IDS AND IPS
WIRE SHARK
Wire Shark – www.wireshark.org
Examination of HTTP Request, Cookies, web base forms, and Flash Video File (FLV).
Network Protocol Analyzer
Wireshark is Open Source:
Available for OS:
Windows
Linux
Unix/Apple (Macintosh)
Browser Configuration:
Set to open a blank page first
Purpose to isolate the packets desired for examination
Capture
Interfaces
Identify the interface & corresponding IP addy
Click on Start on the right hand side of the Interface section
Test Websites:
www.httprecipes.com (Heaton Research)
www.httprecipes.com/1/2/cookies.php (Heaton Research)
www.httpresipes.com/1/2/forms.php (Heaton Research)
Start Capture
Stop Capture
Filter:
Expression:
Click on the protocol button to sort protocols alphabetically
Scroll down the expression list
Select HTTP
Select the Apply button
View hits
Select the Clear button
Filter Text box:
As the protocol is typed the back ground of the text box is pink and/or red
The purpose of this would be to identify the protocol
Typing is case sensitive All upper case will return an invalid response
Examine Cookies:
Cookies:
Cookie Exchange requires that each side send a pseudorandom #, the cookie, in the initial message, which the other side acknowledges.
The cookie must depend on the specific parties
It must not be possible for anyone other than the issuing entity to generate cookies that will be accepted by tat entity.
The cookie generation and verification methods must be fast to thwart attacks intended to sabotage processor resources.
Once the browser has set the cookie it must echo the cookie with each request
Search for HTTP / POST command
Web Forms:
Provide a means for an end user to enter data into a web browser.
Data packets transferred through these forms can be captured by a network analyzer
Identify Passwords:
Filter out HTTP Request
POST command
Analyze Follow TCP stream
SSDP = Simple Service Discovery Protocol (SSDP)
Part of the Internet Protocol Suite (IP)
Used to advertise and discover network services
Universal Plug & Play (UPnP)
Described by Internet Engineering Task Force (IETF) Internet draft by Microsoft & Hewlett-Packard in 1999
Text based protocol based in the Hyper Text Transfer Protocol (HTTP/1.1) utilizes the User Datagram Protocol (UDP).