615 b382 571c 70e0a368 a03f 425b 6211

10/26/09

TCPdump Network Protocol Analyzer

No Proper Interface Decent Graphical User Interface

Uncontrolled Output Decently Sorted Output

It is an old tool More modern tool

No Graph Graph can be viewed

Have to remember all the commands

All commands are available in the GUI

Not user friendly, but hardcore programmer friendly

User Friendly

10/26/09

10/26/0910/26/09

We thank our referee(s) for the game, we invite your suggestions and comments.

For audience/fans, a post match press conference will be held which is for questions on the match….

Thank you