Principles of Cybersecurity, 1st Edition page 265

Copyright Goodheart-Willcox Co., Inc. Chapter 8 Overview of Network Security and Network Threats 265 Packet Sniffer With an understanding of header content, you can start to view the data in a packet sniffer. A packet sniffer is a tool that intercepts raw data traveling on the network media. It uses a network interface card (NIC) to capture data. The sniffer must be confi gured to use a specifi c NIC. The tool may only see the traffi c coming to and from the host computer or it may see all traffi c on the network segment. This depends on the type of sniffer and its confi guration. Wireless traffi c can be sniffed as well. Wireless traffi c can only be viewed one channel at a time. To sniff multiple channels, additional net- work cards must be confi gured to see the different channels. Once the traffi c is found, the sniffer reads the header information along with time and sequencing. It analyzes the traffi c and presents it in a more logical view of the data. Packet sniffers can only read data that is not encrypted. Encrypting data is the best defense against a hacker who may be using a sniffer to view data transmit- ted on the network. As a security administrator, a sniffer can be used to uncover a great deal of information that will also allow you to check for potential security threats and vulnerabilities. Some of this information is covered throughout this chapter. One of the best-known packet sniffers is a free, open-source program called Wireshark. This has been around a long time. It used to be called Ethereal. Wire- shark can be downloaded from its website (www.wireshark.org). For Linux hosts, a text-based solution called tcpdump is often used. This program is included in many Linux distributions. CompTIA Security+ 2.2 MTA Security Fundamentals 3.3 Is packet sniffi ng legal? In most cases, you may not use a packet sniffer on a network that you do not own or have written permission to monitor. FYI Goodheart-Willcox Publisher Figure 8-17. There are differences in the packet header information between IPv4 and IPv6 packets. IPv6 Packet Header Information Version (IPv6) Traffic Class Flow Label Payload Length Next Header Hop Limit Source Address Destination Address Quick Look 8.1.4 Wireshark Basics This activity requires Wireshark to be installed on your computer. When installing it, if prompted to install Winpcap, install that as well. Wireshark offers viewing in legacy mode, but for this activity, the normal mode will be used. 1. Launch Wireshark. 2. Once Wireshark launches, you can open a previous Wireshark capture (.pcap fi le), or you can double-click a network interface card (NIC) in the list at the bottom of the screen to begin capturing. The graph you see next to an NIC is depicting the network traffi c. 3. After double-clicking an NIC, data are immediately displayed as they are captured. If you do not see data, and you are on a wired connection, minimize Wireshark, open a web browser, and ping your default gateway. If you are on a wireless connection, the wireless NIC has to support promiscuous mode (sees all packets transmitted).

Previous Page Next Page

Principles of Cybersecurity, 1st Edition Page 265 (277 of 634)

Resources and Downloads

Help