Packet analysis (Basic)

53
Network Packet Analysis (basic) Ahmad Muammar W.K. OSCP Technical Workshop (25 Oktober 2012) Tuesday, January 22, 13

TAGS:

Transcript of Packet analysis (Basic)

Page 1: Packet analysis (Basic)

Network Packet Analysis (basic)

Ahmad Muammar W.K. OSCP

Technical Workshop (25 Oktober 2012)

Tuesday, January 22, 13

Page 2: Packet analysis (Basic)

Introduction

• A.K.A y3dips

• Pro. Bandwidth Hunter

• IT(Sec) Consultant/Pentester/py.Coder

• Founder echo.or.id, ubuntu-id, idsecconf

• @y3dips, [email protected]

Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13

Page 3: Packet analysis (Basic)

Packet Analysis

• Captured Network Traffic

• Analyze the protocols, carve out the files, search for strings

Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13

Page 4: Packet analysis (Basic)

• Analyze fileds within protocols

• Analyze Protocols within packets

• Analyze Packets within streams

• Reconstruct higher-layer protocols

Packet Analysis

Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13

Page 5: Packet analysis (Basic)

• Too many stream packet

• Packet corrupted or truncated

• Contents encrypted at different layers

• Unstandard protocols

Issue Found

Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13

Page 6: Packet analysis (Basic)

• Examination of one or more fields within the protocol’s data structure.

Protocol Analysis

Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13

Page 7: Packet analysis (Basic)

• Packet Analysis

Packet Analysis

Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13

Page 8: Packet analysis (Basic)

WiresharkAhmad Muammar W.K. OSCP

Network Packet Analysis Technical Workshop (25 Oktober 2012)

Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13

Page 9: Packet analysis (Basic)

WireSharkAdvance Usage

Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13

Page 10: Packet analysis (Basic)

Wireshark Display

• Packet List

• Packet Details

• Packet Bytes

Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13

Page 11: Packet analysis (Basic)

Packet ListPacket List

Packet Details

Packet Bytes

Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13

Page 12: Packet analysis (Basic)

WiresharkColoring Rules

Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13

Page 13: Packet analysis (Basic)

Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13

Page 14: Packet analysis (Basic)

Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13

Page 15: Packet analysis (Basic)

WiresharkCapture Filters

Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13

Page 16: Packet analysis (Basic)

Capture Filtersfor the shake of the performance

Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13

Page 17: Packet analysis (Basic)

Capture/BPF syntax

• Type: host, net, port

• Direction: src, dst

• Proto: ether, ip, tcp, udp

• Logical oepration: &&, ||, !

Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13

Page 18: Packet analysis (Basic)

Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13

Page 19: Packet analysis (Basic)

Capture Filters

• Filtering the host

• host ipv4/ipv6

• host hostname

• ether host mac (00-11-22-33-44-55)

• src/dst host 192.168.1.1

Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13

Page 20: Packet analysis (Basic)

Capture Filters

• Filtering the Protocol/Port

• port 443

• !port 443

• protocol name (e.g: icmp)

• !protocol name (e.g !icmp)

Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13

Page 21: Packet analysis (Basic)

Capture Filters

• Protocol Field

• icmp[0] == 3 (unreachable)

• icmp[0] == 8 (echo request)

• tcp[13] & 4 == 4 (RST)

• tcp[13] & 1 == 1 (FIN)

Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13

Page 22: Packet analysis (Basic)

Display FiltersSee only what you wanna see

Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13

Page 23: Packet analysis (Basic)

Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13

Page 24: Packet analysis (Basic)

Display Filters

• !tcp.port=443

• tcp.flag.syn=1

• !arp

• tcp.port==21 || tcp.port==23

• smtp || pop || imap

Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13

Page 25: Packet analysis (Basic)

Packet AnalysisWrong Dissector

Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13

Page 26: Packet analysis (Basic)

Protocol Dissector

• Allow Wireshark to automatically break down into various section so that it can be analyzed

• Translator, decoder

• Not work for non-standard/default port.

Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13

Page 27: Packet analysis (Basic)

Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13

Page 28: Packet analysis (Basic)

Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13

Page 29: Packet analysis (Basic)

Wrong Dissector

• So its an SSL traffic

• But, why we able to see all info

• FTP Traffic using port 443?

• Decode it with FTP

Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13

Page 30: Packet analysis (Basic)

Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13

Page 31: Packet analysis (Basic)

Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13

Page 32: Packet analysis (Basic)

Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13

Page 33: Packet analysis (Basic)

Packet AnalysisReconstruct File and Data

Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13

Page 34: Packet analysis (Basic)

Reconstruct Data

• nc -lv 110 > confidential.pdf

• nc -vv 192.168.1.222 110 < confidential.pdf

• non standard port send pdf and zip

Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13

Page 35: Packet analysis (Basic)

Packet AnalysisReconstruct PDF File

Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13

Page 36: Packet analysis (Basic)

Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13

Page 37: Packet analysis (Basic)

Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13

Page 38: Packet analysis (Basic)

Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13

Page 39: Packet analysis (Basic)

Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13

Page 40: Packet analysis (Basic)

Packet AnalysisReconstruct Zip File from NC file transfer

Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13

Page 41: Packet analysis (Basic)

Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13

Page 42: Packet analysis (Basic)

Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13

Page 43: Packet analysis (Basic)

Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13

Page 44: Packet analysis (Basic)

Packet AnalysisReconstruct Zip File from FTP server

Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13

Page 45: Packet analysis (Basic)

Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13

Page 46: Packet analysis (Basic)

Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13

Page 47: Packet analysis (Basic)

Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13

Page 48: Packet analysis (Basic)

Packet AnalysisDecrypting and decode ssl packet

Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13

Page 49: Packet analysis (Basic)

Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13

Page 50: Packet analysis (Basic)

Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13

Page 51: Packet analysis (Basic)

Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13

Page 52: Packet analysis (Basic)

Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13

Page 53: Packet analysis (Basic)

Network Packet Analysis

Ahmad Muammar W.K. OSCP

Technical Workshop (25 Oktober 2012)

Network Packet Analysis - Ahmad Muammar W.K. OSCPTuesday, January 22, 13


Basic Probability Exam Packet

Basic Probability Exam Packet

Packet Tracer 6.1 tutorial - IP telephony basic configurationdocshare04.docshare.tips/files/29205/292058818.pdf · Packet Tracer 6.1 tutorial - IP telephony basic configuration Tutorial

Packet Tracer 6.1 tutorial - IP telephony basic configurationdocshare04.docshare.tips/files/29205/292058818.pdf · Packet Tracer 6.1 tutorial - IP telephony basic configuration Tutorial

Network Packet Analysis

Network Packet Analysis

Packet sniffing Packet forgery (spoofed from address) DNS … · 2006. 2. 7. · Basic network security threats • Packet sniffing • Packet forgery (spoofed from address) •

Packet sniffing Packet forgery (spoofed from address) DNS … · 2006. 2. 7. · Basic network security threats • Packet sniffing • Packet forgery (spoofed from address) •

Addition to Packet-fireflow Analysis

Addition to Packet-fireflow Analysis

Network Packet Analysis - using WireShark

Network Packet Analysis - using WireShark

Wireless Packet Analysis Webinar Slides.pdf

Wireless Packet Analysis Webinar Slides.pdf

Packet Analysis Digital Forensics - UBNetDef

Packet Analysis Digital Forensics - UBNetDef

Name Basic ALGEBRA 2 SUMMER PACKET

Name Basic ALGEBRA 2 SUMMER PACKET

Packet analysis

Packet analysis

Wireless Packet Captures & Connection Analysis- A …wlanpros2.project.ihelphosting.com/.../01-wireless-packet-captures... · Wireless Packet Captures & Connection Analysis- A Review

Wireless Packet Captures & Connection Analysis- A …wlanpros2.project.ihelphosting.com/.../01-wireless-packet-captures... · Wireless Packet Captures & Connection Analysis- A Review

BASIC TRAINING FOR CONSERVATORS TRAINING PACKET

BASIC TRAINING FOR CONSERVATORS TRAINING PACKET

Basic Enrollment Packet Entities/Businesses - Louisiana

Basic Enrollment Packet Entities/Businesses - Louisiana

Basic Law Enforcement Orientation Packet - mdc.edu Orientation Packet (FULL...Basic Law Enforcement Orientation Packet ... Today symbolizes the start of your journey; ... Credit History

Basic Law Enforcement Orientation Packet - mdc.edu Orientation Packet (FULL...Basic Law Enforcement Orientation Packet ... Today symbolizes the start of your journey; ... Credit History

Basic Enrollment Packet for Individuals 07-2015 · PDF fileENROLLMENT PACKET FOR THE LOUISIANA MEDICAL ASSISTANCE PROGRAM (Louisiana Medicaid Program) Basic Enrollment Packet For Individuals

Basic Enrollment Packet for Individuals 07-2015 · PDF fileENROLLMENT PACKET FOR THE LOUISIANA MEDICAL ASSISTANCE PROGRAM (Louisiana Medicaid Program) Basic Enrollment Packet For Individuals

Basic Concepts (part 2): packet delays and layering

Basic Concepts (part 2): packet delays and layering

Department of Behavior Analysis MS Degree Information Packet · discipline of behavior analysis and to the community by conducting applied and basic research that furthers understanding

Department of Behavior Analysis MS Degree Information Packet · discipline of behavior analysis and to the community by conducting applied and basic research that furthers understanding

BASIC PNEUMATICS LEARNING ACTIVITY PACKET activity packet basic pneumatics principles of pneumatic pressure and flow bb834-ba03xen

BASIC PNEUMATICS LEARNING ACTIVITY PACKET activity packet basic pneumatics principles of pneumatic pressure and flow bb834-ba03xen

Basic circuit analysis - razorjr.files.wordpress.comEIE209 Basic Electronics Basic circuit analysis. Prof. C.K. Tse: Basic Circuit ... Prof. C.K. Tse: Basic Circuit Analysis 4 Power

Basic circuit analysis - razorjr.files.wordpress.comEIE209 Basic Electronics Basic circuit analysis. Prof. C.K. Tse: Basic Circuit ... Prof. C.K. Tse: Basic Circuit Analysis 4 Power

Packet capture and protocol analysis 1. Content TCP/IP Networking Review Packet Capture Protocol Analysis 2.

Packet capture and protocol analysis 1. Content TCP/IP Networking Review Packet Capture Protocol Analysis 2.