network analysis book
DESCRIPTION
Network analysis BookTRANSCRIPT
Network Testing and Analysis
How to Guide for Networking Engineers
Copyright 2013 @ tcpipguru.com
Copyright 2013 @ tcpipguru.com
Table of ContentsHow to Capture and Display traffic between two systems on a network
How to craft a ping packet
How to detect rogue DHCP servers on a network
How to detect web servers on a network
How to display bytes received and sent on the network card in an interval
How to display ports in listening state on a Windows system
How to find access points on a network
How to find Active directory servers on a network
How to find all subnet directed broadcast on a network
How to find broadcast frames on a network
How to find FTP servers on a network
How to find a printer on a network
How to find ports open on your internet router
How to find proxy servers on a network
How to find TCP applications running on a remote system
How to find the IP address of an IP camera on a network
How to find the number of hops taken by a packet to reach the destination.
How to find the reason as to why an application is not working on a remote computer.
How to find unicast packets sent to a gateway router from devices on the network
How to find used IP addresses on a network
How to passively monitor 802.11 packets on a network
Copyright 2013 @ tcpipguru.com
How to route internet traffic through a specific network card
How to scan a range of TCP ports on a system
How to simulate TCP connections to a required server port number
How to troubleshoot DNS connectivity issues
How to troubleshoot internet with nmap.
How to troubleshoot port forwarding issues
How to troubleshoot remote desktop connectivity issues
How to troubleshoot web communication connectivity issues.
How to view received and sent bytes on a network card
How to view TCP connection statistics on a Windows systems
How to view TCP connections on a Window System
How to view the data in bytes which is sent and received by a process in memory
How to view the state of a network process on a Windows System
How to find HTTP traffic passing through a router
How to find http traffic to and from a PC on a network
How to find the protocols which pass through the LAN interface of an internet router.
How to detect eavesdropping vulnerable protocols on an IP address
How to test an inbound ACL
How to test cam flooding attack
How to send IP packets in a loop with random IP addresses.
Copyright 2013 @ tcpipguru.com
How to Capture and Display traffic between two systems on a network
The wireshark tutorial shows how to capture and display traffic between two systems on a network. Setup and install wireshark on any one of the systems. Start the capture and stop as and when required. In the below screenshot, a filter is applied which would display the traffic between the systems 192.168.1.3 and 192.168.1.1
How to craft a ping packet
The tutorial explains how to craft a ping packet. Ping is a tool, which is used for network troubleshooting. It is also used to test the availability of a system on the network. Ping uses the ICMP protocol at the network layer for communication. ICMP type 8 and code 0 packet is generated when a ping request is initiated. For crafting a ping packet, scapy is used. The following code creates a ping packet, which has the source IP address as 192.168.1.6 and the destination IP address as
Copyright 2013 @ tcpipguru.com
192.168.1.1. The ICMP packet is created , which is provided with the appropriate values, 8 and 0 for the type and code field. The packet is sent using the send(ip/icmp) command.
from scapy.all import *ip=IP()icmp=ICMP()ip.src='192.168.1.6'ip.dst='192.168.1.1'icmp.type=8icmp.code=0send(ip/icmp)
To test the functionality of the code, setup the lab with two systems with IP address as 192.168.1.6 and 192.168.1.1, both connected to a switch. Setup scapy, python and wireshark on the PC configured with the IP address, 192.168.1.6. Start wireshark on the PC and run the code. The ping request packet (Crafted packet) should be seen in wireshark as well as the response to the packet (Ping reply)
How to detect rogue DHCP servers on a network
In this tutorial, the mechanism to detect a rogue dhcp server with nmap is understood. Rogue dhcp servers are setup on the network by attackers to create disruption of services. nmap is installed on a system. nmap is used to scan, UDP port 67, which is used by DHCP servers on the network. As the network administrator would be aware of the IP address of the DHCP server on the network, any other IP address associated with UDP port 67 would be identified as a rogue DHCP server. The following screenshot shows the command which can be used for scanning the network 192.168.2.0/24 for udp port 67. The output of the command returns the dhcp servers on the network. In this network, there is only one valid dhcp server, which is 192.168.2.1.The status of the port 67 is shown as open.
Copyright 2013 @ tcpipguru.com
Ebook Price - $5
Visit www.tcpipguru.com to buy the Ebook
Copyright 2013 @ tcpipguru.com