ITN 261 Module 5

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

Wireshark

A GUI network protocol analyzer. Benefits:

tcpdump

A command-line program that can be used to give you an idea about what is happening on the network, but it can also be used to capture traffic and store traffic in a file later on. Options: -n: -vv: -vvv: -X: -i: -w: -r:

tshark

A network protocol analyzer that lets you capture packet data from a live network, or read packets from a previously saved capture file, either printing a decoded form of those packets to the standard output or writing the packets to a file. -e:

Ettercap

A suite for man in the middle attacks on LAN. It features sniffing of live connections, content filtering on the fly and many other interesting tricks. It supports active and passive dissection of many protocols (even ciphered ones) and includes many feature for network and host analysis.

Berkeley Packet Filter (BPF)

A way to filter packets for the purpose of capturing or displaying. Used across many systems and applications, including tcpdump, tshark, Wireshark.

Follow TCP Stream

An option from the Wireshark context menu that allows you to view the frames of an entire conversation.

Port mirroring/spanning

Copies the traffic from one, a group, or all ports to a single port and disallows bidirectional traffic on that port. Used to view traffic on other ports in a switched environment.

ARP Spoofing

More commonly known as ARP poisoning, this involves the MAC (Media Access Control) address of the data being faked.

Spoofing

Pretending to be a system or user other than the one you are.

Conversations Menu

Shows all the conversations between endpoints in the packet capture. Each layer has a different set of conversations. For example, TCP and IP have different types of connections.

Switched Port Analyzer (SPAN)

The Cisco switch feature that allows the network engineer to configure the switch to monitor a subset of frames that the switch forwards, to copy those frames, and to send the copies out a specified destination port.

Protocol Hierarchy (protocol stack)

The hierarchical set of network protocols that are used to transmit messages across a network

Packet capturing

The process of acquiring network traffic that is addressed to other systems than your own.

Analyze Menu

Under expert information, you can check all the frames that Wireshark views as problematic.


Ensembles d'études connexes

CRJ 321 Intro to Crime Scene Mid-Term

View Set

2 Adjectives with the same meaning

View Set

HESI Prep - Health Assessment (copied this from another user...even though set is called HESI Prep, questions are not specific to HESI--they are from Jarvis book; do HESI practice tests on Evolve for a more test-specific review)

View Set

Ch. 11 - Corporate Governance and Ethics

View Set

Ch 21 & 22: The Normal Neonate - Assessment & Care

View Set