Wireshark & Ethereal Network Protocol Analyzer Too
Instelling
Wireshark & Ethereal Network Protocol Analyzer Too
Wireshark & Ethereal Network Protocol Analyzer Toolkit provides complete information and step-by-step Instructions for analyzing protocols and network traffic on Windows, Unix or Mac OS X networks. First, readers will learn about the types of sniffers available today and see the benefits of using E...
Wireshark & Ethereal Network Protocol Analyzer Too
Alle documenten voor dit vak (1)
Verkoper
Volgen
RobertCuong
Voorbeeld van de inhoud
,Chapter 1. Introducing Network Analysis
SOLUTIONS IN THIS CHAPTER
What is Network Analysis and Sniffing?
Who Uses Network Analysis?
How Does it Work?
Detecting Sniffers
Protecting Against Sniffers
Network Analysis and Policy
Summary
Solutions Fast Track
Frequently Asked Questions
Introduction
“Why is the network slow?” “Why can’t I access my e-mail?” “Why can’t I get to the shared
drive?” “Why is my computer acting strange?” If you are a systems administrator, network
engineer, or security engineer you have heard these questions countless times. Thus begins the
tedious and sometimes painful journey of troubleshooting. You start by trying to replicate the
problem from your computer, but you can’t connect to the local network or the Internet either.
What should you do? Go to each of the servers and make sure they are up and functioning? Check
that your router is functioning? Check each computer for a malfunctioning network card?
Now consider this scenario. You go to your main network switch or border router and configure
one of the unused ports for port mirroring. You plug in your laptop, fire up your network analyzer,
and see thousands of Transmission Control Protocol (TCP) packets (destined for port 25) with
various Internet Protocol (IP) addresses. You investigate and learn that there is a virus on the
network that spreads through e-mail, and immediately apply access filters to block these packets
from entering or exiting your network. Thankfully, you were able to contain the problem relatively
quickly because of your knowledge and use of your network analyzer.
What Is Network Analysis and Sniffing?
Network analysis (also known as traffic analysis, protocol analysis, sniffing, packet analysis,
eavesdropping, and so on) is the process of capturing network traffic and inspecting it closely to
determine what is happening on the network. A network analyzer decodes the data packets of
common protocols and displays the network traffic in readable format. A sniffer is a program that
,monitors data traveling over a network. Unauthorized sniffers are dangerous to network security
because they are difficult to detect and can be inserted almost anywhere, which makes them a
favorite weapon of hackers.
A network analyzer can be a standalone hardware device with specialized software, or software
that is installed on a desktop or laptop computer. The differences between network analyzers
depend on features such as the number of supported protocols it can decode, the user interface,
and its graphing and statistical capabilities. Other differences include inference capabilities (e.g.,
expert analysis features) and the quality of packet decodes. Although several network analyzers
decode the same protocols, some will work better than others for your environment.
NOTE
The “Sniffer™” trademark, (owned by Network General) refers to the Sniffer product line. In the
computer industry, “sniffer” refers to a program that captures and analyzes network traffic.
Figure 1.1 shows the Wireshark Network Analyzer display windows. A typical network analyzer
displays captured traffic in three panes:
Summary. This pane displays a one-line summary of the capture. Fields include the date,
time, source address, destination address, and the name and information about the highest-
layer protocol.
Detail. This pane provides all of the details (in a tree-like structure) for each of the layers
contained inside the captured packet.
Data. This pane displays the raw captured data in both hexadecimal and text format.
, Figure 1.1. Network Analyzer Display
A network analyzer is a combination of hardware and software. Although there are differences in
each product, a network analyzer is composed of five basic parts:
Hardware. Most network analyzers are software-based and work with standard operating
systems (OSes) and network interface cards (NICs). However, some hardware network
analyzers offer additional benefits such as analyzing hardware faults (e.g., cyclic
redundancy check (CRC) errors, voltage problems, cable problems, jitter, jabber,
negotiation errors, and so on). Some network analyzers only support Ethernet or wireless
adapters, while others support multiple adapters and allow users to customize their
configurations. Depending on the situation, you may also need a hub or a cable tap to
connect to the existing cable.
Capture Driver. This is the part of the network analyzer that is responsible for capturing
raw network traffic from the cable. It filters out the traffic that you want to keep and stores
the captured data in a buffer. This is the core of a network analyzer—you cannot capture
data without it.
Buffer. This component stores the captured data. Data can be stored in a buffer until it is
full, or in a rotation method (e.g., a “round robin”) where the newest data replaces the
oldest data. Buffers can be disk-based or memory-based.
Real-time Analysis. This feature analyzes the data as it comes off the cable. Some network
analyzers use it to find network performance issues, and network intrusion detection
systems (IDSes) use it to look for signs of intruder activity.
Decode. This component displays the contents (with descriptions) of the network traffic so
that it is readable. Decodes are specific to each protocol, thus network analyzers vary in
the number of decodes they currently support. However, new decodes are constantly being
added to network analyzers.
NOTE
Jitter is the term that is used to describe the random variation of signal timing (e.g.,
electromagnetic interference and crosstalk with other signals can cause jitter). Jabber is the
term that is used to describe when a device is improperly handling electrical signals, thus
affecting the rest of the network (e.g., faulty NICs can cause jabber).
Who Uses Network Analysis?
System administrators, network engineers, security engineers, system operators, and programmers
all use network analyzers, which are invaluable tools for diagnosing and troubleshooting network
problems, system configuration issues, and application difficulties. Historically, network analyzers
were dedicated hardware devices that were expensive and difficult to use. However, new advances
in technology have allowed for the development of software-based network analyzers, which make
it more convenient and affordable for administrators to effectively troubleshoot a network. It also
brings the capability of network analysis.
Voordelen van het kopen van samenvattingen bij Stuvia op een rij:
Verzekerd van kwaliteit door reviews
Stuvia-klanten hebben meer dan 700.000 samenvattingen beoordeeld. Zo weet je zeker dat je de beste documenten koopt!
Snel en makkelijk kopen
Je betaalt supersnel en eenmalig met iDeal, creditcard of Stuvia-tegoed voor de samenvatting. Zonder lidmaatschap.
Focus op de essentie
Samenvattingen worden geschreven voor en door anderen. Daarom zijn de samenvattingen altijd betrouwbaar en actueel. Zo kom je snel tot de kern!
Veelgestelde vragen
Wat krijg ik als ik dit document koop?
Je krijgt een PDF, die direct beschikbaar is na je aankoop. Het gekochte document is altijd, overal en oneindig toegankelijk via je profiel.
Tevredenheidsgarantie: hoe werkt dat?
Onze tevredenheidsgarantie zorgt ervoor dat je altijd een studiedocument vindt dat goed bij je past. Je vult een formulier in en onze klantenservice regelt de rest.
Van wie koop ik deze samenvatting?
Stuvia is een marktplaats, je koop dit document dus niet van ons, maar van verkoper RobertCuong. Stuvia faciliteert de betaling aan de verkoper.
Zit ik meteen vast aan een abonnement?
Nee, je koopt alleen deze samenvatting voor €3,92. Je zit daarna nergens aan vast.
