Networking & Wireless Routers VIII Wireshark

1

Networking & Wireless Routers VIII

Wireshark

20 Points

TU Networking 3342Dr. Thomas Hicks

2

---------------------- Integrity Check ----------------------

As You Well Know, It Is A Violation Of Academic IntegrityTo Fake The Results On Any Of Your Labs.

Your Name

_________________

Name This Presentation:Tom-Hicks-7-Router-Wireless-Lab.pptx

{Substitute Your First & Last Names}

4

Create File DataTransfer.txt

5

Use Visual Studio To Create A File, Called DataTransfer.txtThe File Is To Contain Approximately 75 MB Of Letters A-Z In The

Following Format:Replace The Screen Capture Below With Yours!

6

Use Visual Studio To Create A File, Called DataTransfer.TxtDisplay The File Size.

Replace The Screen Capture Below With Yours!

This Is Close Enough!

7

You Will Need ThreeComputersFor This

Lab

Name System 1, System 2, & Your System

CS-_??_ & CS-_??_ & CS-_??_

DataTransfer.txt

9

Connect All Three Computers To Your

Router With A Wireless Adapter

10

Configure Your D-Link N Access Point To The Proper Static IP

CS-1 to CS-4

CS-1 Static DNS = CS-1.cs.trinity.edu Static IP = 131.194.71.119 Router DNS = CS-8.cs.trinity.edu Router IP = 131.194.71.141 Router Gateway = 192.168.1.1 Wireless Adapter IP = 192.168.1.20




11


CS-5 to CS-7




12

Your System Wireless Access Point You May Use Any Device You Like

Identify & Add PhotoConnect It To Your Router!


Access Point : ______________________________________ Access Point = _?_ (D-Link USB DWA-130/ Belkin USB Wireless G F5D7050 / Netgear Wireless G PCI Card WG311NA / D-Link USB DWL-G132 / etc.)

Made By : __________________________________________ (D-Link, Belkin, Netgear, Linksys, etc.)

Attach A Photo Of The Device: (Do Internet Search!)

13

System 1 Wireless Access Point You May Use Any Device You Like






14

System 2 Wireless Access Point You May Use Any Device You Like






15

Your Router Configuration From

Lab 8 Is Fine!

16


CS-1 to CS-4





17


CS-5 to CS-7




18

Co

DisableEthernet Cat-5Adapter On All Three Systems

19

Disable All Access Points Except The WirelessOn Your System!


20

Disable All Access Points Except The WirelessSystem 1!


21

Disable All Access Points Except The WirelessOn System 2!


22

Co

Install Wireshark

On Your System

23

Remote Into Your SystemReplace The Screen Capture Below With Yours

24

Co

Capture Packets Being Sent To Your System

Grab The Packets

25

Put a Copy Of DataTransfer.txt In The Share Folder On System 1. Start WireShark. Copy DataTransfer.txt From The Share Folder Of

System 1 To Your Desktop Capture Using The Wireless Adapter

26

Stop The Ethernet Card Capture. Sort By Source. Show Some Of The DataTransfer.txt FileReplace The Capture Below With Yours.

27

Co

Capture Packets Being Sent From

Your System

Grab The Packets

28

Open The Share Folder Of System 2. Start WireShark. Copy DataTransfer.txt From Your Desktop To The Share Folder Of System 2

Capture Using The Wireless Adapter

29

Stop The Ethernet Card Capture. Sort By Source. Can You See Data Being Transferred Out?

If So, Add A Capture Below; If Not, Explain Below!

30

Co

Capture Packets Transferred Between Two Other Systems

Grab The Packets

31

Go To System 1. Open The Share Folder Of System 2. Start WireShark On Your System (No Longer Involved In the Transfer).

Copy DataTransfer.txt From System 2 To Desktop System 1 Capture Using The Wireless Adapter

32

Stop The Ethernet Card Capture. Sort By Source. Can You See Data Being Transferred By Other Systems?

If So, Add A Capture Below; If Not, Explain Below!

33

Co

EnableEthernet Cat-5Adapter On All Three Systems

Remove The WirelessAdapters

34

Re-Enable The Cat-5 Adapter On Your SystemRemove The Wireless Adapter.


35

Re-Enable The Cat-5 Adapter On System 1Remove The Wireless Adapter.


36

Re-Enable The Cat-5 Adapter On System 2Remove The Wireless Adapter.


37

Co

Ethernet Cat-5Capture

On Your System

38

Start A Capture On Your System. Start A Browser On Your System. Navigate To Carme.cs.trinity.edu

Show The HTTP Traffic To Carme.Replace The Screen Capture Below With Yours.

39

Plug Your System & System 1 Into The Same Switch. Start Wireshark On Your System. Take The Browser On System 1 To Carme . Do You

See Carme Browser Request From Other Systems? If So, Add A Capture Below; If Not, Explain Below!

40

Co

Promiscuous Ethernet

Monitoring

41

Promiscuous Monitoring Of Wireless Networks #1

42

Promiscuous Monitoring Of Wireless Networks #2

43

Questions #1

Explain : What Is The Difference Between Promiscuous And Non-Promiscuous Wireless Capture?________________________________________________ ________________________________________________ ________________________________________________ ________________________________________________ ________________________________________________ ________________________________________________

____ {T/F} Any Ethernet adapter can be used for promiscuous mode monitoring in a wired Ethernet network

____ {T/F} Any Wireless Ethernet adapter is equally good for strength, and other important statistics and indicators.

44

Questions #2

____ {T/F} Standard drivers for wireless NICs support promiscuous mode ("RF Monitoring")

While the adapter can receive radio signals on a given frequency regardless of the destination MAC address in the packet, the packets that are not addressed to this adapter are _?_ by the driver, and there is no way to make the standard driver pass them to the network monitoring software.

_____ {T/F} A number of network monitoring software vendors make special RF monitoring drivers for all wireless adapters.

45

Questions #3

In order to do promiscuous packet gathering, the user must obtained a supported wireless _?_, install the wireless monitoring program, replace the original driver by the special RF monitoring driver

List the Make, Model, and Vendor Of All Wireless Adapters Made Available To You By Dr. Hicks.__________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________

46

Questions #4

The Real Question : [ "Is there a RF monitoring driver for my Wi-Fi card and operating system?"] Do An Internet Search For Each Of The Adapters Listed On The Previous Slide.

Adapter RF Monitoring Driver

_________________________________ _______ {Y/N}_________________________________ _______ {Y/N}_________________________________ _______ {Y/N}_________________________________ _______ {Y/N}_________________________________ _______ {Y/N}_________________________________ _______ {Y/N}_________________________________ _______ {Y/N}

47

Questions #5

Software to do promiscuous packet gathering is called a W_?_ A_?_

Aside from the problems related to NIC drivers, wireless traffic is sometimes encrypted using WEP (an older standard) or WPA. A good WLAN Analyzer must be capable of _?_ encrypted network traffic on the fly utilizing a user-provided WEP or WPA-PSK key.

A WLAN analyzer may not be required if all you need to monitor is the traffic between the wireless stations and the Internet. Using a standard, non-wireless monitor on a M_?_ port would make it possible to capture the packets being sent and received through the access point. A network layout illustrating this method is shown below.

48

Questions #6

Software to do promiscuous packet gathering is called a W_?_ A_?_

Aside from the problems related to NIC drivers, wireless traffic is sometimes encrypted using WEP (an older standard) or WPA. A good WLAN Analyzer must be capable of _?_ encrypted network traffic on the fly utilizing a user-provided WEP or WPA-PSK key.

A WLAN analyzer may not be required if all you need to monitor is the traffic between the wireless stations and the Internet. Using a standard, non-wireless monitor on a M_?_ port would make it possible to capture the packets being sent and received through the access point. A network layout illustrating this method is shown below.

49

Co

Packet Monitoring Software

50

Mirror Port Software

51

Questions #7

"How can I see all of the subnet traffic using Network Monitor?". The most efficient way to do this is to attach your computer's ethernet connection directly to the "_?_" port on your switch.

On Cisco switches the mirroring port is called the _?_port and use a software program called a "Switched Port Analyzer".

____ {T/F} Almost all switches today come with one of these ports to allow system administrators to analyze network traffic using a packet sniffing product like Distinct Network Monitor.

52

Questions #7

Why do you need to attach to the mirror port? Well, technically when a NIC driver is in promiscuous mode, it is able to see all of the traffic that is travelling on the wire it is attached to. However, that traffic may be in fact limited to its _?_ traffic and _?_ broadcast traffic in the case of a switched network.

As an administrator, the most efficient way for you to analyze traffic that is not visible from your computer is to capture it using the mirror or _?_port on your switch.

When this is not possible Distinct Network Monitor does offer one more option through its Agents. Using Agents you will be able to analyze traffic that is not visible from your computer.

53

Co

Packet Monitoring Software

54

Questions #8

Do an Internet Search - List at least half a dozen software products which enable packet monitoring on Windows systems. Include the Software Name and Price.

Software _____________________________ $_________URL____________________________________________

Software _____________________________ $_________URL____________________________________________

Software _____________________________ $_________URL____________________________________________

Software _____________________________ $_________URL____________________________________________

55

Questions #9

Do an Internet Search - (cont)

Software _____________________________ $_________URL____________________________________________

Software _____________________________ $_________URL____________________________________________

Software _____________________________ $_________URL____________________________________________

Software _____________________________ $_________URL____________________________________________

56

Questions #10

What Is Port Mirroring:_______________________________________________ _______________________________________________ _______________________________________________ _______________________________________________ _______________________________________________ _______________________________________________

57

Port Mirroring On Inexpensive Linksys Switch?

58

Co

Make Sure All Three Systems Are

Still Accessible via Remote Desktop

59

Co

Extra Credit

60

Extra CreditTransfer DataTransfer.txt From One Computer To Another Wirelessly. Use A Third Computer To Capture Packets In

Promiscuous Mode. Include Sufficient Screen Captures & Explanation To Duplicate Your Efforts (i.e. What Card, What Software, Where Download, How Do,

etc..

Networking & Wireless Routers VIII Wireshark

Documents

Transcript of Networking & Wireless Routers VIII Wireshark