3. Copyright 2013 @ tcpipguru.com
Table of Contents
How to Capture and Display traffic between two systems on a network
How to craft a ping packet
How to detect rogue DHCP servers on a network
How to detect web servers on a network
How to display bytes received and sent on the network card in an interval
How to display ports in listening state on a Windows system
How to find access points on a network
How to find Active directory servers on a network
How to find all subnet directed broadcast on a network
How to find broadcast frames on a network
How to find FTP servers on a network
How to find a printer on a network
How to find ports open on your internet router
How to find proxy servers on a network
How to find TCP applications running on a remote system
How to find the IP address of an IP camera on a network
How to find the number of hops taken by a packet to reach the destination.
How to find the reason as to why an application is not working on a remote
computer.
How to find unicast packets sent to a gateway router from devices on the network
How to find used IP addresses on a network
How to passively monitor 802.11 packets on a network
4. Copyright 2013 @ tcpipguru.com
How to route internet traffic through a specific network card
How to scan a range of TCP ports on a system
How to simulate TCP connections to a required server port number
How to troubleshoot DNS connectivity issues
How to troubleshoot internet with nmap.
How to troubleshoot port forwarding issues
How to troubleshoot remote desktop connectivity issues
How to troubleshoot web communication connectivity issues.
How to view received and sent bytes on a network card
How to view TCP connection statistics on a Windows systems
How to view TCP connections on a Window System
How to view the data in bytes which is sent and received by a process in memory
How to view the state of a network process on a Windows System
How to find HTTP traffic passing through a router
How to find http traffic to and from a PC on a network
How to find the protocols which pass through the LAN interface of an internet
router.
How to detect eavesdropping vulnerable protocols on an IP address
How to test an inbound ACL
How to test cam flooding attack
How to send IP packets in a loop with random IP addresses.
5. Copyright 2013 @ tcpipguru.com
How to Capture and Display traffic between two systems on a network
The wireshark tutorial shows how to capture and display traffic between two
systems on a network. Setup and install wireshark on any one of the systems. Start
the capture and stop as and when required. In the below screenshot, a filter is
applied which would display the traffic between the systems 192.168.1.3 and
192.168.1.1
How to craft a ping packet
The tutorial explains how to craft a ping packet. Ping is a tool, which is used for
network troubleshooting. It is also used to test the availability of a system on the
network. Ping uses the ICMP protocol at the network layer for communication.
ICMP type 8 and code 0 packet is generated when a ping request is initiated. For
crafting a ping packet, scapy is used. The following code creates a ping packet,
which has the source IP address as 192.168.1.6 and the destination IP address as
6. Copyright 2013 @ tcpipguru.com
192.168.1.1. The ICMP packet is created , which is provided with the appropriate
values, 8 and 0 for the type and code field. The packet is sent using the
send(ip/icmp) command.
from scapy.all import *
ip=IP()
icmp=ICMP()
ip.src='192.168.1.6'
ip.dst='192.168.1.1'
icmp.type=8
icmp.code=0
send(ip/icmp)
To test the functionality of the code, setup the lab with two systems with IP
address as 192.168.1.6 and 192.168.1.1, both connected to a switch. Setup scapy,
python and wireshark on the PC configured with the IP address, 192.168.1.6. Start
wireshark on the PC and run the code. The ping request packet (Crafted packet)
should be seen in wireshark as well as the response to the packet (Ping reply)
How to detect rogue DHCP servers on a network
In this tutorial, the mechanism to detect a rogue dhcp server with nmap is
understood. Rogue dhcp servers are setup on the network by attackers to create
disruption of services. nmap is installed on a system. nmap is used to scan, UDP
port 67, which is used by DHCP servers on the network. As the network
administrator would be aware of the IP address of the DHCP server on the
network, any other IP address associated with UDP port 67 would be identified as
a rogue DHCP server. The following screenshot shows the command which can be
used for scanning the network 192.168.2.0/24 for udp port 67. The output of the
command returns the dhcp servers on the network. In this network, there is only
one valid dhcp server, which is 192.168.2.1.The status of the port 67 is shown as
open.
7. Copyright 2013 @ tcpipguru.com
Ebook Price - $5
Visit www.tcpipguru.com to buy the Ebook