GROUP D

GROUP D. MEMBERS : 1 . ANN MORAA- IN16/00028/19 2 . YASIN MAULID - IN16/00044/19 3. PETER MUGURE- IN16/00013/19 4 . HEZRON ROTICH- IN16/00027/19 5 . WILFRED MWENDIA- IN16/00016/19 6 . NGORE NICHOLAS MUTHARIMI - IN16/00015/19.

COMPUTER SECURITY LAB MANUAL. EXPERIMENT 2: STUDY OF PACKET SNIFFER TOOLS A PACKET SNIFFER IS A SOFTWARE/HARDWARE TOOL TO INTERCEPT, LOG & ANALYZE NETWORK TRAFFIC AND DATA. EXAMPLE: WIRESHARK ETHEREAL TCPDUMP COLASOFT CAPSA SOLARWINDS NETWORK PERFORMANCE MONITOR WIRESHARK – IS A NETWORK ANALYSIS TOOL WHICH CAPTURES PACKETS IN REAL TIME BASIS & DISPLAYS THEM IN HUMAN READABLE FORMAT..

FEATURES OF WIRESHARK. COLORIZE PACKET DISPLAY BASED ON FILTERS. FILTER PACKETS ON MANY CRITERIA CAPTURE LIVE PACKET DATA FROM NETWORK INTERFACE. FILTER PACKETS ON MANY CRITERIA. IMPORT PACKETS FROM TEXT FILES CONTAINING HEX DUMPS OF PACKET DATA..

APPLICATIONS OF WIRESHARK. USED BY NETWORK ADMINISTRATORS TO TROUBLESHOOT NETWORK PROBLEMS. USED BY NETWORK SECURITY ENGINEERS TO EXAMINE SECURITY PROBLEMS. USED BY DEVELOPERS TO DEBUG PROTOCOL IMPLEMENTATIONS PEOPLE USE IT TO LEARN NETWORK PROTOCOL INTERNALS..

USES OF PACKET SNIFFER TOOL. TRAFFIC ANALYSIS TROUBLESHOOTING PACKET GRAPPING PROTOCOL ANALYSIS PENETRATION TESTING.

CAPTURING PACKETS. DOWNLOAD AND INSTALL WIRESHARK LAUNCH IT AND CLICK THE NAME OF AN INTERFACE UNDER INTERFACE LIST TO START CAPTURING PACKETS ON THAT INTERFACE. E.G IF YOU WANT TO CAPTURE TRAFFIC ON WIRELESS NETWORK, CLICK YOUR WIRELESS INTERFACE LIKE WI-FI. CLICK STOP CAPTURE BUTTON TO STOP CAPTURING TRAFFIC..

WIRESHARK USES COLORS TO HELP IDENTIFY TYPE OF TRAFFIC:.

FILTERING PACKETS. TO APPLY A FILTER, TYPE IT INTO THE FILTER BOX AT THE TOP OF THE WINDOW & CLICK APPLY(PRESS ENTER). E.G TYPE DNS TO SEE ONLY DNS PACKETS. RIGHT CLICK A PACKET AND SELECT FOLLOW TCPSTREAM TO SEE THE FULL CONVERSATION BETWEEN CLIENT AND THE SERVER. WHEN YOU CLOSE THE WINDOW, YOU WILL FIND A FILTER HAS BEEN APPLIED AUTOMATICALLY E.G tcp.stream.eq67 WIRESHARK SHOWS YOU THE PACKETS THAT MAKE UP THE CONVERSATION..

INSPECTING PACKETS. CLICK A PACKET TO SELECT IT AND YOU CAN DIG DOWN TO VIEW ITS DETAILS. YOU CAN ALSO CREATE FILTERS- RIGHT CLICK ONE OF THE DETAILS AND USE THE APPLY AS FILTER SUBMENU TO CREATE A FILTER BASED ON IT..