本帖最后由 sherlock_fai 于 29-1-2010 07:05 PM 编辑
他要求6人即可以开班,2天的课程
他之前是在UMS做的,有帮手解决过Virus扩散整个网络问题。
个人分享 -
懂Networking的人都知道ARP的用途,其中比较爽的是可以establish connection(粗俗的说,HACK). 另外
就是 Honeypot,这个用来混乱Black Hat的(Hacker)的用途。他将会用Linux作为工具,Windows作为攻击对象。
有兴趣的人可以PM我,拿他的电话号码。再跟他询问详情。谢谢
TCP-IP PROTOCOL Analysis
Course Introduction
The TCP/IP protocol suite is the foundation of the Internet. TCP/IP is robust, scalable and offers a choice of reliable transport or simplistic, unreliable transport. All these attributes lead to a protocol suite that is complex and highly sophisticated. That is where network sniffing plays a useful role. Network sniffing refers to the listening and capturing of all or selected packets of network traffic,traveling over a network, and thus, provide a basis for analysis or investigation needed in trouble-shooting the network.
You will learn -Fundamental of TCP/IP -basic skill to effectively set upTCP/IP networks -How to understand and constructsecure,robust local area network -How to diagnose and fix problemswith TCP/IP utulities -How to plan and design improvednetworks -How to troubleshoot TCP/IP Networks -How to use Protocol Analyser todiagnose real TCP/IP problems
Course Pre-requisites
To gain the most from this course,participants should know a little on TCP/IP networking and Ethernet technology.Important aspects of TCP/IP and Ethernet relevant to sniffing will be reviewed briefly. Some exposure to UNIX will be useful but not essential.
Course Duration This course will run for 2consecutive days. The first day will provide a brush up skills on network as well as explain the purpose and usage of network sniffers. The second day willprovide an in dept training on how a sniffer could be used to help diagnose and trouble shoot problem on the network.
Course Outline
Day 1
Quick Overview Review of TCP/IP Review of TCP/IP Headers Review of Netmask Calculation Review of Ethernet Networking
Network Sniffing Principles What is Promiscuous Mode? Switching in an Ethernet Hubenvironment Switching in a switched environment Simple Sniffing Exercise
Using the TCPdump/Wireshark/tsharknetwork Sniffer Introduction toTCPdump/Tcpick/Tcptrack/p0f/ettercap/brian How to capture ARP/RARP Traffic withTCPdump/Tcpick/Tcptrack/Arpon How to capture ICMP Traffic withTCPdump/Tcpick/Tcptrack/p0f/ettercap/brian How to capture UDP Traffic withTCPdump/Tcpick/Tcptrack/p0f/ettercap/brian How to capture TCP Traffic withTCPdump/Tcpick/Tcptrack/p0f/ettercap/brian Complex Filtering Rules Extensive Practices
Using the Wireshark/tshark networkSniffer for baseline Analyse Domain Name System (DNS) Address Resolution Protocol (ARP)traffic Internet Protocol Ver 4 (IPV4) Internet Control Messagetraffic (ICMP) User Datagram Protocol (UDP) traffic Transmission Control Protocol (TCP)traffic Dynamic Host Configuration Protocol (DHCP) traffic Hypertext Transfer Protocol (HTTP)traffic
3 Module: -Understanding Packet Structure -Filter on each layer -Analyze Normal/Unusual Traffic
Day 2- Advance NetworkTroubleshooting with packet sniffer
Troubleshooting TCP/IP Network Using Sniffers to Debug the Network Examples of how to trouble shoot anetwork problem (ARP, DHCP, TCP,ICMP etc)
Specific Topic
Principles/Methodology
Port scanners -nmap/unicornscan/sinfp/arp-scan Os fingerprinting -p0f/disco/unicornscan/sinfp/xprobe2/satori
honeynet/honeypot -labrea/honeyd/netwox
Packet Generator -arp-sk/netwox/tcpreplay/bitwistb/hping3
Examples Denial of service(DOS) -layer 2 attack and countermeasure
àwinarpattacker/ettercap/brian/netwox/arp-sk/netstorm
-layer 4 attack and countermeasure
->datapool/netwox/hunt/netstorm/ettercap
Simple Sniffing and IntrusionDetection System
PortKnocking
Aldaba-suite/knockd Sniffing and Intrusion Detection Sniffing and Computer Forensics
Open Discussion Section
Participants are encouraged to bring their problems and questions for discussion
About the Practical Sessions
All the practice session will be conducted in Windows and Linux based machines using the TCP dump and Wireshark packet sniffer. The practical sessions will include the following: 1. Sniffing all traffic to a host. 2. Sniffing selected traffic to a host based on protocol and ports. 3. Sniffing all traffic to a subnet. 4. Sniffing group of traffic 4. Sniffing selected traffic to a subnet based on protocol and ports. 5. Complex sniffing filters involving different protocols and many ports. 6. Analyzing network traffic indepth with Wireshark 7. TCP exchange following. 8. Large capture files manipulation for analysis. 9. Network troubleshooting with sniffers.
Livecd: backtrack-aridius-pentoo hardened Linux(install to hdd) virtual box(virtual machine) window xp/2003/vista tools nsttoolkit
AHMAD ZAMANI ANUAR 010-3xxxx 2xx
| 
发表于 29-1-2010 05:12 PM
变色卡
千斤顶
楼主
本周最热论坛帖子
3363 
111
