Network and System Monitoring

Students will set up a sniffer on a Linux box connected to a SPAN port (running in promiscuous mode) and use the command-line utility tcpdump to capture the network traffic. After capturing the network traffic with tcpdump, the student will analyze the network traffic using Wireshark, the most widely used pack analysis tool in the world.

Overview

The tcpdump utility is one of the most widely used free and open-source command-line tools for capturing network traffic on a Linux system. A free tool that is integrated into most Linux operating systems will allow the end user to capture traffic with various parameters, like file size. Wireshark is the most widely used packet analysis tool in the world that can be used to analyze TCP dump files. When networks are attacked, there is valuable information sent to the logs about how the attack happened. In this lab, you will see how long analysis is critical to understanding and dissecting an attack.

outcomes

In this lab, you will learn to: 

  1. Setup a sniffer 
  2. Use bruter to generate network traffic to monitor 
  3. Analyze traffic with wireshark 
  4. Analyze logs  

Key terms and descriptions

Bruter
A brute force tool that will attempt to login to a remote service.
auth.log
Keeps track of user activity on a Debian system.
tcpdump
A Linux tool to dump network traffic.
access.log
Keeps the web traffic on a Linux system.
User Agent
Provides information about a browser.