LinuxCBT PackCapAnal Edition 2012
LinuxCBT PackCapAnal Edition 2012
English | .MOV | aac, 44100 Hz, mono | h264, yuv420p, 800x600, 5.00 fps | 856MB
Genre: E-learning
English | .MOV | aac, 44100 Hz, mono | h264, yuv420p, 800x600, 5.00 fps | 856MB
Genre: E-learning
Introduction - Topology - Features
Discuss course outline
Explore system configuration
Identify key network interfaces to be used for captures
Identify connected interfaces on Cisco Switch
Explore network topology - IPv4 & IPv6
Identify Ethereal installation
Enumerate and discuss key Ethereal features
Ethereal® Graphical User Interface (GUI)
Identify installation footprint
Differentiate between promiscuous and non-promiscuous modes
Configure X.org to permit non-privileged user to write output to screen
Launch Ethereal GUI
Identify the primary GUI components /Packet List | Packet Details | Packet Bytes/
Discuss defaults
Explore key menu items
TCPDump | WinDump - Packet Capturing for /Linux|Unix|Windows/
Discuss defaults, features and applications
Use TCPDump on Linux to capture packets
Log traffic using default PCAP/TCPDump format
Discuss Berkeley Packet Filters (BPFs)
Capture and log specific packets using BPFs for analysis with Ethereal
Connect to Windows 2003 Server using Remote Desktop (RDesktop) utility
Install WinDump and WinPCAP on Windows 2003 Server
Identify available network interfaces using WinDump
Capture and log packets using WinDump
Capture and log specific packets using BPFs with WinDump for analysis with Ethereal
Upload captures to Linux system for analysis in Ethereal
Snort® NIDS Packet Capturing & Logging
Discuss Snort NIDS's features
Confirm prerequisites - /PCRE|LibPCAP|GCC|Make/
Download and Import Snort G/PGP key and MD5SUM for Snort NIDS
Download, verify, compile and install Snort NIDS
Discuss BPF directional, type, and protocol qualifiers
Identify clear-text based network applications and define appropriate BPFs
Execute Snort NIDS in sniffer mode with BPFs enabled to match interesting traffic
Log to the active pseudo-terminal console and examine the packet flows
Combine BPF qualifiers to increase packet-matching capabilities
Use logical operators to define more flexible BPFs
Create captures for further analysis with Ethereal
Sun Snoop Packet Capturing & Logging
Connect to Solaris 10 system and prepare to use Snoop
Draw parallels to TCPDump
Enumerate key features
Sniff and log generic traffic
Sniff and log specific traffic using filters
Sniff using Snoop, HTTP and FTP traffic
Save filters for analysis by Ethereal
Snoop various Solaris interfaces for interesting traffic
Layer-2 & Internet Control Messaging Protocol (ICMP) Captures
Launch Ethereal
Identify sniffing interfaces
Capture Address Resolution Protocol (ARP) Packets using Capture Filters
Discuss and Identify Protocol Data Units (PDUs)
Identify default Ethereal capture file
Peruse packet capture statistics
Identify Cisco VOIP router generating ARP requests
Peruse time precision features - deci - nano-seconds
Discuss time manipulations - relative to first packet - actual time
Reveal protocol information from layer-1 through 7
Identify network broadcasts in the packet stream
Generate Layer-2 ARP traffic using PING and capture and analyze results
Sniff traffic based on MAC addresses using Ethereal and Capture FIlters
User Datagram Protocol (UDP) Captures & Analyses
Discuss UDP Characteristics
Focus on Network Time Protocol (NTP)
Setup NTP strata for testing between multiple systems
Analyze NTP - UDP traffic using Ethereal
Focus on Domain Name Service (DNS)
Install a BIND DNS Caching-Only Server
Analyze DIG queries
Analyze 'nslookup' queries
HomePage
Screenshot:
(Click to enlarge)
(Click to enlarge)
LinuxCBT PackCapAnal Edition 2012
