Upload
luella
View
92
Download
6
Tags:
Embed Size (px)
DESCRIPTION
Lesson 18 Wireshark Capture Analysis Who Shot My Computer?. Overview. System Information Network Information IO Analysis Significant Events. Tools Used. WireShark EtherApe SNORT Grey Matter. System Information. Host name: KAUFMANUPSTAIRS Time of Events: 3:30 - 3:38PM - PowerPoint PPT Presentation
Citation preview
Lesson 18
Wireshark Capture Analysis
Who Shot My Computer?
Overview
• System Information
• Network Information
• IO Analysis
• Significant Events
Tools Used
• WireShark
• EtherApe
• SNORT
• Grey Matter
System Information
• Host name: KAUFMANUPSTAIRS
• Time of Events: 3:30 - 3:38PM
• Number of Packets: 2449
• Total Bytes Captured: 811157
Analysis Summary
EtherApe View
Input/Output Analysis
IO Analysis 1
IO Analysis 2
DNS ResolutionWorkstation – 172.16.1.35 accesses DNS – 172.16.0.1
ARP (Address Resolution Protocol) resolves the MAC Address of: 00:40:ca:70:19:a3
Network Information
• Logical network
• External Connection
• Observed Protocols
Observed Network Addresses
• 172.16.0.1 – Gateway device– Homeportal.gateway.2wire.net
• 172.16.1.34
• 172.16.1.35 - TiVo Media Services
• 172.16.1.36
• 172.16.1.37
• 172.16.1.39
IP Address Resolution 172.16.1.34, .36, .37, & .39 were made
No IP address was issued except for 172.16.1.35.
Gateway
wpad.gateway.2wire.net
Flow Analysis Internal
Endpoint Analysis-IPv4
Endpoint Analysis-TCP
Endpoint Analysis-UDP
External Connections
• 216.166.24.20 – RBFCU.ORG
• 152.163.15.208 – America Online
Flow Analysis External
Protocols Observed
HTTP Summary
HTTP Details
Significant Events
• Packet 73 – Anonymous FTP• Packet 236 - HTTP• Packet 958 - HTTPS• Packet 1205 – Tivo• Packet 1591 – IPv6• Packets: 1788 (Yahoo)
2123(AOL) 2156 (AIM)
FTPPacket 72-- FTP session was initiated with linux-wlan.org
Accessed using USER: anonymous, PSWD: IEUser@
Tivo
Packet 1205: DVR
IPv6 Packet 1591: a IPv6 Compaq Peer detected
SNORT Analysis
Just Port Scans?
Summary
• Do Analysis of the facts
• Make No Assumptions
• What Story Does it tell?
• Can you tell the story or do you need more facts?
• Can you get the facts?
• From Where?