...mind Crafting your first packet Sending and Receiving Packets/Frames Basic examples and dealing with the OS's TCP/IP stack using iptables Quick discussion of the Super Socket ● What is Scapy ● A Python framework used for crafting and transmitting packets. Capable of Sniffing or replaying packets for troubleshooting or fuzzing network services. Can be used as the interactive Python interpreter or the framework can be imported as a python module and used for further coding Everything is an object! ● ● ● Why use Scapy? ● Blue Team – – – – Test IDS/IPS Test Firewall Learn more about TCP/IP (down and dirty) Application response(Fuzzing) Fire teh lazorz (DOS/DDOS) More Fuzzing Penetration Testing ● Red Team – – – Important Concepts ● Everything is an Object – treat it as such – IP(), TCP(), UDP(), ICMP() help() - displays help ls() - displays packet classes lsc() - displays commands available to you ip=IP(src=”1.2.3.4”, dst=”google.com”) ip=IP() ip.src=”1.2.3.4” ip.dst=”google.com” ● Important commands to remember: – – – ● When assigning Field Values(either works) – – – – Important Concepts Continued ● Displaying Values of Variables – – – ls(ip) – shows what you have set and default vaules ip – shows only what you have set ip.show() - omits variable classes and default values packet=IP(dst=”1.2.3.4”)/TCP(flags=”S”,dport=443) frame=Ether(type=0x8100)/Dot1Q(vlan=99)/packet Will Display all the layers after the initial ...
Words: 831 - Pages: 4
...This document is exclusive property of Cisco Systems, Inc. Permission is granted to print and copy this document for non-commercial distribution and exclusive use by instructors in the CCNA Exploration: Network Fundamentals course as part of an official Cisco Networking Academy Program. Activity 1.1.1: Using Google Earth™ to View the World Learning Objectives Upon completion of this activity, you will be able to: • • • • • Explain the purpose of Google Earth. Explain the different versions of Google Earth. Explain the hardware and software requirements needed to use Google Earth (free edition). Experiment with Google Earth features such as Help | Tutorial. Experiment with Google Earth to explore continents, countries, and places of interest. Background Google Earth is a popular application that executes on the desktop of most operating systems. It requires a broadband connection to the Internet and displays Earth as a manipulated 2D, or 3D image. The popular world news channel, CNN, regularly uses Google Earth to emphasize where a news story has occurred. At the time of writing this activity, there are three versions of Google Earth. The version that fits most needs is Google's free version, Google Earth. A Google Earth Plus version includes GPS support, a spreadsheet importer, and other support features. The Google Earth Pro version is for professional and commercial use. The URL http://earth.google.com/product_comparison.html contains a description of the versions...
Words: 60675 - Pages: 243
...Hands-On Steps Note: This lab contains detailed lab procedures which you should follow as written. Frequently performed tasks are explained in the Common Lab Tasks document on the vWorkstation desktop. You should review these tasks before starting the lab. 1. From the vWorkstation desktop, open the Common Lab Tasks file. If desired, use the File Transfer button to transfer the file to your local computer and print a copy for your reference. Figure 1 "Student Landing" workstation 2. On your local computer, create the lab deliverable files. 3. Review the Lab Assessment Worksheet at the end of this lab. You will find answers to these questions as you proceed through the lab steps. Part 1: Capture Network Traffic using TCPdump utility Note: In the next steps, you will use TCPdump, a command line utility, to capture network traffic on the TargetLinux01 virtual server. You will generate that traffic by exploiting a cross-site scripting (XSS) vulnerability in the Damn Vulnerable Web Application (DVWA) tool. In the lab environment, you will be capturing traffic on one interface. In a real-world situation, it is likely the machine would be straddling both an internal network and an external network. In that case, you would want to want to monitor both sides of the interface. Monitoring outside network traffic allows information systems security practitioners to see who and what is attempting to infiltrate your IP network. Monitoring internal traffic allows network analysts to see exactly...
Words: 3168 - Pages: 13
...Wireshark Lab: HTTP SOLUTION Supplement to Computer Networking: A Top-Down Approach, 6th ed., J.F. Kurose and K.W. Ross © 2005-21012, J.F Kurose and K.W. Ross, All Rights Reserved The following screen shots showing the HTTP GET and HTTP reply answer these questions: 1. Is your browser running HTTP version 1.0 or 1.1? What version of HTTP is the server running? 2. What languages (if any) does your browser indicate that it can accept to the server? 3. What is the IP address of your computer? Of the gaia.cs.umass.edu server? 4. What is the status code returned from the server to your browser? 5. When was the HTML file that you are retrieving last modified at the server? 6. How many bytes of content are being returned to your browser? 7. By inspecting the raw data in the packet content window, do you see any headers within the data that are not displayed in the packet-listing window? If so, name one. Answer: no, I don’t see any in the HTTP Message below ©2013 Pearson Education, Inc. Upper Saddle River, NJ. All Rights Reserved. Client IP address Gaia server IP address Client running http 1.1 languages accepted Return status: 200 content: 128 bytes server running http 1.1 document last modified on this date ©2013 Pearson Education, Inc. Upper Saddle River, NJ. All Rights Reserved. 2. The HTTP CONDITIONAL GET/response interaction Here’s a screenshot after doing the two identical HTTP GETs: First GET, then a reply, then another ...
Words: 1220 - Pages: 5
...Capturing and Analyzing Telnet Traffic A Description of Telnet a Text Based Computer Protocol Telnet is a network protocol used in LAN or via the web to provide bi-directional interactive text-oriented communication framework using virtual terminal connection. Data is interspersed in-band with Telnet control information, usually in an 8-byte oriented data communication over TCP. Telnet program runs on a computer and connects you PC to a server on the network. Commands are entered into Telnet program and can execute them as if they were entering them directly on the server console. This implies that you can control the server and communicate with other servers on the network (Sloan, 2001). Telnet traffic refers to a user command and an underlying TCP/IP protocol used for accessing remote computers. Actually, telnet is a mechanism of gaining access to remote computers using command prompts. Through the use of Telnet, an administrator can access someone’s computers remotely permitting access of his data or applications. On the web, HTTP and FTP protocols allow a remote user to request specific files from the remote computer other than being logged on as that computers user. By using Telnet, you log on as a regular user with whatever privileges granted to access specific data and applications. A Telnet command that requests user information over the net may look like this: telnet. Smithspc.t. Com. The result is an invitation to log on with a username and password prompt, of which...
Words: 1994 - Pages: 8
...Wireshark Lab: HTTP SOLUTION Supplement to Computer Networking: A Top-Down Approach, 6th ed., J.F. Kurose and K.W. Ross © 2005-21012, J.F Kurose and K.W. Ross, All Rights Reserved The following screen shots showing the HTTP GET and HTTP reply answer these questions: 1. Is your browser running HTTP version 1.0 or 1.1? What version of HTTP is the server running? 2. What languages (if any) does your browser indicate that it can accept to the server? 3. What is the IP address of your computer? Of the gaia.cs.umass.edu server? 4. What is the status code returned from the server to your browser? 5. When was the HTML file that you are retrieving last modified at the server? 6. How many bytes of content are being returned to your browser? 7. By inspecting the raw data in the packet content window, do you see any headers within the data that are not displayed in the packet-listing window? If so, name one. Answer: no, I don’t see any in the HTTP Message below ©2013 Pearson Education, Inc. Upper Saddle River, NJ. All Rights Reserved. Client IP address Gaia server IP address Client running http 1.1 languages accepted Return status: 200 content: 128 bytes server running http 1.1 document last modified on this date ©2013 Pearson Education, Inc. Upper Saddle River, NJ. All Rights Reserved. 2. The HTTP CONDITIONAL GET/response interaction Here’s a screenshot after doing the two identical HTTP GETs: First GET, then a reply, then another ...
Words: 1220 - Pages: 5
...IMPLEMENTATION OF PACKET SNIFFING IN JAVA USING JPCAP LIBRARY Project Report Submitted in Partial Fulfillment of the Requirement for the Award of Degree of Bachelor of Engineering in Computer Science Engineering of Rajiv Gandhi Proudyogiki Vishwavidalaya, Bhopal (MP) By Siddharth Pateriya Swarna Swaminathan (0131CS081077) (0131CS081084) Department of Computer Science Engineering Jai Narain College of Technology, Bhopal June – 2012 DECLARATION We, Siddharth Pateriya and Swarna Swaminathan, the students of Bachelor of Engineering (Computer Science Engineering), Jai Narain College of Technology, Bhopal hereby declare that the work presented in this Major Project is an authentic record of our own and has been carried out taking care of Engineering Ethics under the guidance of Prof. Manish Mishra. Siddharth Pateriya Swarna Swaminathan (0131CS081077) (0131CS081084) CERTIFICATE This is to certify that the work embodied in this Major Project entitled “Implementation of Packet Sniffing in Java using Jpcap Library” has been satisfactorily completed by the students of final year, Mr. Siddharth Pateriya and Ms.Swarna Swaminathan. The work was carried out satisfactorily under the supervision and guidance of the undersigned in the Department of Computer Science Engineering, Jai Narain College of Technology and Science, Bhopal for the partial...
Words: 8200 - Pages: 33
...Advanced Networks Lab Book 2015/2016 Module Leader: Nauman Israr Office Location: IT 1.06 Email: N.Israr@tees.ac.uk Telephone no: 2693 Course Number and Name: Advanced Networks(COM3038-N-BJ1-2015) Year: 2015/2016 Working Time: Timetable Tutorial Time Only in Lab Name of Student: Name of Lab Instructor: Submission Date: TBA Grade: Submission Method: Introduction The purpose of this lab book is to document your solution for a given set of exercises. The relevant concepts used in each exercise will be covered during the lecture. You must complete these exercises within your timetabled tutorial session. The lab book will count towards your final grade. You will be required to submit completed lab book before the submission deadline. Please check with your tutor about the deadline date, time and submission method. This lab book is 10% of your overall mark. 1 Exercise 1: Duration- One Hour You are a network engineer who has been asked to attend an initial meeting with the management team of ABC, LLC. ABC manufactures electric cars. Its new electric car was just picked up by a Government promotional scheme. ABC is upgrading its manufacturing capacity and hiring new employees. Recently, ABC employees have started saying, “The network is too slow.” They are also experiencing problems sending email, accessing web-based applications, and printing. In the past, when the company was small, it didn’t have these...
Words: 2719 - Pages: 11
...exploring both the tcpClient.c and tcpServer.c code. When I had a rough understanding of how it worked, I tried running it. This caused an error to occur. The problem was I was using Winsock sockets instead of BSD sockets. One, Winsock, is a socket creator for windows, the other BSD socket is an application programming interface for Unix. So, in order to get the application running, I simply had to change WIN to BSD sockets. Next I ran both files again and this time I got back a message from the server saying that it had received a message. Then I opened Wireshark to view what was going on between the client and server. In the top frame, I could see the handshake occurring between the client and server, the client was sending a SYN(Synchronize) and the Server was replying with a SYN-ACK, which means Synchronize acknowledgment. I also noted there was a push function occurring, and when I clicked on the psh function and viewed its output in...
Words: 774 - Pages: 4
...Perform Reconnaissance and Probing Using Zenmap GUI (Nmap) Course Name and Number: IA5010 13020 Found of Information Assurance Student Name: Zhen Sun Instructor Name: Professor Themis Papageorge Lab Due Date: 09/19/13 Lab Assessment Questions & Answers Name at least five applications and tools pre-loaded on the TargetWindows01 server desktop, and identify whether that application starts as a service on the system or must be run manually. Note: These forms have been formatted to allow you to complete the form online and save it using Adobe Reader. You may experience problems with either or both of these actions if you are using any other software program. indows Application Loaded Starts as Service Y/N 1.WireShark NO 2.Nessus Client NO 3.Tftpd32 YES 4.Mozilla Firefox NO 5.Nmap-Zenmap GUI NO What was the allocated source IP host address for the TargetWindows01 server, LAN Switch 1,LAN Switch 2, and the IP default gateway router? TargetWindows01 server: 172.30.0.8 LAN Switch 1: 172.16.8.5 LAN Switch 2: 172.16.20.5 Default gateway router: 172.30.0.1 Did the targeted IP hosts respond to the ICMP echo-request packet with an ICMP echo-reply packet when you initiated the “ping” command at your DOS prompt? If yes, how many ICMP echo-request packets were sent back to the IP source? YES. 4 packets were sent back to the IP source. 4.What is the command line syntax for running an “Intense Scan” with Zenmap on a target subnet...
Words: 523 - Pages: 3
...the output that is shown? (Choose two.) The local host is using three client sessions. The local host is using web sessions to a remote server. The local host is listening for TCP connections using public addresses. The local host is using well-known port numbers to identify the source ports. The local host is performing the three-way handshake with 192.168.1.101:1037. 2. After a web browser makes a request to a web server that is listening to the standard port, what will be the source port number in the TCP header of the response from the server? 13 53 80 1024 1728 3. Which information is found in both the TCP and UDP header information? sequencing flow control acknowledgments source and destination 4. Which is an important characteristic of UDP? acknowledgement of data delivery minimal delays in data delivery high reliability of data delivery same order data delivery 5. Refer to the exhibit. Host A is using FTP to download a large file from Server 1. During the download process, Server 1 does not receive an acknowledgment from Host A for several bytes of transferred data. What action will Server 1 take as a result? create a Layer 1 jam signal reach a timeout and resend the data that needs to be acknowledged send a RESET bit to the host change the window size in the Layer 4 header 6. Refer to the exhibit. In line 7 of this Wireshark capture, what TCP operation...
Words: 973 - Pages: 4
...restrictions iptables –A OUTPUT –s 10.20.111.0/24 –d 10.10.111.0/24 –j ACCEPT -m state --state NEW,ESTABLISHED,RELATED b)For incoming traffic (from the 10.10.111.0/24 to the 10.20.111.0/24) - all incoming connection requests should be rejected with the following exceptions. iptables –A INPUT –s 10.10.111.0/24 –d 10.20.111.0/24 –j REJECT -m state --state NEW,ESTABLISHED,RELATED. iptables –A FORWARD –s 10.10.111.0/24 –d 10.20.111.0/24 –j REJECT -m state --state NEW,ESTABLISHED,RELATED....
Words: 1021 - Pages: 5
...To get directly to the point, scanners will get you a great deal, however manual testing can rapidly limit the degree to apropos target applications, administrations, frameworks, and so on. Additionally, knowing how instruments present information is critical. For example, the penetration tester must comprehend NMAP yield, it is not generally as basic as open or shut. It will rely on upon the kind of output and the objective framework. Trust me, read up and see how NMAP functions. I additionally suggest that amid this stride the penetration tester utilize a parcel catch apparatus such as Wireshark to see the convention correspondence. I once had a penetration tester let me know a frail port was open on my firewall when indeed it was a TCP RST they were getting, sadly, they were utilizing Windows telnet to the port to approve and never saw the RST. The presumption was made that Windows gave the dream they were associating with the port being referred to, they were most certainly not. A brisk investigation using Wireshark would have spared us time and I would possibly regard the penetration tester. Point here is, don't markdown manual approval, it can offer you some assistance with finding false-positives from scanner yield. Taking into account the data assembled, setting up a lab is profoundly suggested, additionally for misuse testing, for example, achievement of adventure, AV and FW/IPS/IDS avoidance and so (“PTES Technical”,...
Words: 825 - Pages: 4
...from the output that is shown? (Choose two.) The local host is using three client sessions. The local host is using web sessions to a remote server. The local host is listening for TCP connections using public addresses. The local host is using well-known port numbers to identify the source ports. The local host is performing the three-way handshake with 192.168.1.101:1037. 2. After a web browser makes a request to a web server that is listening to the standard port, what will be the source port number in the TCP header of the response from the server? 13 53 80 1024 1728 3. Which information is found in both the TCP and UDP header information? sequencing flow control acknowledgments source and destination 4. Which is an important characteristic of UDP? acknowledgement of data delivery minimal delays in data delivery high reliability of data delivery same order data delivery 5. [pic] ccna 1 chapter 4 answers 100% 2011 Refer to the exhibit. Host A is using FTP to download a large file from Server 1. During the download process, Server 1 does not receive an acknowledgment from Host A for several bytes of transferred data. What action will Server 1 take as a result? create a Layer 1 jam signal reach a timeout and resend the data that needs to be acknowledged send a RESET bit to the host change the window size in the Layer 4 header 6. [pic] ccna 1 chapter 4 answers 100% 2011 Refer to the exhibit. In line 7 of this Wireshark capture, what TCP operation...
Words: 1109 - Pages: 5
...Volume 1 FACULTY OF INFORMATION TECHNOLOGY Computer Network Systems Department Computer Networks 1 Lab Manual V 2.0 P R E P A R E D D R . A S U B Y H I J J A W I M O H A M M A D 2 0 1 2 R E V I E W E D B Y D R . M O H A M M A D H I J J A W I Applied Science Private University – Jordan http://FIT.asu.edu.jo Table of Contents Lab 1: Network Components ....................................................................................... 7 Introduction ........................................................................................................ 7 Objectives: ........................................................................................................ 13 Lab Steps: ......................................................................................................... 13 Lab 2: Cable Construction ......................................................................................... 14 Introduction: ...................................................................................................... 14 Objectives: ........................................................................................................ 20 Lab Steps: ......................................................................................................... 21 Preparation ....................................................................................................... 21 Main Steps .................................................
Words: 20902 - Pages: 84