大家论坛

 找回密码
 注册
查看: 13372|回复: 17

Linux安全视频教程之 LinuxCBT Packet | Capture | Analysis Security Edition

[复制链接]

222

主题

1175

帖子

7298

金币

大家网研究生二年级

Rank: 19Rank: 19Rank: 19

积分
5756

社区建设奖创作大师解答高手优秀斑竹

发表于 2008-8-7 08:05 | 显示全部楼层 |阅读模式
LinuxCBT Packet | Capture | Analysis Edition encompasses: 1. Packet Capture and Analysis  Security featuring Ethereal®.

LinuxCBT Packet | Capture | Analysis Edition is unparalleled in content, depth and expertise. It entails 8-hours, or 1-day of classroom training. LinuxCBT Packet | Capture | Analysis Edition prepares you or your organization for successfully securing GNU/Linux & Open Source-based solutions. As a by-product, many of the covered concepts, utilities and tricks are applicable to heterogeneous computing environments, ensuring your coverage of the fundamentals of securing corporate infrastructures.

LinuxCBT.Packet.Capture.Analysis.Edition



Packet Capture Analysis Security - Module 1

    * Introduction - Topology - Features
          o Discuss course outline
          o Explore system configuration
          o Identify key network interfaces to be used for captures
          o Identify connected interfaces on Cisco Switch
          o Explore network topology - IPv4 & IPv6
          o Identify Ethereal installation
          o Enumerate and discuss key Ethereal features

    * Ethereal Graphical User Interface (GUI)
          o Identify installation footprint
          o Differentiate between promiscuous and non-promiscuous modes
          o Configure X.org to permit non-privileged user to write output to screen
          o Launch Ethereal GUI
          o Identify the primary GUI components /Packet List | Packet Details | Packet Bytes/
          o Discuss defaults
          o Explore key menu items

    * TCPDump | WinDump - Packet Capturing for /Linux|Unix|Windows/
          o Discuss defaults, features and applications
          o Use TCPDump on Linux to capture packets
          o Log traffic using default PCAP/TCPDump format
          o Discuss Berkeley Packet Filters (BPFs)
          o Capture and log specific packets using BPFs for analysis with Ethereal
          o Connect to Windows 2003 Server using Remote Desktop (RDesktop) utility
          o Install WinDump and WinPCAP on Windows 2003 Server
          o Identify available network interfaces using WinDump
          o Capture and log packets using WinDump
          o Capture and log specific packets using BPFs with WinDump for analysis with Ethereal
          o Upload captures to Linux system for analysis in Ethereal

    * Snort NIDS Packet Capturing & Logging
          o Discuss Snort NIDS's features
          o Confirm prerequisites - /PCRE|LibPCAP|GCC|Make/
          o Download and Import Snort G/PGP key and MD5SUM for Snort NIDS
          o Download, verify, compile and install Snort NIDS
          o Discuss BPF directional, type, and protocol qualifiers
          o Identify clear-text based network applications and define appropriate BPFs
          o Execute Snort NIDS in sniffer mode with BPFs enabled to match interesting traffic
          o Log to the active pseudo-terminal console and examine the packet flows
          o Combine BPF qualifiers to increase packet-matching capabilities
          o Use logical operators to define more flexible BPFs
          o Create captures for further analysis with Ethereal

    * Sun Snoop Packet Capturing & Logging
          o Connect to Solaris 10 system and prepare to use Snoop
          o Draw parallels to TCPDump
          o Enumerate key features
          o Sniff and log generic traffic
          o Sniff and log specific traffic using filters
          o Sniff using Snoop, HTTP and FTP traffic
          o Save filters for analysis by Ethereal
          o Snoop various Solaris interfaces for interesting traffic

    * Layer-2 & Internet Control Messaging Protocol (ICMP) Captures
          o Launch Ethereal
          o Identify sniffing interfaces
          o Capture Address Resolution Protocol (ARP) Packets using Capture Filters
          o Discuss and Identify Protocol Data Units (PDUs)
          o Identify default Ethereal capture file
          o Peruse packet capture statistics
          o Identify Cisco VOIP router generating ARP requests
          o Peruse time precision features - deci - nano-seconds
          o Discuss time manipulations - relative to first packet - actual time
          o Reveal protocol information from layer-1 through 7
          o Identify network broadcasts in the packet stream
          o Generate Layer-2 ARP traffic using PING and capture and analyze results
          o Sniff traffic based on MAC addresses using Ethereal and Capture FIlters

    * User Datagram Protocol (UDP) Captures & Analyses
          o Discuss UDP Characteristics
          o Focus on Network Time Protocol (NTP)
          o Setup NTP strata for testing between multiple systems
          o Analyze NTP - UDP traffic using Ethereal
          o Focus on Domain Name Service (DNS)
          o Install a BIND DNS Caching-Only Server
          o Analyze DIG queries
          o Analyze 'nslookup' queries

    * Transmission Control Protocol (TCP) Captures & Analyses
          o Discuss TCP Characteristics - Connection-Oriented Services
          o Explain TCP connection rules - Socket creation
          o Sniff TCP traffic using Capture Filters in Ethereal
          o Use Display Filters to parse TCP traffic
          o Sniff FTP traffic
          o Reconstruct FTP flows using TCP Stream Reassembly
          o Differentiate between client and server flows
          o Quantify client and server flows
          o Discuss embedded Protocol Data Units (PDUs)
          o Sniff Internet Protocol Version 6 (IPv6) traffic
          o Peruse and discuss the IPv6:TCP:FTP traffic dump
          o Analyze TCP Sockets

    * Ethereal Display Filters - Post Processing Filters
          o Identify previously captured - TCPDump - Ethereal - Snort - Snoop - Dumps
          o Discuss features
          o Explain Display Filter syntax
          o Post-process previously captured traffic dumps
          o Identify the various methods to exact display filters
          o Filter data using the expression builder
          o Filter traffic based on interesting properties
          o Filter traffic using logical operators

    * Ethereal Statistics
          o Discuss features
          o Explore the summary (metadata) of captured packets
          o Peruse the protocol hierarchy - Layer's 1 - 7 of OSI
          o Examine network conversations of captured packets
          o Identify Destinations in packet dumps
          o Examine ICMP statistics

    * Text-based Captures with Tethereal
          o Discuss features and applications
          o Identify 'tethereal' and invoke
          o Enumerate network interfaces
          o Sniff generic network traffic
          o Suppress capture output
          o Apply Capture Filters
          o Capture UDP Traffic
          o Capture TCP Traffic

    * Intranet-based Captures & Analysis
          o Discuss Intranet monitoring objectives
          o Analyze the network topology drawing
          o Discuss Unicast, Broadcast and Multicast traffic
          o Discuss Switch Port Mirroring - SPAN
          o Configure Port Mirroring - SPAN on Cisco Switch for interesting ports
          o Dedicate a network interface for sniffing traffic
          o Configure Snort NIDS to sniff traffic on dedicated network interface
          o Analyze Snort NIDS captures in Ethereal
          o Sniff traffic between various Intranet hosts

    * Internet-based Captures & Analysis
          o Discuss Internet monitoring objectives
          o Identify key external interfaces to monitor
          o Update the Port Mirroring configuration to capture Internet traffic
          o Capture external traffic
          o Analyze using Ethereal

    * Wireless-based Captures & Analysis
          o Discuss Wireless monitoring objectives
          o Connect to remote system with wireless interface
          o Enable wireless interface
          o Sniff traffic on wireless network
          o Analyze using Ethereal

    * Windows-based Captures & Analysis on Windows
          o Download and Install Ethereal for Windows
          o Explore interface
          o Load previously captured data
          o Analyze data
          o Compare and contrast with Ethereal for Linux|Unix systems

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?注册

x

本帖被以下淘专辑推荐:

回复

使用道具 举报

0

主题

7

帖子

50

金币

大家网小学一年级

Rank: 2Rank: 2

积分
23
发表于 2008-8-11 12:57 | 显示全部楼层
悄悄的顶一下
回复 支持 反对

使用道具 举报

8

主题

105

帖子

4008

金币

大家网大学二年级

Rank: 15Rank: 15Rank: 15

积分
1973
发表于 2008-8-13 08:17 | 显示全部楼层
原帖由 mrzcs 于 2008-8-11 12:57 发表
悄悄的顶一下


回复 支持 反对

使用道具 举报

0

主题

5

帖子

37

金币

大家网小学一年级

Rank: 2Rank: 2

积分
12
发表于 2008-8-26 00:44 | 显示全部楼层
温柔一顶
楼主辛苦了
回复 支持 反对

使用道具 举报

0

主题

10

帖子

158

金币

大家网小学三年级

Rank: 4Rank: 4

积分
114
发表于 2008-9-15 18:07 | 显示全部楼层
CBT的教程都是很好的~~~
回复 支持 反对

使用道具 举报

0

主题

20

帖子

162

金币

大家网小学三年级

Rank: 4Rank: 4

积分
108
发表于 2008-10-11 12:50 | 显示全部楼层
版主你真牛,让我这样的穷秀才既学习英文又学习专业知识,真是我的大恩人
回复 支持 反对

使用道具 举报

0

主题

18

帖子

1284

金币

大家网大学二年级

Rank: 15Rank: 15Rank: 15

积分
1098
发表于 2008-12-23 09:40 | 显示全部楼层
thank you very much
回复 支持 反对

使用道具 举报

0

主题

10

帖子

55

金币

大家网小学二年级

Rank: 3

积分
54
发表于 2009-3-24 13:20 | 显示全部楼层
竟然还有个悄悄顶的,还是大家都疯狂点好。^_^
回复 支持 反对

使用道具 举报

0

主题

2

帖子

26

金币

大家网幼儿园

Rank: 1

积分
4
发表于 2009-4-15 23:09 | 显示全部楼层
我也来顶一下,哈哈
回复 支持 反对

使用道具 举报

0

主题

38

帖子

185

金币

大家网小学三年级

Rank: 4Rank: 4

积分
110
发表于 2010-3-28 14:20 | 显示全部楼层
楼主很专业,很用心
回复 支持 反对

使用道具 举报

您需要登录后才可以回帖 登录 | 注册

本版积分规则



诚聘英才|移动端|Archiver|版权声明|大家论坛 ( 京ICP备06071611号,京公网安备11010802018363号 )

GMT+8, 2018-9-24 04:32 , Processed in 0.291694 second(s), 25 queries .

Powered by Discuz!

© Comsenz Inc.

快速回复 返回顶部 返回列表