Network Forensics - Hackfest · “Network forensics is the idea of being able to ... 173.194.9.152...
Transcript of Network Forensics - Hackfest · “Network forensics is the idea of being able to ... 173.194.9.152...
![Page 1: Network Forensics - Hackfest · “Network forensics is the idea of being able to ... 173.194.9.152 cist-=192.168.1.101 options- ... < 2009-06-2411:50 Alerts (5 items)](https://reader031.fdocuments.us/reader031/viewer/2022022604/5b62308d7f8b9a40488d41d4/html5/thumbnails/1.jpg)
Network Forensics
![Page 2: Network Forensics - Hackfest · “Network forensics is the idea of being able to ... 173.194.9.152 cist-=192.168.1.101 options- ... < 2009-06-2411:50 Alerts (5 items)](https://reader031.fdocuments.us/reader031/viewer/2022022604/5b62308d7f8b9a40488d41d4/html5/thumbnails/2.jpg)
LOIAvant d’analyser ou effectué des captures
réseau assurez-vous d’avoir les droits.
![Page 3: Network Forensics - Hackfest · “Network forensics is the idea of being able to ... 173.194.9.152 cist-=192.168.1.101 options- ... < 2009-06-2411:50 Alerts (5 items)](https://reader031.fdocuments.us/reader031/viewer/2022022604/5b62308d7f8b9a40488d41d4/html5/thumbnails/3.jpg)
Plan De Prez
![Page 4: Network Forensics - Hackfest · “Network forensics is the idea of being able to ... 173.194.9.152 cist-=192.168.1.101 options- ... < 2009-06-2411:50 Alerts (5 items)](https://reader031.fdocuments.us/reader031/viewer/2022022604/5b62308d7f8b9a40488d41d4/html5/thumbnails/4.jpg)
QUI
![Page 5: Network Forensics - Hackfest · “Network forensics is the idea of being able to ... 173.194.9.152 cist-=192.168.1.101 options- ... < 2009-06-2411:50 Alerts (5 items)](https://reader031.fdocuments.us/reader031/viewer/2022022604/5b62308d7f8b9a40488d41d4/html5/thumbnails/5.jpg)
???? Network Forensics ????
“Network forensics is the idea of being able to resolve network problems through captured network traffic”-L’internet
![Page 6: Network Forensics - Hackfest · “Network forensics is the idea of being able to ... 173.194.9.152 cist-=192.168.1.101 options- ... < 2009-06-2411:50 Alerts (5 items)](https://reader031.fdocuments.us/reader031/viewer/2022022604/5b62308d7f8b9a40488d41d4/html5/thumbnails/6.jpg)
Sniffertapport spanwirelesshost base
Format pcap ? netflow
![Page 7: Network Forensics - Hackfest · “Network forensics is the idea of being able to ... 173.194.9.152 cist-=192.168.1.101 options- ... < 2009-06-2411:50 Alerts (5 items)](https://reader031.fdocuments.us/reader031/viewer/2022022604/5b62308d7f8b9a40488d41d4/html5/thumbnails/7.jpg)
ATTENTION !!!!
![Page 8: Network Forensics - Hackfest · “Network forensics is the idea of being able to ... 173.194.9.152 cist-=192.168.1.101 options- ... < 2009-06-2411:50 Alerts (5 items)](https://reader031.fdocuments.us/reader031/viewer/2022022604/5b62308d7f8b9a40488d41d4/html5/thumbnails/8.jpg)
FLOW != PCAP
![Page 9: Network Forensics - Hackfest · “Network forensics is the idea of being able to ... 173.194.9.152 cist-=192.168.1.101 options- ... < 2009-06-2411:50 Alerts (5 items)](https://reader031.fdocuments.us/reader031/viewer/2022022604/5b62308d7f8b9a40488d41d4/html5/thumbnails/9.jpg)
Outils-Wireshark
-Tcpdump
-scapy
-Netwitness Investigator
-NetworkMiner
-Xplico
-Microsoft Message Analyzer
![Page 10: Network Forensics - Hackfest · “Network forensics is the idea of being able to ... 173.194.9.152 cist-=192.168.1.101 options- ... < 2009-06-2411:50 Alerts (5 items)](https://reader031.fdocuments.us/reader031/viewer/2022022604/5b62308d7f8b9a40488d41d4/html5/thumbnails/10.jpg)
Wireshark
![Page 11: Network Forensics - Hackfest · “Network forensics is the idea of being able to ... 173.194.9.152 cist-=192.168.1.101 options- ... < 2009-06-2411:50 Alerts (5 items)](https://reader031.fdocuments.us/reader031/viewer/2022022604/5b62308d7f8b9a40488d41d4/html5/thumbnails/11.jpg)
TCPDump
![Page 12: Network Forensics - Hackfest · “Network forensics is the idea of being able to ... 173.194.9.152 cist-=192.168.1.101 options- ... < 2009-06-2411:50 Alerts (5 items)](https://reader031.fdocuments.us/reader031/viewer/2022022604/5b62308d7f8b9a40488d41d4/html5/thumbnails/12.jpg)
Scapy
![Page 13: Network Forensics - Hackfest · “Network forensics is the idea of being able to ... 173.194.9.152 cist-=192.168.1.101 options- ... < 2009-06-2411:50 Alerts (5 items)](https://reader031.fdocuments.us/reader031/viewer/2022022604/5b62308d7f8b9a40488d41d4/html5/thumbnails/13.jpg)
NetWitness Inverstigator
![Page 14: Network Forensics - Hackfest · “Network forensics is the idea of being able to ... 173.194.9.152 cist-=192.168.1.101 options- ... < 2009-06-2411:50 Alerts (5 items)](https://reader031.fdocuments.us/reader031/viewer/2022022604/5b62308d7f8b9a40488d41d4/html5/thumbnails/14.jpg)
NetworkMiner
![Page 15: Network Forensics - Hackfest · “Network forensics is the idea of being able to ... 173.194.9.152 cist-=192.168.1.101 options- ... < 2009-06-2411:50 Alerts (5 items)](https://reader031.fdocuments.us/reader031/viewer/2022022604/5b62308d7f8b9a40488d41d4/html5/thumbnails/15.jpg)
Xplico
![Page 16: Network Forensics - Hackfest · “Network forensics is the idea of being able to ... 173.194.9.152 cist-=192.168.1.101 options- ... < 2009-06-2411:50 Alerts (5 items)](https://reader031.fdocuments.us/reader031/viewer/2022022604/5b62308d7f8b9a40488d41d4/html5/thumbnails/16.jpg)
Microsoft Message Analyser
![Page 17: Network Forensics - Hackfest · “Network forensics is the idea of being able to ... 173.194.9.152 cist-=192.168.1.101 options- ... < 2009-06-2411:50 Alerts (5 items)](https://reader031.fdocuments.us/reader031/viewer/2022022604/5b62308d7f8b9a40488d41d4/html5/thumbnails/17.jpg)
Microsoft Message Analyser
Netsh trace start scenario=NetConnection capture=yes report=yes persistent=no maxsize=1024 correlation=yes traceFile=C:\Logs\NetTrace.etl
netsh trace stop
![Page 18: Network Forensics - Hackfest · “Network forensics is the idea of being able to ... 173.194.9.152 cist-=192.168.1.101 options- ... < 2009-06-2411:50 Alerts (5 items)](https://reader031.fdocuments.us/reader031/viewer/2022022604/5b62308d7f8b9a40488d41d4/html5/thumbnails/18.jpg)
Cas d’usage
DNS● Requête louche dans netflow (1 go dns ???)● Requête à des dns externe
![Page 19: Network Forensics - Hackfest · “Network forensics is the idea of being able to ... 173.194.9.152 cist-=192.168.1.101 options- ... < 2009-06-2411:50 Alerts (5 items)](https://reader031.fdocuments.us/reader031/viewer/2022022604/5b62308d7f8b9a40488d41d4/html5/thumbnails/19.jpg)
Cas d’usage
WIFI Decrypt wpa/wpa2● wpa-pwd SSID:PASS● wpa-psk RAW hashDecrypt SSL
![Page 20: Network Forensics - Hackfest · “Network forensics is the idea of being able to ... 173.194.9.152 cist-=192.168.1.101 options- ... < 2009-06-2411:50 Alerts (5 items)](https://reader031.fdocuments.us/reader031/viewer/2022022604/5b62308d7f8b9a40488d41d4/html5/thumbnails/20.jpg)
Cas d’usage
Écrire règle IDS● snortalert tcp any any -> any 80 (content:"or 1=1"; content:"exploit"; http_cookie;)
![Page 21: Network Forensics - Hackfest · “Network forensics is the idea of being able to ... 173.194.9.152 cist-=192.168.1.101 options- ... < 2009-06-2411:50 Alerts (5 items)](https://reader031.fdocuments.us/reader031/viewer/2022022604/5b62308d7f8b9a40488d41d4/html5/thumbnails/21.jpg)
Cas d’usage
Reconstruire conversation téléphonique
![Page 22: Network Forensics - Hackfest · “Network forensics is the idea of being able to ... 173.194.9.152 cist-=192.168.1.101 options- ... < 2009-06-2411:50 Alerts (5 items)](https://reader031.fdocuments.us/reader031/viewer/2022022604/5b62308d7f8b9a40488d41d4/html5/thumbnails/22.jpg)
Cas d’usage
Trouver fuite de donnée● Ping● DNS● HTTP(s)● tcp/udp● Autre forme obscure