ITN 261 Module 5
Wireshark
A GUI network protocol analyzer. Benefits:
tcpdump
A command-line program that can be used to give you an idea about what is happening on the network, but it can also be used to capture traffic and store traffic in a file later on. Options: -n: -vv: -vvv: -X: -i: -w: -r:
tshark
A network protocol analyzer that lets you capture packet data from a live network, or read packets from a previously saved capture file, either printing a decoded form of those packets to the standard output or writing the packets to a file. -e:
Ettercap
A suite for man in the middle attacks on LAN. It features sniffing of live connections, content filtering on the fly and many other interesting tricks. It supports active and passive dissection of many protocols (even ciphered ones) and includes many feature for network and host analysis.
Berkeley Packet Filter (BPF)
A way to filter packets for the purpose of capturing or displaying. Used across many systems and applications, including tcpdump, tshark, Wireshark.
Follow TCP Stream
An option from the Wireshark context menu that allows you to view the frames of an entire conversation.
Port mirroring/spanning
Copies the traffic from one, a group, or all ports to a single port and disallows bidirectional traffic on that port. Used to view traffic on other ports in a switched environment.
ARP Spoofing
More commonly known as ARP poisoning, this involves the MAC (Media Access Control) address of the data being faked.
Spoofing
Pretending to be a system or user other than the one you are.
Conversations Menu
Shows all the conversations between endpoints in the packet capture. Each layer has a different set of conversations. For example, TCP and IP have different types of connections.
Switched Port Analyzer (SPAN)
The Cisco switch feature that allows the network engineer to configure the switch to monitor a subset of frames that the switch forwards, to copy those frames, and to send the copies out a specified destination port.
Protocol Hierarchy (protocol stack)
The hierarchical set of network protocols that are used to transmit messages across a network
Packet capturing
The process of acquiring network traffic that is addressed to other systems than your own.
Analyze Menu
Under expert information, you can check all the frames that Wireshark views as problematic.