Lab3: Network Traces Analysis

Lab3: Network Traces Analysis PowerPoint PPT Presentation

  • Uploaded on
  • Presentation posted in: General

Overview. Network packets are logged forNetwork monitorProtocol debuggingTroubleshootingAttackers often peer into the packetsMany protocols are in clear-text (e.g., ftp, http)Easy to get packet traces (sniffing)Packet traces contain sensitive informationDo offline analysis on given packet

Download Presentation

Lab3: Network Traces Analysis

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript

1. Lab3: Network Traces Analysis

2. Overview Network packets are logged for Network monitor Protocol debugging Troubleshooting Attackers often peer into the packets Many protocols are in clear-text (e.g., ftp, http) Easy to get packet traces (sniffing) Packet traces contain sensitive information Do offline analysis on given packet traces, extracting sensitive information

3. Task 1: Extract FTP Passwords FTP communication is not encrypted Goal: recover all the username and password of ftp accounts from a network trace file Assumptions FTP server is using port 21 No protocols other than FTP is running on port 21

4. Task 2: Extract HTTP URLs HTTP traffic is not encrypted Goal: find out all the URLs the browser has visited in the network trace file Assumptions The HTTP sever is using port 80 No protocol other than HTTP is running on port 80 During the protocol, neither the server not the client gets disconnected

5. Task 3: Extract HTTP cookies Cookies are transmitted in clear-text May contain sensitive information Goal: to extract all cookies contained in the network trace file Same assumptions as that for task 2 Make it easier Only extract the cookies sent out by the browser; dont extract the cookies sent by the server Dont worry about the domain and path attributes

6. Implementation All the functionalities will be implemented in a single executable The stub code and the make file are provided Read the instruction in the lab handout carefully about how to use the stub code

7. Testing & Grading 6 out of 8 trace files used in grading are provided Some sample output are also provided Strictly follow the output format requirements given in the handout Make sure your outputs are exactly the same as the sample outputs See the readme file for information about the samples Note: the program should only output to the standard output Do not print any debugging information

8. Hints Keywords FTP Password: USER, PASS HTTP URLs: GET, Host HTTP Cookies: Host, Cookie Backup code often

9. Useful Tools The traces are generated using tcpdump You should use the tool tcpflow to filter and convert the trace file to ease the analysis and debugging See the summary function in the stub file as an example grep Find a match in the file See the man page for grep A function to invoke a command and get back the results is provided in the stub file

10. Readings FTP: rfc959 Section 4.1.1: ACCESS CONTROL COMMAND HTTP: rfc2616 Section 9.3: GET method Section 14.23: Host header field HTTP Cookies: rfc2965 Section 3.3.4: sending cookies A general understanding of the protocol will help

11. Turnin Only need to turnin the source code and the make file Turnin instruction will be sent to the mailing-list later

12. Have fun! Questions?

  • Login