Lab3: Network Traces Analysis - PowerPoint PPT Presentation

1 / 12
About This Presentation
Title:

Lab3: Network Traces Analysis

Description:

Easy to get packet traces (sniffing) Packet traces contain sensitive information ... grep. Find a match in the file. See the man page for grep ... – PowerPoint PPT presentation

Number of Views:53
Avg rating:3.0/5.0
Slides: 13
Provided by: Office2004513
Category:

less

Transcript and Presenter's Notes

Title: Lab3: Network Traces Analysis


1
Lab3 Network Traces Analysis
2
Overview
  • Network packets are logged for
  • Network monitor
  • Protocol debugging
  • Troubleshooting
  • Attackers often peer into the packets
  • Many protocols are in clear-text (e.g., ftp,
    http)
  • Easy to get packet traces (sniffing)
  • Packet traces contain sensitive information
  • Do offline analysis on given packet traces,
    extracting sensitive information

3
Task 1 Extract FTP Passwords
  • FTP communication is not encrypted
  • Goal recover all the username and password of
    ftp accounts from a network trace file
  • Assumptions
  • FTP server is using port 21
  • No protocols other than FTP is running on port 21

4
Task 2 Extract HTTP URLs
  • HTTP traffic is not encrypted
  • Goal find out all the URLs the browser has
    visited in the network trace file
  • Assumptions
  • The HTTP sever is using port 80
  • No protocol other than HTTP is running on port 80
  • During the protocol, neither the server not the
    client gets disconnected

5
Task 3 Extract HTTP cookies
  • Cookies are transmitted in clear-text
  • May contain sensitive information
  • Goal to extract all cookies contained in the
    network trace file
  • Same assumptions as that for task 2
  • Make it easier
  • Only extract the cookies sent out by the browser
    dont extract the cookies sent by the server
  • Dont worry about the domain and path
    attributes

6
Implementation
  • All the functionalities will be implemented in a
    single executable
  • The stub code and the make file are provided
  • Read the instruction in the lab handout carefully
    about how to use the stub code

7
Testing Grading
  • 6 out of 8 trace files used in grading are
    provided
  • Some sample output are also provided
  • Strictly follow the output format requirements
    given in the handout
  • Make sure your outputs are exactly the same as
    the sample outputs
  • See the readme file for information about the
    samples
  • Note the program should only output to the
    standard output
  • Do not print any debugging information

8
Hints
  • Keywords
  • FTP Password USER, PASS
  • HTTP URLs GET, Host
  • HTTP Cookies Host, Cookie
  • Backup code often

9
Useful Tools
  • The traces are generated using tcpdump
  • You should use the tool tcpflow to filter and
    convert the trace file to ease the analysis and
    debugging
  • See the summary function in the stub file as an
    example
  • grep
  • Find a match in the file
  • See the man page for grep
  • A function to invoke a command and get back the
    results is provided in the stub file

10
Readings
  • FTP rfc959
  • Section 4.1.1 ACCESS CONTROL COMMAND
  • HTTP rfc2616
  • Section 9.3 GET method
  • Section 14.23 Host header field
  • HTTP Cookies rfc2965
  • Section 3.3.4 sending cookies
  • A general understanding of the protocol will help

11
Turnin
  • Only need to turnin the source code and the make
    file
  • Turnin instruction will be sent to the
    mailing-list later

12
  • Have fun!
  • Questions?
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Lab3: Network Traces Analysis" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!