Embed Size (px)
Citation preview
U. T
rick
: P
ract
ise
Hin
ts f
or
Net
work
s –
All
Rig
hts
res
erved
Practise Hints for Networks
- Computers and Networks
- Protocol Analysis Software Wireshark
- Protocol Analysis Software Packetyzer
- Software Hints
U. T
rick
: P
ract
ise
Hin
ts f
or
Net
work
s –
All
Rig
hts
res
erved
Computers and Networks 1
Start/Run: cmd (Windows) or …/Terminal (Linux)
Detecting network adapters + configuration
ipconfig/all (Windows) or ifconfig (Linux)
Detecting the corresponding MAC-address due to an IP-address
ARP-request (Address Resolution Protocol): arp -a <IP-address>
ARP-cache content: arp -a
Deleting ARP-cache: arp -d
Creating a static MAC-table entry: arp -s <IP-address> <MAC-address>
All options of arp-request: arp /? (Windows) or arp --help (Linux)
Contacting IP-Addresses by Ping
ping <IP-address or Domain>
Permanent Ping: ping -t <IP-address> (Windows) or ping <IP-address> (Linux)
cancel with mit Ctrl+c
U. T
rick
: P
ract
ise
Hin
ts f
or
Net
work
s –
All
Rig
hts
res
erved
Name Server query by nslookup
nslookup <domain> (Forward Lookup, DNS-query)
nslookup <IP-address> (Reverse Lookup, often not supported)
Checking of routs
tracert <IP-address or domain> (Windows) or traceroute
<IP-address or domain> (Linux)
Checking of active sockets
netstat -an
All options of netstat-request: netstat /? (Windows) or netstat --help (Linux)
Routing table
Display: route print (Windows) or route (Linux)
Control: route add/delete/change (Windows) or route add/delete (Linux)
All options of route-request: route /? (Windows) or route --help (Linux)
Computers and Networks 2
U. T
rick
: P
ract
ise
Hin
ts f
or
Net
work
s –
All
Rig
hts
res
erved
Capturing of packets
In order to start a package capturing process, click first on the left push button underneath the menu bar.
In the now opening window normally you have the choice between different network adapters. Click on the push button
„Start“ beside the appropriate network adapter.
From now on all packages, which pass the selected network adapter, are captured by Wireshark. For
terminating the capturing process click onto the the framed push button underneath the menu bar.
Protocol Analysis SW Wireshark 1
See Ch. 15.3
U. T
rick
: P
ract
ise
Hin
ts f
or
Net
work
s –
All
Rig
hts
res
erved
Protocol analysis of captured packets
After the first start of the program the program window of the protocol analysis software Wireshark contains the three
in the following figure emphasized display ranges. Based on these areas capturedd packets can be presented and
analyzed. By clicking, holding and manual shifting of the grey dividing lines between the individual representation
ranges the hight of the areas can be adapted individually.
See Ch. 15.3
Protocol Analysis SW Wireshark 2
protocol
display area
code
display area
sequence
display area
U. T
rick
: P
ract
ise
Hin
ts f
or
Net
work
s –
All
Rig
hts
res
erved
Analysis of the content of captured packets
After stopping a capturing process the data can be evaluated packet by packet. Mark for this the destinated packet in
the sequence display area by clicking. In the code display area of the main window now the data are represented in
hexadecimal and ASCII-code. All concerned data contained in the packet can be represented by scrolling up and down.
Also increasing of the representation range by shifting the window border is possible.
In the protocol display area the protocol tree of the marked packet is presented. By clicking the extension signs (+-sign)
in front of the protocol names inside the destinated packet the protocols can be shown and analysed in more detail.
Storing of a record
By the protocol analysis software Wireshark each packet record can be stored on a hard disk or an USB stick due to a
later analysis. Open the menu „File“ and click onto „Save As“. Choose a path, e.g. c:\protocols\, for storing the file and
define a name for the file. Leave the field „file type“ unchanged („Wireshark/tcpdump/…“) and acknowledge your input
by clicking the push button „Store“. The stored capture file can be opened again by „File/Open/File name“.
See Ch. 15.3
Protocol Analysis SW Wireshark 3
U. T
rick
: P
ract
ise
Hin
ts f
or
Net
work
s –
All
Rig
hts
res
erved
Capturing of packets
To start the capturing of sent and received packets via the selected network adapter („Edit/Select Adapter“), click onto
the framed push button underneath the menu bar.
From now on all packages, which pass the selected network adapter, are captured by Packetyzer. For terminating the
recording process click onto the framed push button again. Starting and stopping of a capturing process could be also
provided via the menu „Session/Start Capture“ and „Stop Capture“ or by the buttons <F5> (Start) and <F6> (Stop).
Analysis of the content of captured packets
After stopping a capturing process the data can be evaluated packet by packet. Mark for this the destinated packet in
the sequence display area by clicking. In the code display area of the main window now the data are represented in
hexadecimal and ASCII-code. All concerned data contained in the packet can be represented by scrolling up and down.
Also increasing of the representation range by shifting the window border is possible.
Protocol Analysis SW Packetyzer (only Windows) 1
See Ch. 15.2
U. T
rick
: P
ract
ise
Hin
ts f
or
Net
work
s –
All
Rig
hts
res
erved
In the protocol display area at the left side of the program window the protocol tree of the marked packet is presented.
By clicking the extension signs (+-sign) in front of the protocol names inside the destinated packet the protocols can be
presented and analysed in more detail.
See Ch. 15.2
Ablaufdarstellungsbereich
Protocol Analysis SW Packetyzer 2
sequence display area
protocol display area
code display area
U. T
rick
: P
ract
ise
Hin
ts f
or
Net
work
s –
All
Rig
hts
res
erved
Storing of a record
By the protocol analysis software Packetyzer each packet record can be stored on a hard disk or an USB stick due to a
later analysis. Open the menu „File“ and click onto „Save As“. Choose a path, e.g. c:\protocols\, for storing the file and
define a name for the file. Leave the field „file type“ unchanged („libpcap tcpdump, Ethereal …“) and acknowledge
your input by clicking the push button „Store“. The stored capture file can be opened again by „File/Open/File name“.
See Ch. 15.2
Protocol Analysis SW Packetyzer 3
U. T
rick
: P
ract
ise
Hin
ts f
or
Net
work
s –
All
Rig
hts
res
erved
Software Hints
Protocol analysis SW
Wireshark (formerly Ethereal; Linux/Windows)):
www.wireshark.org (formerly www.ethereal.com)
Packetyzer (Windows): www.packetyzer.com
SIP User Agents
PhonerLite (Windows): www.phonerlite.de
Windows Messenger (Windows)
X-Lite (Windows/Linux): http://www.counterpath.com/x-lite.html
SIP Proxy/Registrar Server
SER (Linux): www.iptel.org; http://opensips.org; http://kamailio.org
Session Border Controller/IP PABX (Private Automatic Branch Exchange)
Asterisk (Linux): www.asterisk.org
SIP Application Server
Mobicents (Windows/Linux) (JAIN SLEE/SIP Servlets): www.mobicents.org
SailFin (Windows/Linux) (SIP Servlets): https://sailfin.dev.java.net
