More Related Content More from Mutsumi IWAISHI (7) ネットワークに流れるパケットをのぞいてみよう5. ISOL
OSI Layer7
•
Web
html
h2p ntp
End-‐‑End TCP UDP
IP IPX
ieee802.3X
ieee801.11X
UTP
6. ISOL
BDU)
Tcp,udp
IP
Mac
HUB
7. ISOL
• 1
o
• 2
o MAC
• 3
o IP
8. ISOL
TCP/IP TCP/IP
Wi-‐‑Fi Ethernet
10. ISOL
tcp/ip
• tcp/ip
o
o tcp ip
o tcp/ip udp
o ip
o tcp udp ip
tcp(udp)/ip
11. ISOL
tcp udp
• TCP
o
o
o
o
o 3-Way
• UDP
o
o
o
o
14. ISOL
HUB
MAC
C
A
B C D
19. ISOL
• Wireshark
o GUI
o
o OS
• tcpdump
o CUI
o BSD Linux
o CUI
• Sniffer/Netasyst
o
o Windows
Windows
20. ISOL
•
o
•
o L1 HUB
o L2-SW
21. ISOL
SW
SW SW SW SW SW SW
25. ISOL
wireshark.org
•
• GPL-‐‑OSS
• Ethereal
•
h4p://www.wireshark.org/
27. ISOL
Wireshark
• OSS GPL
• 0
• Windows Mac Linux,BSD
• GUI
• Windows
USB-Portable
31. ISOL
•
o Capture stop
•
o File save
32. ISOL
• Filter
•
o
o IP
o MAC
o
o
o
34. ISOL
IP
• Filter
ip.addr==x.x.x.x
Apply
Enter
•
IP
35. ISOL
MAC
• Filter
eth.addr==xx:xx:xx:xx:xx:xx
Apply
•
MAC
36. ISOL
• Filter
tcp.port==xxx
Apply
• tcp
xxx
37. ISOL
• Filter Expression
o Expression…
o Field name Relation Value
OK
o Apply
•
IP 192.168.2.1
Field name: ip.src IPv4
Relation: ==
Value: 192.168.2.1
38. ISOL
• and(&&) or(||)
• Range
•
41. ISOL
• 172.16.200.200/24
• PC 172.16.200.xxx/24(DHCP)
• DNS 172.16.200.200(DHCP)
•
httpd(https ),dns,sshd,telnetd,smtpd,pop3d
•
user1,user2,user3,user4,
•
42. ISOL
h2p
• Web
• Wireshark LAN
• http://testsv.sitw.com/
•
43. ISOL
Tcp 3way-‐‑handshack
44. ISOL
h2p h2ps
• https://testsv.sitw.com/
•
o
o http
45. ISOL
GET POST
• http://testsv.sitw.com/gettest.html
web
•
http://testsv.sitw.com/posttest.html
web
46. ISOL
BASIC
• BASIC
•
• URL
http://testsv.sitw.com/basic/
User: sitw
Pass: sitw
47. ISOL
Digest
• Digest
• URL
http://testsv.sitw.com/digest/
User: sitw
Pass: sitw
50. ISOL
• telnet ssh
• DNS
• PING
•
smtp smtp-auth pop3 imap4
53. ISOL
•
• Flow Graph
o Statistics Flow Graph
o
o IP
o
54. ISOL
•
• Follow TCP Stream
o Analyze Follow TCP Stream
o
o
udp Follow UDP Stream
55. ISOL
•
• Expert infos
o Analyze Expert info Composite
o Error Warning Notes
o Chat tcp
56. ISOL
•
• IO Graph
o Statistics IO Graph
o Filter
57. ISOL
•
• Protocol Hierarchy
o Statistics Protocol Hierarchy
o
59. ISOL
•
o Capture Options Capture File
o Use multiple files
• Proxy http
Decode As
o Analyze Decode As
o
61. ISOL
Q !!w
•
o www.yahoo.co.jp
o IP
o
o DNS
•
o DHCP
o
o DNS
62. ISOL
Q:
•
o
o
o DNS
•
o
o
o
o
o
63. ISOL
Packet Black Hole