Week 10
Agenda
- Revisit Volatility (Week 9)
- Networking
- Wireshark
Networks
LAN
Local Area Network -
One hop access through a Hub or Switch.
Hubs relay and broadcast the send packets to everyone.
Switches remember the MACs to avoid broadcasts.
MACs are 6 byte hardware addresses. All network interfaces have assigned MACs.
LAN
LANs have pre allocated IPs that are Private.
- 10.*.*.*
- 172.16.*.* to 172.31.*.*
- 192.168.*.*
These IPs cannot be accessed from outside the LAN
Anything else is a public IP (Usually). There is a lot here but we have no time to talk about it.
Wide Area Network -
Multi hop network, that is referred to as an internet.
Public IPs are used to traverse long distances. Routers need to use clever algorithms to send data where they need to go.
This is where protocols come in!
WAN
OSI Model
TCP
Transmission Control Protocol guarantees delivery of Datagrams. TCP uses a three-way hand shake to establish (SYN,SYN-ACK,ACK). Then the protocol includes extra information so that data can be reconstructed on the other end.
UPD is a less reliable protocol and less common.
Wireshark
Pcap
Wire share can open pcaps which stands for Packet Capture. You can open a .pcap in wireshark.
Wireshark can watch live traffic on an interface too.
Demo
Malware Traffic Analysis has many network traffic challenges! We are using one as an example now
Wireshark Resources
Homework this week
A client thinks there something wrong with their computer.
Week 10
By Drake P
Week 10
Wireshark
