Packet AnalysisFluke Protocol Expert & Misc

Applications

Brian D. Sterck

Where to find your updates

Promotions Page for CiscoNA

Promotions Page for CiscoNA

Beginning the Installation

Readme File contains passwordLaunching OPV-PE======================

Login and Password-----------------------A valid, case sensitive, user name and password is required to launch OPV-PE software. The password for the defaultsuper user is shown below. The passwords for these users should bechanged after the first launch of OPV-PE. To change the defaultpassword for these users, or create new users, choose the menuitem Host>Access Privileges>User Manager, highlight the first userand click "Modify". Enter a new password for the following users.

User Name: su Password : manager (hidden)

User Name: guest Password : public (hidden)

**Note: A checkbox is provided to select a default User Name (not password) for easier Login.

Initial Login Screen

Capture and Monitoring Mode(Opening View)

NIC Description

Secondary NIC Description

Hide Resource BrowserRename Network Adapters

System Settings

Module Settings

Monitor View Preferences

Expert Configuration

Host Table

Protocol Distribution

MAC Statistics

Size Distribution

Name Table

Remote vs. Local

Expert View – Symptoms Overview

Expert View – Symptoms Overview

Expert View – Transport Symptoms

Expert View – Network Symptoms

Expert View – Session Anaysis

Expert View – Transport Entities

Host, Network, App Matrix

Display Filter

Capture Filter

Stopping the Capture

Capture View

Buffer Limit with Education Version

Viewing Captured Frames

Viewing Captured Frames (Cont.)

MAC Address – Source & Destination

Change Capture View to Include Network Address

Capture View with L3 Addressing

Telnet Capture

Username? Interesting…

Display Filter to Remove Clutter

Username Capture

Return of Keystroke by Switch

Sending ‘l’ keystroke

Sending ‘u’ keystroke

Sending ‘k’ keystroke

Sending ‘e’ keystroke

Actual Terminal of User

Password Prompt sent by Switch

Passwords Are Not Echoed By Cisco Switch (1st Char = ‘t’)

2nd Char = ‘e’

3rd Char = ‘S’

4th Char = ‘t’

5th Char = ‘P’

6th Char = ‘a’

7th Char = ‘s’

8th Char = ‘s’

9th Char = ‘!’

Switch Prompt is Displayed

Capture of Show Run Output

Fluke Password in Config

Http://www.astalavista.netAdvanced Security Member Portal

Advanced Security Member PortalTools Database

Get Pass

Hex Reveals Lowercase and Uppercase Difference

Unload Display Filter

Protocol Distribution for ACL Design

ACL influenced byProtocol Distribution

HOMEOFFICE831(config)#ip access-list extended TESTACLHOMEOFFICE831(config-ext-nacl)#permit tcp 192.168.111.0 0.0.0.255 any eq 119HOMEOFFICE831(config-ext-nacl)#permit tcp 192.168.111.0 0.0.0.255 any eq 80HOMEOFFICE831(config-ext-nacl)#permit tcp 192.168.111.0 0.0.0.255 any eq 3389HOMEOFFICE831(config-ext-nacl)#permit tcp 192.168.111.0 0.0.0.255 any range 5631 5632HOMEOFFICE831(config-ext-nacl)#permit udp 192.168.111.0 0.0.0.255 any range 5631 5632HOMEOFFICE831(config-ext-nacl)#permit tcp 192.168.111.0 0.0.0.255 any eq 25HOMEOFFICE831(config-ext-nacl)#permit tcp 192.168.111.0 0.0.0.255 any eq 110HOMEOFFICE831(config-ext-nacl)#permit udp 192.168.111.0 0.0.0.255 any eq 53HOMEOFFICE831(config-ext-nacl)#permit icmp any any echoHOMEOFFICE831(config-ext-nacl)#permit icmp any any echo-HOMEOFFICE831(config-ext-nacl)#permit icmp any any echo-replyHOMEOFFICE831(config-ext-nacl)#permit icmp any any echo-reply unreaHOMEOFFICE831(config-ext-nacl)#permit icmp any any echo-reply unreachable

Etherpeek User Capture

Etherpeek Password Capture

Etherpeek Filters

Ethereal

• To get up and running with Ethereal, you will need to download and install Ethereal, and will also need to download and install WinPcap if you plan to capture packets with Ethereal. If you don't install WinPcap, you will not be able to capture packets with Ethereal!

Ethereal Interface Capture

Begin Capture (Ethereal)

Capture Buffer (Ethereal)

Filtering with Ethereal

Ethereal Password Capture

Follow TCP Stream

Follow TCP Stream (Cont.)

Questions?