Professional Documents
Culture Documents
NETWORK ATTACKS
Hobo|Chukar|jolly?|TcP
Introduction
Wireshark
What
does it do?
When should it be used?
Along the way:
n TCP/IP
n Network
Attacks
n How to use Wireshark
n Misc. programming/security tibdits
What is Wireshark?
Other tools
Tcpdump- predecessor
n Tshark cli equivalent
n
Setup
Wireshark
Network
Need
run as root
n sudo
n
Start
wireshark &
packet capture
n Choose
interface
n Watch packets fly
A Step Back
Broadcast
traffic
attacks*
Types
DNS
A word of Warning
Spoofing
Cant I just pretend to be someone else?
But wait! ARP!
Typical conversation
n
But waitARP!
Trust
n No
Easy
to spoof
n Race
n
condition
Heh?
n Flood
Back to Wireshark
! == || &&
n By source/destination
n
ip.<src,dst>==w.x.y.z
n frame
n
n The
contains <string>
Lots of stuff
n For web traffic: Analyze->follow TCP/UDP stream gives youre the
packet content in ASCII (and other formats)
n
Stuff TODO:
MiTM
n
n
n
n
????
Demonstration