diff --git a/document.pdf b/document.pdf index aaa691a..04e5b7a 100644 Binary files a/document.pdf and b/document.pdf differ diff --git a/document.tex b/document.tex index eac1d94..d27c052 100644 --- a/document.tex +++ b/document.tex @@ -114,9 +114,8 @@ \end{itemize} \vfill \begin{block}{Example: Capturing traffic from \texttt{eth0}} - \lstinputlisting[language=bash,numbers=none]{sources/tcpdump.sh} + \lstinputlisting[language=bash,numbers=none,linerange={1-1}]{sources/tcpdump.sh} \end{block} - \end{frame} @@ -124,35 +123,54 @@ \begin{frame} \frametitle{Wireshark} \begin{itemize} - \item How do you capture the traffic? + \item Open a \texttt{.dump} file OR capture from NIC + \item Filter traffic \begin{itemize} - \item tcpdump (CLI) - \item Wireshark (GUI) + \item Big variety of supported protocols + \item Filter rules down to single bits of a protocol possible + \item Where should I start? \end{itemize} \end{itemize} -\vfill -\begin{block}{Example: Capturing traffic from \texttt{eth0}} - \lstinputlisting[language=bash,numbers=none]{sources/tcpdump.sh} -\end{block} - \end{frame} -\section{Wireshark} \begin{frame} \frametitle{Wireshark} \begin{itemize} \item Find the interesting parts in a dump: Filter packets \begin{itemize} - \item tcpdump (CLI) - \item Wireshark (GUI) + \item by IP address, + \item port number, + \item protocol flag, + \item \ldots + \end{itemize} + \item \texttt{Menu->Analyze->Follow->* Stream} + \begin{itemize} + \item Displays the payload of one connection (SYN to FIN) \end{itemize} \end{itemize} \vfill -\begin{block}{Example: Capturing traffic from \texttt{eth0}} - \lstinputlisting[language=bash,numbers=none]{sources/tcpdump.sh} +\begin{block}{Example: Filtering packets in Wireshark} + \lstinputlisting[language=bash,numbers=none,linerange={2-4}]{sources/tcpdump.sh} \end{block} \end{frame} +\section{Conclusion} +\begin{frame} +\frametitle{Conclusion} +\begin{itemize} + \item TCPdump can also handle filter rules (same syntax) +\end{itemize} +\begin{block}{Example: TCPdump with filter rule} + \lstinputlisting[language=bash,numbers=none,linerange={5-5}]{sources/tcpdump.sh} +\end{block} +\begin{itemize} + \item TCPdump man page:\\ + \url{www.tcpdump.org/manpages/tcpdump.1.html} + \item Wireshark User's Guide: \\\url{www.wireshark.org/docs/wsug_html_chunked} +\end{itemize} +\end{frame} + +\section{Happy Dumpster Diving!} \end{document} diff --git a/header.tex b/header.tex index 59cc1c0..abdaa84 100644 --- a/header.tex +++ b/header.tex @@ -126,6 +126,7 @@ keywordstyle=\color{sigflagblue}, commentstyle=\color{sigflaggray}, stringstyle=\color{sigflaggreen}, + showstringspaces=false xleftmargin=8pt, numbers=left, %line numbers numberstyle=\tiny, diff --git a/sources/helloworld.c b/sources/helloworld.c deleted file mode 100644 index 927f7b6..0000000 --- a/sources/helloworld.c +++ /dev/null @@ -1,6 +0,0 @@ -#include - -int main(void) -{ - printf("hello, world\n"); -} diff --git a/sources/helloworld.go b/sources/helloworld.go deleted file mode 100644 index 64e44c3..0000000 --- a/sources/helloworld.go +++ /dev/null @@ -1,7 +0,0 @@ -package main - -import "fmt" - -func main() { - fmt.Println("Hello, World") -} diff --git a/sources/helloworld.java b/sources/helloworld.java deleted file mode 100644 index fa5fd31..0000000 --- a/sources/helloworld.java +++ /dev/null @@ -1,5 +0,0 @@ -class HelloWorldApp { - public static void main(String[] args) { - System.out.println("Hello World!"); // Prints the string to the console. - } -} diff --git a/sources/helloworld.py b/sources/helloworld.py deleted file mode 100644 index ad35e5a..0000000 --- a/sources/helloworld.py +++ /dev/null @@ -1 +0,0 @@ -print("Hello World") diff --git a/sources/tcpdump.sh b/sources/tcpdump.sh index 472749c..34e44fc 100644 --- a/sources/tcpdump.sh +++ b/sources/tcpdump.sh @@ -1 +1,5 @@ sudo tcpdump -i eth0 -w capture.dump +ip.dst==192.168.1.1 and tcp.dstport==1337 +ip.addr==192.168.1.1 and tcp.port==1337 +tcp.flags.reset==1 +sudo tcpdump -i eth0 -w capture.dump "ip == 192.168.1.1 and tcp.port == 1337"