packets and protocols n.
Skip this Video
Loading SlideShow in 5 Seconds..
Packets and Protocols PowerPoint Presentation
Download Presentation
Packets and Protocols

Loading in 2 Seconds...

play fullscreen
1 / 20

Packets and Protocols - PowerPoint PPT Presentation

  • Uploaded on

Packets and Protocols. Recognizing Attacks with the protocol analyzer. Packets and Protocols Recognizing attacks. Hacker tools Many tools exist Most are freeware Many are simply adaptations of existing features/tools in the operating system Ping Trace route Nbtstat nslookup.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Packets and Protocols' - keagan

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
packets and protocols

Packets and Protocols

Recognizing Attacks with the protocol analyzer

packets and protocols recognizing attacks
Packets and ProtocolsRecognizing attacks
  • Hacker tools
    • Many tools exist
    • Most are freeware
    • Many are simply adaptations of existing features/tools in the operating system
      • Ping
      • Trace route
      • Nbtstat
      • nslookup
packets and protocols recognizing attacks1
Packets and ProtocolsRecognizing attacks
  • Ping
    • Uses ICMP
      • Many options exist for the ping command
packets and protocols recognizing attacks2
Packets and ProtocolsRecognizing attacks


Usage: ping [-t] [-a] [-n count] [-l size] [-f] [-i TTL] [-v TOS]

[-r count] [-s count] [[-j host-list] | [-k host-list]]

[-w timeout] target_name


-t Ping the specified host until stopped.

To see statistics and continue - type Control-Break;

To stop - type Control-C.

-a Resolve addresses to hostnames.

-n count Number of echo requests to send.

-l size Send buffer size.

-f Set Don't Fragment flag in packet.

-i TTL Time To Live.

-v TOS Type Of Service.

-r count Record route for count hops.

-s count Timestamp for count hops.

-j host-list Loose source route along host-list.

-k host-list Strict source route along host-list.

-w timeout Timeout in milliseconds to wait for each reply.

packets and protocols recognizing attacks3
Packets and ProtocolsRecognizing attacks
  • Trace route
    • Uses ICMP Type 8, type 0 and TTL
      • Sends type 8 w/TTL=1
      • Receives TTL expired
      • Sends type 8 w/TTL=2
      • Received TTL expired
packets and protocols recognizing attacks4
Packets and ProtocolsRecognizing attacks
  • NBTStat
    • Displays protocol statistics and current TCP/IP connections using NBT (NetBIOS over TCP/IP).
    • Yet another way a hacker can gather data to be used against you
packets and protocols recognizing attacks5
Packets and ProtocolsRecognizing attacks
  • Nslookup
    • DNS tool used to look resolve IP addresses to names and to give the DNS server servicing the request.
      • Similar to ping -a
packets and protocols recognizing attacks6
Packets and ProtocolsRecognizing attacks
  • There are many tools already written that bring together these common utilities
    • Common hacker tools can be found at
    • Sourceforge
packets and protocols recognizing attacks7
Packets and ProtocolsRecognizing attacks
  • Sam Spade
    • GUI tool used for gathering information from Websites
packets and protocols recognizing attacks8
Packets and ProtocolsRecognizing attacks
  • Ping sweep tools
    • Used to discover IP addresses on networks by using ICMP and ARP
packets and protocols recognizing attacks9
Packets and ProtocolsRecognizing attacks
  • Port scan tools
    • Used to find what ports are open on what devices
    • Can scan sequentially or random
packets and protocols recognizing attacks10
Packets and ProtocolsRecognizing attacks
  • Cain and Able
    • Good multipurpose tool for cross platform vulnerability checks
packets and protocols recognizing attacks11
Packets and ProtocolsRecognizing attacks
  • ZenMap
    • Another multipurpose tool to gather information against network nodes
packets and protocols recognizing attacks12
Packets and ProtocolsRecognizing attacks
  • SNMP Sweeps
    • Two types
      • Brute force
        • Simple guessing program
          • Starts with the password of a then b -> z then aa, ab, ac ->zz then aaa, aab etc
      • Dictionary
        • Uses a pre-made list of common words or phrases
packets and protocols recognizing attacks15
Packets and ProtocolsRecognizing attacks
  • What to look for:
    • Ping sweep
      • Look for an inordinate amount of ICMP traffic
    • Port Scan
      • Look for incrementing destination ports
    • SNMP Attack
      • Look for a sudden bust of SNMP traffic and monitor the community field in the capture
packets and protocols recognizing attacks16
Packets and ProtocolsRecognizing attacks
  • How to defend:
    • Ping
      • Filter out unwanted ICMP types
    • Port Scan
      • Lock down devices and turn off unneeded applications and ports
    • SNMP attacks
      • Use strong passwords
packets and protocols recognizing attacks18
Packets and ProtocolsRecognizing attacks
  • The best solution?
    • Get an IDS/IPS
      • Intrusion detection system – passive
      • Intrusion prevention system - active