Lecture-03

Network Tools and Protocol Analyzer

Muhammad Yousif
Lecturer
Department of Computer Science(CS)
Minhaj University
[email protected]
Topic
■ Trace root
■ whois
■ Network Tools
■ Packet Sniffers Tools
Trace root
■ Traceroute is a TCP/IP utility which allows the user to determine the
route packets take to reach a particular host.
■ Traceroute works by increasing the " time to live(TTL) " value of
each successive packet sent. The first packet has a TTL value of
one, the second two, and so on. When a packet passes through a
host, the host decrements the TTL value by one and forwards the
packet to the next host.
■ When a packet with a TTL of one reaches a host, the host discards
the packet and sends an ICMP time exceeded (type 11) packet to
the sender.
■ The traceroute utility uses these returning packets to produce a list
of hosts that the packets have traversed end route to the
destination.
TraceRoute example
 What is whois?
■ WHOIS is a query/response protocol which is
widely used for querying an official database in
order to determine the owner of a domain name,
an IP address, or an autonomous system
number on the Internet.
■ The WHOIS system originated as a method that
system administrators could use to look up
information to contact other IP address or
domain name administrators
 Uses of Whois
■ Supporting the security and stability of
the Internet by providing contact points
for network operators and administrators,
including ISPs, and certified computer
incident response teams.
■ Allowing users to determine the
availability of domain names.
Uses of Whois
■ Contributing to user confidence in the Internet as a
reliable and efficient means of information and
communication and as an important tool for promoting
digital inclusion, e-commerce and other legitimate uses
by helping users identify persons or entities responsible
for content and services online.
■ Assisting businesses, other organizations and users in
combating fraud, complying with relevant laws and
safeguarding the interests of the public.
Links
■ http://webtools.live2support.com
■ http://whois.domaintools.com
■ http://www.traceroute.org
■ http://network-tools.com
 Wireshark
Network Protocol Analyzer
Overview
■ Protocol Analysis
◻ VerifyCorrectness
◻ Analyze performance
◻ Better understanding of existing protocols
◻ Optimization and debugging of new protocols
■ Tools
◻ tcpdump & tshark
◻ Wireshark

10
Network Protocol Examples
■ Defines the rules of exchange between a pair (or more)
machines over a communication network
■ HTTP (Hypertext Transfer Protocol)
◻ Defines how web pages are fetched and sent across a
network
■ TCP (Transmission Control Protocol)
◻ Provides reliable, in-order delivery of a stream of bytes

11
Protocol Analysis
■ Verifycorrectness
■ Debug/detect incorrect behavior
■ Analyze performance
■ Gain deeper understanding of existing
protocols by “seeing” how they behave in
actual use

12
What is Wireshark?
■ Wireshark is a network packet/protocol
analyzer.
◻ A network packet analyzer will try to capture
network packets and tries to display that
packet data as detailed as possible.
■ Wireshark is perhaps one of the best open
source packet analyzers available today
for UNIX and Windows.
What is Wireshark?
■ Wireshark's wireless analysis features have grown to be
a very powerful tool for troubleshooting and analyzing
wireless networks.
■ With Wireshark's display filters and powerful protocol
dissector features, you can sift through large quantities
of wireless traffic
■ Without a doubt, Wireshark is a powerful assessment
and analysis tool for wireless networks that should be a
part of every auditor, engineer, and consultant toolkit.
Some intended purposes
■ network administrators use it to troubleshoot
network problems
■ network security engineers use it to examine
security problems
■ developers use it to debug protocol
implementations
■ people use it to learn network protocol
internals
■ Wireshark isn't an intrusion detection system.
■ Wireshark will not manipulate things on the
network, it will only "measure" things from it.
Install under Windows
■ Download
■ Install
 Configuration
This checkbox allows
you to specify that
Wireshark should put
the interface in
promiscuous mode
when capturing. If you
do not specify this,
Wireshark will only
capture the packets
going to or from your
computer (not all
packets on your LAN
segment).
 Wireshark (Ethereal)
Packet
listing

Detailed
packet
data at
various
protocol
levels

Raw data
Wireshark Interface

19
Download
■ You can download the
software and document at
http://www.wireshark.org/
Packet Sniffers Tools
■ A packet sniffer can help you target new resources when
expanding your network capacity, manage your
bandwidth, increase efficiencies, ensure delivery of
business services, enhance security, and improve
end-user experience.
 Packet Sniffers Tools
■ Network Miner
■ Network Miner for Windows makes network analysis very simple and can detect
the host-name as well as the OS and open ports of network hosts through packet
sniffing.

https://www.ittsystems.com/packet-sniffing-tools/#wbounce-modal
 Fiddler
■ Fiddler is not technically made for packet sniffing but can be
used either way. It can manipulate and log HTTP/HTTPS
traffic.
 Steel Central Packet Analyzer
■ Steel Central Packet Analyzer offers an interactive graphical user interface that
helps you identify the root network problem using a wide selection of pre-defined
analysis views.
■ It provides packet sniffing down to the bit level through Packet Analyzer Plus’ full
integration with Wireshark.
 Colasoft Capsa
■ It is a Windows packet capture tool boasting free, standard, and enterprise
editions.
■ The free version is designed for Ethernet sniffing and can monitor 10 IP addresses
and approximately 300 protocols.
■ While the free version is fairly limited in scope, it offers some graphical analysis of
the network traffic it captures and can even be used to set alerts.