[COURSE_PTHE] 8. 嗅探吞吐量

1. 简介:嗅探(Sniffing Traffic)

    Learn techniques for sniffing and analyzing network traffic, and how to identify signatures of information as it travels through the network.

    The Sniffing Traffic module explores and discusses the techniques for sniffing and analyzing network traffic as part of your penetration testing strategy.  The goal is to identify the signatures of information as it’s moved across the network – this is basic packet (information) analysis 101.

    The Sniffing Traffic series also stresses the importance of OSI Model knowledge, and it demonstrates how critical it is to know and understand how each layer of the OSI performs, what happens there, and the impact on information as it moves from one OSI layer to another.

    The topics explored in the Sniffing Traffic Module include:

  • Whiteboard, which shows the interrelationship of all the basic components utilized for this module
  • And the following simulation labs:
    • macof
    • Driftnet
    • smac Windows 
    • tshark
    • urlshark
    • WebSpy

 

 

 

2. 框架

    In this whiteboard lecture we cover network traffic sniffing. Network sniffing is the idea of actually watching what’s happening on another network through another device. Usually hackers will be looking for all the data, packets and traffic on your system, hence knowing how to sniff traffic is an essential skill. 

 

3. macof使用

    This lab discusses and teaches you how to use other sniffing tools such as “EtherApe” to perform packet analysis and do so in conjunction with the macof sniffing tool.

    In this macof lab, you’ll learn the difference in how each tool captures and presents data, the information provided by the specific tool you’re using, and more importantly, “how to use each sniffing tool correctly!”

    For this simulation lab, the tool WireShark is also demonstrated to provide a different perspective for packet and/or protocol analysis.

 

 

4. Driftnet使用

    This Sniffing Traffic simulation demonstrates how to use Driftnet, and how to interpret the information Driftnet captures.

    Driftnet is a screen capture tool that allows you to capture images of network traffic in real time.

 

 

 

5. SMAC使用

    SMAC is a version specific MAC address changing utility.  This Sniffing Traffic lab teaches you how to use SMAC, when to use SMAC and why SMAC is needed for penetration testing.

    The lab also discusses and demonstrates various ways to confirm the Mac address was changed.

 

 

Windows版本:SMAC2.0

 

6. tshark使用

    In this lab, you’ll learn how to decipher specific network traffic data that is displayed from the dump file using the tshark.  You’ll also learn how you can specify the type of and location of your dump file output, and how to add additional datasets to the output, a traffic sniffing essential.

 

 

7. urlsnarf使用

    In the urlsnarf lab, you’ll learn how to use URL sniffing tools from the interface you’re monitoring from.

    All web servers have what’s called a “Common Log Format.” urlsnarf tool does is sniff the HTTP validation requests that are made to that log. 

 

 

8. WebSpy使用

    Web Spy is a scripting sniffing tool that tracks web traffic. In this lab, you’ll learn how to use it for analyzing all types of web log data from web browsing to application use and email traffic — you see every transaction there is to see between the client and the network.  In this lab, you’ll also learn how to use WebSpy as a “denial of service” and a “denial of service attack” tool and analyze those finding to identify vulnerabilities.

    WebSpy is a powerfully revealing traffic sniffing tool because you literally monitor and spy on network traffic by viewing the traffic log.

 

 

posted @ 2015-09-30 21:49  It's_Lee  阅读(188)  评论(0编辑  收藏  举报