TANet PROTOCOL ANALYSIS WIRESHARK 350 1 TANet PROTOCOL
- Slides: 73
TANet PROTOCOL ANALYSIS - WIRESHARK - 350 1
TANet PROTOCOL ANALYSIS 1 -1 1 -2 自我簡介 課程目的 課程安排 軟體簡介 LAB – PING LAB – DNS LAB – FTP 安裝使用 觀念釐清 封包過濾 課堂練習 進階擷取 S. P. - DHCP S. P. - HTTP 軟體簡介(WIRESHARK , before Ethereal ) Ø 觀察封包進出狀態 Ø 線上抓取封包,可離線解析封包內容 Ø 即時解讀 Ethernet*, IEEE 802. 11, PPP/HDLC, ATM, Bluetooth… 資料內容 Ø 即時解密 IPsec, ISAKMP, Kerberos, SNMPv 3, SSL/TLS, WEP, and WPA/WPA 2 資訊內容 Ø 支援 Windows*, Linux, OS X, Solaris, Free. BSD, Net. BSD… 等平台 5 web:http: //www. wireshark. org S. P.
P R O T O C O L A N A L Y S INSTALL WIRESHARK 7
TANet PROTOCOL ANALYSIS 1 -1 1 -2 自我簡介 課程目的 課程安排 軟體簡介 LAB – PING LAB – DNS LAB – FTP 安裝使用 觀念釐清 封包過濾 課堂練習 進階擷取 S. P. - DHCP S. P. - HTTP 觀念釐清 Ø OSI ref. model v. s. TCP/IP stack Application Presentation Application Session Transport Netwrok Internet Data Link Physical Network Access OSI TCP/IP 8 S. P.
TANet PROTOCOL ANALYSIS 1 -1 1 -2 自我簡介 課程目的 課程安排 軟體簡介 LAB – PING LAB – DNS LAB – FTP 安裝使用 觀念釐清 封包過濾 課堂練習 進階擷取 S. P. - DHCP S. P. - HTTP 觀念釐清 Ø function of TCP/IP stack Application DHCP Transport Internet Network Access FTP HTTP DNS TCP ICMP …… UDP IGMP Ethernet FDDI SNMP IP X. 25 ARP RARP Token Frame ISDN … Ring Relay TCP/IP 9 S. P.
TANet PROTOCOL ANALYSIS 1 -1 1 -2 自我簡介 課程目的 課程安排 軟體簡介 LAB – PING LAB – DNS LAB – FTP 安裝使用 觀念釐清 封包過濾 課堂練習 進階擷取 S. P. - DHCP S. P. - HTTP 觀念釐清 Ø IP Address v. s. Mac Address Application DHCP Transport Internet Network Access FTP HTTP DNS TCP SNMP …… UDP IP Address ICMP IGMP IP FF. FF. FF / FF ARP RARP Mac Address Ethernet FDDI X. 25 Token Frame ISDN … Ring Relay FF: FF: FF: FF TCP/IP 10 S. P.
TANet PROTOCOL ANALYSIS 1 -1 1 -2 自我簡介 課程目的 課程安排 軟體簡介 LAB – PING LAB – DNS LAB – FTP 安裝使用 觀念釐清 封包過濾 課堂練習 進階擷取 S. P. - DHCP S. P. - HTTP 觀念釐清 Ø Protocol Number v. s. Port Number_ Application DHCP Transport Internet Network Access FTP HTTP DNS TCP ICMP …… Protocol Number UDP IGMP Ethernet FDDI SNMP IP X. 25 ARP SMTP=25 FTP=20, 21 HTTP=80 DNS=53 SNMP=161, 162 TCP=6 UDP=17 RARP Token Frame ISDN … Ring Relay TCP/IP 11 S. P.
TANet PROTOCOL ANALYSIS 1 -1 1 -2 自我簡介 課程目的 課程安排 軟體簡介 LAB – PING LAB – DNS LAB – FTP 安裝使用 觀念釐清 封包過濾 課堂練習 進階擷取 S. P. - DHCP S. P. - HTTP 觀念釐清 Ø Hub v. s. Switch 集線器 交換器 Application Presentation Session Transport Netwrok Switch_ Data Link Physical OSI Hub_ 12 S. P.
P R O T O C O L A N A L Y S I S Quick Start With WIRESHARK 15
P R O T O C O L A N A L Y S I S Filter With WIRESHARK 25
P R O T O C O L A N A L Y S I S Filter With WIRESHARK 29
P R O T O C O L A N A L Y S I S 1 -1 -SP : 進階擷取 30
P R O T O C O L A N A L Y S I S 1 -1 -SP : 進階擷取 START 32
P R O T O C O L A N A L Y S I S 1 -2 -1 : PING 33
1 -1 TANet 1 -2 自我簡介 課程目的 課程安排 軟體簡介 LAB – PING LAB – DNS LAB – FTP 安裝使用 觀念釐清 封包過濾 課堂練習 進階擷取 S. P. - DHCP S. P. - HTTP PROTOCOL ANALYSIS Ping to Gateway 演示 TYPE : 8 0 DATA : abcdefghijklmnopqr…… ICMP Tx Time : ICMP PC/Workstation Gateway 192. 168. 0. 175 192. 168. 0. 1 10/31/2020 20: 29: 32. 1100 10/31/2020 20: 29: 33. 1130 : Rx Time 3 ms 34 S. P.
TANet PROTOCOL ANALYSIS 1 -1 1 -2 自我簡介 課程目的 課程安排 軟體簡介 LAB – PING LAB – DNS LAB – FTP 安裝使用 觀念釐清 封包過濾 課堂練習 進階擷取 S. P. - DHCP S. P. - HTTP Ping to Gateway Ø Frame header : data 802. 3 ( Ethernet II * ) PREAMBL 1010 x 7 E SF D 10101011 DESTINATIO NS MAC 000 D 88 B 0 E 36 F ADDRESS SOURCE MAC 001 DD 96019 C 2 ADDRESS LENGT H ( TYPE 0800 ) { DATA } DATA ? FCS 35 S. P.
TANet PROTOCOL ANALYSIS 1 -1 1 -2 自我簡介 課程目的 課程安排 軟體簡介 LAB – PING LAB – DNS LAB – FTP 安裝使用 觀念釐清 封包過濾 課堂練習 進階擷取 S. P. - DHCP S. P. - HTTP Internetworking Protocol (0 x 0800) Ø IP header : data VERS HLEN SERVER TYPE IDENTIFICATION TIME TO LIVE TOTAL LENGTH FLAGS PROTOCOL FRAGMENT OFFSET HEADER CHECKSUM SOURCE IP ADDRESS DESTINATION IP ADDRESS IP OPTIONS PADDING DATA 36 S. P.
TANet PROTOCOL ANALYSIS 1 -1 1 -2 自我簡介 課程目的 課程安排 軟體簡介 LAB – PING LAB – DNS LAB – FTP 安裝使用 觀念釐清 封包過濾 課堂練習 進階擷取 S. P. - DHCP S. P. - HTTP Internet Control Message Protocol (0 x 01) Ø ICMP header : data TYPE CODE CHECKSUM DATA 37 S. P.
TANet PROTOCOL ANALYSIS 1 -1 1 -2 自我簡介 課程目的 課程安排 軟體簡介 LAB – PING LAB – DNS LAB – FTP 安裝使用 觀念釐清 封包過濾 課堂練習 進階擷取 S. P. - DHCP S. P. - HTTP Address Resolution Protocol (0 x 0806) Ø ARP header HARDWARE TYPE HLEN PROTOCOL TYPE OPERATION SENDER MAC ADDRESS SENDER IP ADDRESS TARGET MAC ADDRESS TARGET IP ADDRESS 39 S. P.
P R O T O C O L A N A L Y S I S 1 -2 -1 : PING START 42
P R O T O C O L A N A L Y S I S 1 -2 -1 : DNS 43
TANet PROTOCOL ANALYSIS 1 -1 1 -2 自我簡介 課程目的 課程安排 軟體簡介 LAB – PING LAB – DNS LAB – FTP 安裝使用 觀念釐清 封包過濾 課堂練習 進階擷取 S. P. - DHCP S. P. - HTTP UDP 演示 HELLO Server Client Application H Transport Internet Network Access TCP IP E L UDP L O Transport Internet UDP TCP IP Network Access 45 S. P.
TANet PROTOCOL ANALYSIS 1 -1 1 -2 自我簡介 課程目的 課程安排 軟體簡介 LAB – PING LAB – DNS LAB – FTP 安裝使用 觀念釐清 封包過濾 課堂練習 進階擷取 S. P. - DHCP S. P. - HTTP User Datagram Protocol (0 x 11) Ø UDP header : DATA SOURCE PORT DESTINATION PORT LENGTH CHECKSUM DATA 46 S. P.
TANet PROTOCOL ANALYSIS 1 -1 1 -2 自我簡介 課程目的 課程安排 軟體簡介 LAB – PING LAB – DNS LAB – FTP 安裝使用 觀念釐清 封包過濾 課堂練習 進階擷取 S. P. - DHCP S. P. - HTTP DNS 查詢演示 ( 以 ping 為例 ) Intranet Internet _OX C: > ping www. wireshark. org Pinging www. wireshark. org [67. 228. 110. 120] with 32 bytes of data: Reply from 67. 228. 110. 120: bytes=32 time=304 ms TTL=45 Reply from 67. 228. 110. 120: bytes=32 time=226 ms TTL=45 Reply from 67. 228. 110. 120: bytes=32 time=250 ms TTL=45 Reply from 67. 228. 110. 120: bytes=32 time=274 ms TTL=45 www. wireshark. org 67. 228. 110. 120 Ping statistics for 67. 228. 110. 120: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 226 ms, Maximum = 304 ms, Average = 263 ms Answer : It’s 67. 228. 110. 120 Question : Who are ‘www. wireshark. org’ ? Function 1: XXXXXX Query : 168. 95. 1. 1 Function 2: XXXXXX Function 3: XXXXX . . . . ? ICMP DNS PC/Workstation Answer : It’s 67. 228. 110. 120 Function 1: XXXXXX Question : Who are ‘www. wireshark. org’ ? Function 2: XXXXXX Query : 168. 95. 1. 1 Function 3: XXXXX Gateway 192. 168. 0. 175 192. 168. 0. 1 Question : Who are ‘www. wireshark. org’ ? GW: 192. 168. 0. 1 DNS: 168. 95. 1. 1 Query : 168. 95. 1. 1 DNS Server 168. 95. 1. 1 48 S. P.
TANet PROTOCOL ANALYSIS 1 -1 1 -2 自我簡介 課程目的 課程安排 軟體簡介 LAB – PING LAB – DNS LAB – FTP 安裝使用 觀念釐清 封包過濾 課堂練習 進階擷取 S. P. - DHCP S. P. - HTTP Domain Name System Protocol (53) Ø DNS header : option IDENTIFICATION QR OPCODE AA TC RD RA Z AD QUESTIONS ANSWER RRS AUTHORITY RRS ADDITIONAL RRS CD RCODE 49 S. P.
P R O T O C O L A N A L Y S I S 1 -2 -2 : DNS START 52
P R O T O C O L A N A L Y S I S 1 -2 -3 : FTP 53
TANet PROTOCOL ANALYSIS 1 -1 1 -2 自我簡介 課程目的 課程安排 軟體簡介 LAB – PING LAB – DNS LAB – FTP 安裝使用 觀念釐清 封包過濾 課堂練習 進階擷取 S. P. - DHCP S. P. - HTTP Server Port Ø Data Port → 20 Ø Command Port → 21 Client Port Ø Data Port → Random Port (1024↑) Ø Command Port → Random Port (1024↑) 54 S. P.
TANet PROTOCOL ANALYSIS 1 -1 1 -2 自我簡介 課程目的 課程安排 軟體簡介 LAB – PING LAB – DNS LAB – FTP 安裝使用 觀念釐清 封包過濾 課堂練習 進階擷取 S. P. - DHCP S. P. - HTTP FTP 演示 Ya, I’m Hey, Yes, there. Connection? you rightthere ! go ? ! Data Transmission TCP FTP PC/Workstation TCP FTP Server 55 S. P.
TANet PROTOCOL ANALYSIS 1 -1 1 -2 自我簡介 課程目的 課程安排 軟體簡介 LAB – PING LAB – DNS LAB – FTP 安裝使用 觀念釐清 封包過濾 課堂練習 進階擷取 S. P. - DHCP S. P. - HTTP three-way handshaking 演示 (Time Line) TIME SYN SE Q=0 CK , SEQ=0 SYN, A PC/Workstation ACK SEQ ACK=1 =1, ACK Data Tra FTP Server =1 nsmissio n 56 S. P.
TANet PROTOCOL ANALYSIS 1 -1 1 -2 自我簡介 課程目的 課程安排 軟體簡介 LAB – PING LAB – DNS LAB – FTP 安裝使用 觀念釐清 封包過濾 課堂練習 進階擷取 S. P. - DHCP S. P. - HTTP TCP 演示 (three-way handshaking - Ready) HELLO Server Client Application ? H E L L SEQ: 1 ACK: 122 SEQ: 123 ACK: 122 SEQ: 245 ACK: 122 SEQ: 367 ACK: 122 Transport Internet Network Access O SEQ: 489 ACK: 1 TCP UDP IP Transport Internet HELLO ACK SEQ=122 ACK=245 ACK=123 ACK=367 ACK=489 TCP UDP IP Network Access 57 S. P.
TANet PROTOCOL ANALYSIS 1 -1 1 -2 自我簡介 課程目的 課程安排 軟體簡介 LAB – PING LAB – DNS LAB – FTP 安裝使用 觀念釐清 封包過濾 課堂練習 進階擷取 S. P. - DHCP S. P. - HTTP Transmission Control Protocol (0 x 06) Ø TCP header : OPTION : DATA SOURCE PORT DESTINATION PORT SEQUENCE NUMBER ACKNOWLEDGMENT NUMBER DATA OFFSET RESERVED FLAGS CHECKSUM WINDOW SIZE URGENT POINTER OPTION DATA 58 S. P.
TANet PROTOCOL ANALYSIS 1 -1 1 -2 自我簡介 課程目的 課程安排 軟體簡介 LAB – PING LAB – DNS LAB – FTP 安裝使用 觀念釐清 封包過濾 課堂練習 進階擷取 S. P. - DHCP S. P. - HTTP FTP 連線模式(A) Ø 主動模式 (Active Mode) Ø PORT Hello 21, I’m 11276. I want “$”. “@”. Hello 11278, 11280, I’m 20, Please give 11278 11280 ! That’s “$”. “@”. 11276 11278 PC/Workstation 11280 OK, I've got it. @ 20 $ 21 FTP Server 59 S. P.
TANet PROTOCOL ANALYSIS 1 -1 1 -2 自我簡介 課程目的 課程安排 軟體簡介 LAB – PING LAB – DNS LAB – FTP 安裝使用 觀念釐清 封包過濾 課堂練習 進階擷取 S. P. - DHCP S. P. - HTTP FTP 連線模式(B) Ø 被動模式 (Passive Mode) Ø PASV Hello 21, I’m 1071. I want “*” Please, We are PASV ! OK, I've got it. Hello 2259, I’m. And 5305. your “*” in 1071 Get me “*” Please. 2259. 5305 PC/Workstation 21 OK, That’s “*”. FTP Server 2259 * 60 S. P.
TANet PROTOCOL ANALYSIS 1 -1 1 -2 自我簡介 課程目的 課程安排 軟體簡介 LAB – PING LAB – DNS LAB – FTP 安裝使用 觀念釐清 封包過濾 課堂練習 進階擷取 S. P. - DHCP S. P. - HTTP File Transfer Protocol (default data: 20; control: 21) Ø FTP header FTP Message 61 S. P.
P R O T O C O L A N A L Y S I S 1 -2 -3 : FTP START 64
P R O T O C O L A N A L Y S I S 1 -2 -SP : DHCP 65
P R O T O C O L A N A L Y S I S 1 -2 -SP : DHCP START 67
P R O T O C O L A N A L Y S I S 1 -2 -SP : HTTP 68
P R O T O C O L A N A L Y S I S 1 -2 -SP : HTTP START 70
P R O T O C O L A N A L Y S I S 1 -2 -SP : MSN 71
P R O T O C O L A N A L Y S I S 1 -2 -SP : MSN START 73
- Skype protocol wireshark
- Http wireshark analysis
- Interface list wireshark
- Traceroute wireshark
- Learning wireshark
- Wireshark mac
- Modbus rtu wireshark
- Varun
- Nslookup command
- Wireshark decode as not working
- Wireshark lab ip
- Introduction to wireshark lab
- Functions of wireshark
- Wireshark mtu
- Wireshark presentation
- Wireshark dissector tutorial
- Wireshark go deep
- Wireshark operators
- Wireshark lua 사용법
- Wireshark 課程
- Wireshark 教學
- Wireshark
- Wireshark
- Wireshark
- Splunk incident response
- Keycloak
- How to find exploit kit in wireshark
- Snort demo
- Wireshark dtmf filter
- 3150x75.5
- Ptt-350
- Ptt-350
- Kussmaul's sign
- Rumus jarak berpapasan
- Emarketing plan
- Subtraction rule discrete math
- Fincoid 350
- Dropbox csce
- Csce 350
- 350-170-120
- Cisco aironet 350 driver windows 7
- Xp-67
- Linear automobile depreciation
- 13 eksiği 20 olan sayı kaçtır
- Paz1k
- Two crates each of mass 350 kg
- Engr 350
- Alvear y cardeza 350
- Ee 350
- 4725/350
- Comp 350
- 350 forts in maharashtra
- Da pam 350-20
- Softeng 350
- Cis 350
- Express 586 400 000 in scientific notation
- Formula for fahrenheit
- Csce 350
- Kingdom animalia contains 350 000 species of what
- Csőturbina
- Xkcd 350
- Bt 350 professional
- Kirby morgan superflow 350
- What is 186 rounded to the nearest hundred
- Eli 350
- 350 fahrenheit to celsius
- Itec 350
- Ece 490
- Lifebreath 350 dcs
- Diamond products pc6000
- Stat 350
- Nt$1 350 to usd
- Compsci 345
- Asc 350 50 website development costs