network analysis book

10
Network Testing and Analysis How to Guide for Networking Engineers Copyright 2013 @ tcpipguru.com

Upload: tcpipguru

Post on 24-May-2015

649 views

Category:

Education


0 download

DESCRIPTION

Network analysis Book

TRANSCRIPT

Page 1: Network analysis Book

Network Testing and Analysis

How to Guide for Networking Engineers

Copyright 2013 @ tcpipguru.com

Page 2: Network analysis Book

Copyright 2013 @ tcpipguru.com

Page 3: Network analysis Book

Table of ContentsHow to Capture and Display traffic between two systems on a network

How to craft a ping packet

How to detect rogue DHCP servers on a network

How to detect web servers on a network

How to display bytes received and sent on the network card in an interval

How to display ports in listening state on a Windows system

How to find access points on a network

How to find Active directory servers on a network

How to find all subnet directed broadcast on a network

How to find broadcast frames on a network

How to find FTP servers on a network

How to find a printer on a network

How to find ports open on your internet router

How to find proxy servers on a network

How to find TCP applications running on a remote system

How to find the IP address of an IP camera on a network

How to find the number of hops taken by a packet to reach the destination.

How to find the reason as to why an application is not working on a remote computer.

How to find unicast packets sent to a gateway router from devices on the network

How to find used IP addresses on a network

How to passively monitor 802.11 packets on a network

Copyright 2013 @ tcpipguru.com

Page 4: Network analysis Book

How to route internet traffic through a specific network card

How to scan a range of TCP ports on a system

How to simulate TCP connections to a required server port number

How to troubleshoot DNS connectivity issues

How to troubleshoot internet with nmap.

How to troubleshoot port forwarding issues

How to troubleshoot remote desktop connectivity issues

How to troubleshoot web communication connectivity issues.

How to view received and sent bytes on a network card

How to view TCP connection statistics on a Windows systems

How to view TCP connections on a Window System

How to view the data in bytes which is sent and received by a process in memory

How to view the state of a network process on a Windows System

How to find HTTP traffic passing through a router

How to find http traffic to and from a PC on a network

How to find the protocols which pass through the LAN interface of an internet router.

How to detect eavesdropping vulnerable protocols on an IP address

How to test an inbound ACL

How to test cam flooding attack

How to send IP packets in a loop with random IP addresses.

Copyright 2013 @ tcpipguru.com

Page 5: Network analysis Book

How to Capture and Display traffic between two systems on a network

The wireshark tutorial shows how to capture and display traffic between two systems on a network. Setup and install wireshark on any one of the systems. Start the capture and stop as and when required. In the below screenshot, a filter is applied which would display the traffic between the systems 192.168.1.3 and 192.168.1.1

How to craft a ping packet

The tutorial explains how to craft a ping packet. Ping is a tool, which is used for network troubleshooting. It is also used to test the availability of a system on the network. Ping uses the ICMP protocol at the network layer for communication. ICMP type 8 and code 0 packet is generated when a ping request is initiated. For crafting a ping packet, scapy is used. The following code creates a ping packet, which has the source IP address as 192.168.1.6 and the destination IP address as

Copyright 2013 @ tcpipguru.com

Page 6: Network analysis Book

192.168.1.1. The ICMP packet is created , which is provided with the appropriate values, 8 and 0 for the type and code field. The packet is sent using the send(ip/icmp) command.

from scapy.all import *ip=IP()icmp=ICMP()ip.src='192.168.1.6'ip.dst='192.168.1.1'icmp.type=8icmp.code=0send(ip/icmp)

To test the functionality of the code, setup the lab with two systems with IP address as 192.168.1.6 and 192.168.1.1, both connected to a switch. Setup scapy, python and wireshark on the PC configured with the IP address, 192.168.1.6. Start wireshark on the PC and run the code. The ping request packet (Crafted packet) should be seen in wireshark as well as the response to the packet (Ping reply)

How to detect rogue DHCP servers on a network

In this tutorial, the mechanism to detect a rogue dhcp server with nmap is understood. Rogue dhcp servers are setup on the network by attackers to create disruption of services. nmap is installed on a system. nmap is used to scan, UDP port 67, which is used by DHCP servers on the network. As the network administrator would be aware of the IP address of the DHCP server on the network, any other IP address associated with UDP port 67 would be identified as a rogue DHCP server. The following screenshot shows the command which can be used for scanning the network 192.168.2.0/24 for udp port 67. The output of the command returns the dhcp servers on the network. In this network, there is only one valid dhcp server, which is 192.168.2.1.The status of the port 67 is shown as open.

Copyright 2013 @ tcpipguru.com

Page 7: Network analysis Book

Ebook Price - $5

Visit www.tcpipguru.com to buy the Ebook

Copyright 2013 @ tcpipguru.com