![Page 1: Computer Networks 2nd part -Introductionacademic.lucabedogni.it/wp-content/uploads/2018/10/0-Introduction.… · Computer Networks 2ndpart -Introduction Luca Bedogni Departmentof](https://reader036.vdocument.in/reader036/viewer/2022062414/5fb502640fd94d7be1662918/html5/thumbnails/1.jpg)
Computer Networks2nd part - Introduction
Luca BedogniDepartment of Computer Science and EngineeringUniversity of Bologna
![Page 2: Computer Networks 2nd part -Introductionacademic.lucabedogni.it/wp-content/uploads/2018/10/0-Introduction.… · Computer Networks 2ndpart -Introduction Luca Bedogni Departmentof](https://reader036.vdocument.in/reader036/viewer/2022062414/5fb502640fd94d7be1662918/html5/thumbnails/2.jpg)
§ Dr. Luca Bedogni
§ Contacts:§ Website: http://cs.unibo.it/~lbedogni§ Mail: [email protected]§ Phone: +39 051 20 9 4974§ Student meetings: Mon-Fri
• Mandatory to ask for a meeting by mail§ Office: Wireless Lab
Who I am
![Page 3: Computer Networks 2nd part -Introductionacademic.lucabedogni.it/wp-content/uploads/2018/10/0-Introduction.… · Computer Networks 2ndpart -Introduction Luca Bedogni Departmentof](https://reader036.vdocument.in/reader036/viewer/2022062414/5fb502640fd94d7be1662918/html5/thumbnails/3.jpg)
§ Understand protocols behavior
§ Getting hands dirty
§ Understand how to look for specific network information
§ Learning§ By observing§ By doing§ By experimenting§ By discussing
§ Be constructive: discussion are helpful. Participate in group discussion, raise questions, collaborate, help each other.
Objectives
![Page 4: Computer Networks 2nd part -Introductionacademic.lucabedogni.it/wp-content/uploads/2018/10/0-Introduction.… · Computer Networks 2ndpart -Introduction Luca Bedogni Departmentof](https://reader036.vdocument.in/reader036/viewer/2022062414/5fb502640fd94d7be1662918/html5/thumbnails/4.jpg)
Outline
Generalintroduction- packetsniffers
Wireshark
Hands-onlaboratories• Introduction,TCP/UDP/IP,ICMP/NAT,SSL,DNS/DHCP
LinuxonNetwork
![Page 5: Computer Networks 2nd part -Introductionacademic.lucabedogni.it/wp-content/uploads/2018/10/0-Introduction.… · Computer Networks 2ndpart -Introduction Luca Bedogni Departmentof](https://reader036.vdocument.in/reader036/viewer/2022062414/5fb502640fd94d7be1662918/html5/thumbnails/5.jpg)
§ Understanding network protocols pave the way to understand the network§ Can be done with simulators
• You don’t get the “real” action• You may not have the guarantee that a simulated protocol closely reflect the real one
§ A packet sniffer listens on the network§ Packets sent/received§ Stores and displays the content§ Handles copies of the packets
§ The packet capture library§ Receives the packets and sends
them to the packet analyzer§ The packet analyzer
§ Shows the packet contents§ Decodes nested fields
Packet sniffers
![Page 6: Computer Networks 2nd part -Introductionacademic.lucabedogni.it/wp-content/uploads/2018/10/0-Introduction.… · Computer Networks 2ndpart -Introduction Luca Bedogni Departmentof](https://reader036.vdocument.in/reader036/viewer/2022062414/5fb502640fd94d7be1662918/html5/thumbnails/6.jpg)
§ Wireshark is a packet sniffer
§ It has a GUI which makes intuitive to inspect network flows
§ Available for different platforms
§ Useful to inspect live network flows§ Live capture which makes you able to see live captures
§ Useful to gain experience§ It is possible to inspect pre-captured traces
Wireshark
![Page 7: Computer Networks 2nd part -Introductionacademic.lucabedogni.it/wp-content/uploads/2018/10/0-Introduction.… · Computer Networks 2ndpart -Introduction Luca Bedogni Departmentof](https://reader036.vdocument.in/reader036/viewer/2022062414/5fb502640fd94d7be1662918/html5/thumbnails/7.jpg)
§ The 2nd part is primarily a hands-on class§ Most of the classes (~3) will be with live exercises
§ Packet sniffers exercises – Kurose, Ross “Computer Networking: A Top-Down Approach”§ If you have one, bring your own laptop
§ 1 laptop is enough for a group of 2-3 students
§ What we need§ Wireshark (more on this later)§ Linux machine§ Advice: use a virtual machine
§ Modus operandi:§ Some exercises will be made during the class
• To foster discussion and to show examples§ Some will be assigned as homework
• No evaluation, part of them will be (briefly) discussed in the lecture following the assignment
Laboratories
![Page 8: Computer Networks 2nd part -Introductionacademic.lucabedogni.it/wp-content/uploads/2018/10/0-Introduction.… · Computer Networks 2ndpart -Introduction Luca Bedogni Departmentof](https://reader036.vdocument.in/reader036/viewer/2022062414/5fb502640fd94d7be1662918/html5/thumbnails/8.jpg)
§ We will see basic network operations on linux§ Not a system administrator class
§ The focus is on the use of Linux as a tool to§ Discover network problems§ Investigate network challenges§ Isolate issues
§ Not an operating system class§ Basic commands, basic operations§ Key is the combination of simple operations
Network on Linux
![Page 9: Computer Networks 2nd part -Introductionacademic.lucabedogni.it/wp-content/uploads/2018/10/0-Introduction.… · Computer Networks 2ndpart -Introduction Luca Bedogni Departmentof](https://reader036.vdocument.in/reader036/viewer/2022062414/5fb502640fd94d7be1662918/html5/thumbnails/9.jpg)
Computer Networks:Packet sniffers Introduction
Luca BedogniDepartment of Computer Science and EngineeringUniversity of Bologna
![Page 10: Computer Networks 2nd part -Introductionacademic.lucabedogni.it/wp-content/uploads/2018/10/0-Introduction.… · Computer Networks 2ndpart -Introduction Luca Bedogni Departmentof](https://reader036.vdocument.in/reader036/viewer/2022062414/5fb502640fd94d7be1662918/html5/thumbnails/10.jpg)
Outline
Packetsniffers
Wireshark
Wiresharkcapturefilters
Wiresharkdisplayfilters
![Page 11: Computer Networks 2nd part -Introductionacademic.lucabedogni.it/wp-content/uploads/2018/10/0-Introduction.… · Computer Networks 2ndpart -Introduction Luca Bedogni Departmentof](https://reader036.vdocument.in/reader036/viewer/2022062414/5fb502640fd94d7be1662918/html5/thumbnails/11.jpg)
§ Packet sniffing is the operation of capturing any data which goes through the network§ To look for information in network packets
§ Frequently used by system administrator to troubleshoot network issues§ Why traffic is slow§ Detect intrusions
§ Considered security tools§ Do not automatically provide security§ But gives all the tools to assess it
§ It is a passive technique§ You set one or more of your network interfaces to listen for everything§ Packets are copied and displayed to the user§ The packet sniffer is just listening
• Actually, it does not change information
What is a packet sniffer
![Page 12: Computer Networks 2nd part -Introductionacademic.lucabedogni.it/wp-content/uploads/2018/10/0-Introduction.… · Computer Networks 2ndpart -Introduction Luca Bedogni Departmentof](https://reader036.vdocument.in/reader036/viewer/2022062414/5fb502640fd94d7be1662918/html5/thumbnails/12.jpg)
§ Most of the people believes that when they communicate over the network with someone else, their packets go directly to the destination§ Instead they are sent in broadcast§ Every node in the network overhears the packet§ It checks if it is the destination, or if it needs to reroute it
How is that possible
A B
MSG
MSG
THISISFORME
![Page 13: Computer Networks 2nd part -Introductionacademic.lucabedogni.it/wp-content/uploads/2018/10/0-Introduction.… · Computer Networks 2ndpart -Introduction Luca Bedogni Departmentof](https://reader036.vdocument.in/reader036/viewer/2022062414/5fb502640fd94d7be1662918/html5/thumbnails/13.jpg)
§ Most of the people believes that when they communicate over the network with someone else, their packets go directly to the destination§ Instead they are sent in broadcast§ Every node in the network overhears the packet§ It checks if it is the destination, or if it needs to reroute it
How is that possible
A B
MSG
CMSG
THISISFORME
D
MSG MSG
THISISNOTFORME
THISISNOTFORME
![Page 14: Computer Networks 2nd part -Introductionacademic.lucabedogni.it/wp-content/uploads/2018/10/0-Introduction.… · Computer Networks 2ndpart -Introduction Luca Bedogni Departmentof](https://reader036.vdocument.in/reader036/viewer/2022062414/5fb502640fd94d7be1662918/html5/thumbnails/14.jpg)
§ Most of the people believes that when they communicate over the network with someone else, their packets go directly to the destination§ Instead they are sent in broadcast§ Every node in the network overhears the packet§ It checks if it is the destination, or if it needs to reroute it
How is that possible
A B
MSG
CMSG
THISISFORME
D
MSG MSG
THISISNOTFORME
THISISNOTFORME
S
THISISNOTFORME,BUTIAMSNIFFING
MSG
MSG
![Page 15: Computer Networks 2nd part -Introductionacademic.lucabedogni.it/wp-content/uploads/2018/10/0-Introduction.… · Computer Networks 2ndpart -Introduction Luca Bedogni Departmentof](https://reader036.vdocument.in/reader036/viewer/2022062414/5fb502640fd94d7be1662918/html5/thumbnails/15.jpg)
§ Suppose you want to visit unibo.it
§ Basically, you shout “Somebody give me unibo.it”
§ The message is overheard by anyone on the network§ Also the router
§ The router sends it to the destination
§ Once it receives the answer, it send the message again on the network
§ Everybody overhears it§ Including you
A simple example
![Page 16: Computer Networks 2nd part -Introductionacademic.lucabedogni.it/wp-content/uploads/2018/10/0-Introduction.… · Computer Networks 2ndpart -Introduction Luca Bedogni Departmentof](https://reader036.vdocument.in/reader036/viewer/2022062414/5fb502640fd94d7be1662918/html5/thumbnails/16.jpg)
§ Basically, all the information which is sent in clear
§ Anyone with a packet sniffer can gain access to such information
§ If the connection is crypted, the information is more secure§ But still, you are receiving it
§ Consider if you user credentials for a harmless website are sent in plain text§ And you use the same credentials for gmail§ … and for you bank account …
§ Example: cookie hijacking
What is possible to see
![Page 17: Computer Networks 2nd part -Introductionacademic.lucabedogni.it/wp-content/uploads/2018/10/0-Introduction.… · Computer Networks 2ndpart -Introduction Luca Bedogni Departmentof](https://reader036.vdocument.in/reader036/viewer/2022062414/5fb502640fd94d7be1662918/html5/thumbnails/17.jpg)
§ It is a network analyzer tool
§ It allows us to see all the packets that go through a network§ Why my network is stuck every Friday evening from 6PM to 8PM?§ Why computer X can’t connect to the Internet?§ Why the A department can’t connect to the internal servers?
§ Wireshark helps us troubleshoot the network
§ Open Source with GUI
§ Available for Windows/MAC OS/Linux§ Get it at https://www.wireshark.org/download.html
§ All the examples in this class will be made through the GUI§ Some shortcuts through the command line exist
What is Wireshark
![Page 18: Computer Networks 2nd part -Introductionacademic.lucabedogni.it/wp-content/uploads/2018/10/0-Introduction.… · Computer Networks 2ndpart -Introduction Luca Bedogni Departmentof](https://reader036.vdocument.in/reader036/viewer/2022062414/5fb502640fd94d7be1662918/html5/thumbnails/18.jpg)
How it looks like
![Page 19: Computer Networks 2nd part -Introductionacademic.lucabedogni.it/wp-content/uploads/2018/10/0-Introduction.… · Computer Networks 2ndpart -Introduction Luca Bedogni Departmentof](https://reader036.vdocument.in/reader036/viewer/2022062414/5fb502640fd94d7be1662918/html5/thumbnails/19.jpg)
§ Technically speaking, wireshark captures the packet going through a network and displays them
§ For what people uses wireshark for:§ Network administrators -> troubleshoot network problems§ Network security engineers -> examine security problems§ QA engineers -> verify network applications§ Developers -> debug protocol implementations§ People -> learn network protocol internals
§ Some features:§ Capture live packet data and display it§ Import network traces and save them§ Filtering/Coloring/Search§ Create network statistics
Deeper into Wireshark
![Page 20: Computer Networks 2nd part -Introductionacademic.lucabedogni.it/wp-content/uploads/2018/10/0-Introduction.… · Computer Networks 2ndpart -Introduction Luca Bedogni Departmentof](https://reader036.vdocument.in/reader036/viewer/2022062414/5fb502640fd94d7be1662918/html5/thumbnails/20.jpg)
A wireshark example
Packetslist
Packetdetails
Packetscontent
Wiresharktoolbar
Generalstatistics
![Page 21: Computer Networks 2nd part -Introductionacademic.lucabedogni.it/wp-content/uploads/2018/10/0-Introduction.… · Computer Networks 2ndpart -Introduction Luca Bedogni Departmentof](https://reader036.vdocument.in/reader036/viewer/2022062414/5fb502640fd94d7be1662918/html5/thumbnails/21.jpg)
Wireshark menus
File – Open, merge, export and print capture filesEdit – Search packets, mark them, preferencesView – Coloring packets and view optionsGo – Through this menu it is possible to go to a specific packetCapture – To start captures and edit capture filtersAnalyze – Filtering packets, dissecting protocolsStatistics – To generate and display statisticsTelephony – Telephony related statisticsWireless – To show wireless related statisticsTools – Various tools available in wiresharkHelp – Help, manual pages
![Page 22: Computer Networks 2nd part -Introductionacademic.lucabedogni.it/wp-content/uploads/2018/10/0-Introduction.… · Computer Networks 2ndpart -Introduction Luca Bedogni Departmentof](https://reader036.vdocument.in/reader036/viewer/2022062414/5fb502640fd94d7be1662918/html5/thumbnails/22.jpg)
§ Start§ Stop§ Restart§ Options§ Open§ Save§ Close§ Reload§ Find§ Go to packets§ Auto scroll§ Colorize§ Zoom options
The wireshark toolbar
![Page 23: Computer Networks 2nd part -Introductionacademic.lucabedogni.it/wp-content/uploads/2018/10/0-Introduction.… · Computer Networks 2ndpart -Introduction Luca Bedogni Departmentof](https://reader036.vdocument.in/reader036/viewer/2022062414/5fb502640fd94d7be1662918/html5/thumbnails/23.jpg)
§ Bookmarks§ Filter Input§ Clear§ Apply
§ It is probably one of the most powerful tools of wireshark
§ We’ll see how many packets are generated even in low populated networks in short time§ Filtering is essential
The filter toolbar
![Page 24: Computer Networks 2nd part -Introductionacademic.lucabedogni.it/wp-content/uploads/2018/10/0-Introduction.… · Computer Networks 2ndpart -Introduction Luca Bedogni Departmentof](https://reader036.vdocument.in/reader036/viewer/2022062414/5fb502640fd94d7be1662918/html5/thumbnails/24.jpg)
§ Each line corresponds to a packet§ It displays information such as the ID, the source, destination, protocol and others§ Icons help understand a conversation flow
The Packet list panel
![Page 25: Computer Networks 2nd part -Introductionacademic.lucabedogni.it/wp-content/uploads/2018/10/0-Introduction.… · Computer Networks 2ndpart -Introduction Luca Bedogni Departmentof](https://reader036.vdocument.in/reader036/viewer/2022062414/5fb502640fd94d7be1662918/html5/thumbnails/25.jpg)
§ It shows the details for a specific selected packet
§ It can display additional information enclosed in brackets
§ It also shows links if wireshark detects a link with another packet
The packet details panel
![Page 26: Computer Networks 2nd part -Introductionacademic.lucabedogni.it/wp-content/uploads/2018/10/0-Introduction.… · Computer Networks 2ndpart -Introduction Luca Bedogni Departmentof](https://reader036.vdocument.in/reader036/viewer/2022062414/5fb502640fd94d7be1662918/html5/thumbnails/26.jpg)
§ Shows the dump of the packet
§ More than one page may available§ In case wireshark has reassambled more than one packet together
The packet bytes panel
![Page 27: Computer Networks 2nd part -Introductionacademic.lucabedogni.it/wp-content/uploads/2018/10/0-Introduction.… · Computer Networks 2ndpart -Introduction Luca Bedogni Departmentof](https://reader036.vdocument.in/reader036/viewer/2022062414/5fb502640fd94d7be1662918/html5/thumbnails/27.jpg)
§ Capturing live network data is one of the core components of wireshark
§ Can capture from different network interfaces
§ Triggers to stop capturing data (elapsed time, number of packets..)
§ Live show of packet details
§ Live filtering of packets
§ Save packets
§ Can simultaneously capture from different network interfaces
Capturing live network data
![Page 28: Computer Networks 2nd part -Introductionacademic.lucabedogni.it/wp-content/uploads/2018/10/0-Introduction.… · Computer Networks 2ndpart -Introduction Luca Bedogni Departmentof](https://reader036.vdocument.in/reader036/viewer/2022062414/5fb502640fd94d7be1662918/html5/thumbnails/28.jpg)
Starting a new capture
![Page 29: Computer Networks 2nd part -Introductionacademic.lucabedogni.it/wp-content/uploads/2018/10/0-Introduction.… · Computer Networks 2ndpart -Introduction Luca Bedogni Departmentof](https://reader036.vdocument.in/reader036/viewer/2022062414/5fb502640fd94d7be1662918/html5/thumbnails/29.jpg)
§ It is possible to save a capture to a file (or multiple files)
§ Consider using this feature if you plan to work with a heavily congested network§ Or if you plan to perform a long-term capture
Capture Options
Filename Createanewfile…
Usearingbuffer…
Mode Resultingfilename
- - - Permanentfile wiresharkXXXXX
foo.cap - - Singlenamedfile foo.cap
foo.cap x - Multiplefiles,continuous
foo_00001_20100205110102.cap,foo_00002_20100205110318.cap,…
foo.cap x x Multiplefiles,ringbuffer
foo_00001_20100205110102.cap,foo_00002_20100205110318.cap,…
![Page 30: Computer Networks 2nd part -Introductionacademic.lucabedogni.it/wp-content/uploads/2018/10/0-Introduction.… · Computer Networks 2ndpart -Introduction Luca Bedogni Departmentof](https://reader036.vdocument.in/reader036/viewer/2022062414/5fb502640fd94d7be1662918/html5/thumbnails/30.jpg)
§ Wireshark uses the libpcap filter language§ The general syntax is as follows
§ Example:
§ Primitives:§ [src/dst] host <host>§ ether [src/dst] host <host>§ gateway host <host>§ [src|dst] net <net> [{mask <mask>}|{len <len>}]§ [tcp|udp] [src|dst] port <port>§ less|greater <length>§ ip|ether proto <protocol>§ ether|ip broadcast|multicast§ <expr> relop <expr>
§ Capture filters are different than Display filters
Capture filters
[not]primitive[and|or [not]primitive...]
tcp port23andhost10.0.0.5
![Page 31: Computer Networks 2nd part -Introductionacademic.lucabedogni.it/wp-content/uploads/2018/10/0-Introduction.… · Computer Networks 2ndpart -Introduction Luca Bedogni Departmentof](https://reader036.vdocument.in/reader036/viewer/2022062414/5fb502640fd94d7be1662918/html5/thumbnails/31.jpg)
§ We will 99% not work with live captures§ Live data can change, hence difficult to define exercises
§ We will instead work with capture file§ Pre-captured trace§ Simply hit File -> Open and select the file
§ Wireshark understands several capture file formats
§ Download the files for this class at: http://gaia.cs.umass.edu/wireshark-labs/wireshark-traces.zip
§ Keep in mind that is also possible to save your live capture data§ Useful for questions, appointments
In the remainder of this class
![Page 32: Computer Networks 2nd part -Introductionacademic.lucabedogni.it/wp-content/uploads/2018/10/0-Introduction.… · Computer Networks 2ndpart -Introduction Luca Bedogni Departmentof](https://reader036.vdocument.in/reader036/viewer/2022062414/5fb502640fd94d7be1662918/html5/thumbnails/32.jpg)
§ Along with wireshark, you’ll also install tshark
§ Simplyfying, wireshark without GUI§ Can capture traffic§ Command line tool which analyzes .pcap files
§ Useful for analyzing large trace data with command line tools
§ Examples:§ Out of a lot of lines, you want the unique IP addresses§ After monitoring all the traffic going to port 80, you want the unique source ports§ You want to convert .pcap data in a human readable format§ You want to count packets which match a certain expression
§ Outside the scope of this class§ But knowing how to use it can speed up operations
tshark