Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

WIRESHARK FOR CISCO STUDY

Status
Not open for further replies.
maczen

maczen

Instructor
Apr 12, 2008
1,016
US
Decided to start a new thread for WireShark discussion.

First, there are two option available in regard to training from The first is the two day instructor led class that runs $1295... That is not that bad actually... The second is a series (four) of self-paced training modules that run $299 each.. More info on this is available from the WireShark website.

I will state that there are 6 good videos available for FREE from the WireShark site... Here is a link.. Just perform a search on the page for "video" and you will locate all 6 (CTRL F in Windows/CMD F on a Mac)...

A search for WireShark related vids will locate a plethora of good options.. (I recommend running NoScript if you use FireFox - Just search ClickJacking for explanation as to why) One really good looking site has a WireShark video tutorial as well as a plethora of other cool geek vids.. Check it out! The WS vid is in the most popular section.. There are probably more as well...

Did not locate any WireShark training videos from the or but I did find this link...
I hope this helps! Will try to find some good CBT's for WS!

B Haines
CCNA R&S, ETA FOI
 
Lerdalt (or the rest of the crew),
Do you have any recommendations for a book pertaining to Wireshark or Ethereal? We were discussing books in the other thread but this looked like a better location.. (I am going to have to change my name to ThR3ad_H1J@ck3r or something of the sort.. LoL

B Haines
CCNA R&S, ETA FOI
 
Todd should know that lady that has the ARP orgasms...Laura something, right? Her videos are pretty good, and would be all the training needed for anything pertaining to Cisco. You can easily look at TCP handshakes, ports, what bits are on/off (SYN, ACK, SYN/ACK, FIN, etc)---this is good for watching how packets behave when implementing the keyword "established" at the end of a Cisco acl (you'll see the SYN being blocked by connections initiated on the outside)---that's one example. You can also easily extract telnet cleartext passwords from the hex, as a security measure, to see how easily email and other passwords are easily seen. If they are simple level 7 passwords, like the Cisco "enable password", then they can easily be cracked as well. You can also see what IP address tries hacking your FTP server, and block them, or enable IPS firewall on the router and watch it stop the connections from happening. You can see all the attempted dictionary attack passwords and usernames, but in Windows these can be extracted from the logfiles in /WINDOWS/SYSTEM32/Logfiles as well. There is all kinds of fun you can have with Wireshark, and troubleshooting as well. When I think of more examples, I'll let you know. Perhaps you can look for lab books. Another fun thing is to open port 160...muahahahahaha...(NetBIOS---isn't that 160???).

Burt
 
I opened it.. Now what?

LoL Just kidding! Thanks!

B Haines
CCNA R&S, ETA FOI
 
Burt you must be referring to that Laura Chappell lady. She has a whole course out there that I might be able to let some folks demo...*cough cough*. I've only been through part of disc one but it's some good stuff and I picked up a few things I didn't know before.

There is a book from Syngress that is Wireshark/Ethereal Packet Sniffing. It's ok...a good starter place, but I didn't find it very useful.

As far as directly relating packet traces with things in Cisco, like Burt says, you get to see somethings, but you have to look, there isn't (to my knowledge anyways) that says if you look at offset bits a-f in a telnet packet you will see this character.

Once upon a time, I did stumble across a website with PDF's that helped break down different protocols. The closest book I've ever found was for IPX and by that same crazy ARP orgasm lady. It is a good book, but since it's based on IPX/SPX some of it is dated.

There is another book out there that I've only just glanced at the cover called "Practical Packet Analysis." Haven't taken the time to go much further with it.

When I first started out with packet analyzers, I was lucky (if you can call it that), and was when the blaster/slammer worms were going nuts. I could just sit at my desk, have a trace going, and be able to quickly identify devices that were infected. I did get to go to a couple of classes, but they really focused on using the tool (NAI Sniffer and Wildpackets OmniPeek) more than how to decode.

What I would recommend doing to start with is just run a trace against some common things like Burt describes. An FTP session, a telnet session, loading an HTML webpage, send/receieve SMTP mail...and just see what you can see. One of my favorite pieces in Wireshark is highlight a packet, right click, then select "follow tcp stream". A webpage is especially fun. Will open another window and bring together the payloads for the most part. Straight HTML code, you can copy the guts, and paste into a text file save as html...boom, you just recreated a webpage.
 
Thanks again for the links.. I had the day off and have been watching tech videos all day long! LoL

B Haines
CCNA R&S, ETA FOI
 
I was working on some info like what you are asking about for a website that doesn't appear to be getting off the ground. I'll see if I can post part of it up here or shoot you the whole doc if you are interested.
 
Yeah, definitely... You said that the site doesn't seem to be picking up.. You have the URL?

B Haines
CCNA R&S, ETA FOI
 
yep. cciemagazine.com. I was starting to work with the guy putting it all together, but he seems to have dropped off the face of the earth.
 
ok..found the doc. but I don't have your address to get it to ya.
 
Head over to the Cisco Learning Network (Login should be the same for Cisco now) and visit either the CCENT, CCNA R&S or CCNA Security forums.. My name will be in the top contributors section as "B Haines". Or you can visit the second URL to send me a private message with an email address!

CLN:
My Profile:

Once I have your email address I will shoot you an email! Thanks again Lerdalt! Or if you have Burt or CiscoGuys email addresses then they both have mine and can email ya! LoL

B Haines
CCNA R&S, ETA FOI
 
Just sent it to you Todd. Also sent it to Playgirl.com's mailing list...

Burt
 
thanks. I'll send it out tomorrow.
 
Thanks Lerdalt!

Burt, I hope playgirl don't send me a list of your favorite pics! LoL

B Haines
CCNA R&S, ETA FOI
 
I just hope that's the sort of thing you were looking for.
 
Burt, I hope playgirl don't send me a list of your favorite pics! LoL "
They're pics of me, sweetheart.

Burt
 
Gotta add the "LOL!!!"

Burt
 
yep..this thread just took a nasty turn.
 
Billy.

Is the Navy still don't ask, don't tell? Better hope none of the guys are reading this post :) :)

Just kidding - LOL, lerdalt is right - this thread is seaking an all time low :) gotta love this place!!!

E.A. Broda
CCNA, CCDA, CCAI, Network +
 
Status
Not open for further replies.

Similar threads

BenniCo
  • Locked
  • Question
Hן I want to buy licenses for PABX
Replies
0
Views
337
BenniCo
BenniCo
Nerd_Alert
  • Locked
  • Question
Nortel/Avaya ,Telecom & Shortel Meridian Equipment for alarms & Ring Central troubleshooting
Replies
0
Views
177
Nerd_Alert
Nerd_Alert
djtech2k
  • Locked
  • Question
Study Questions for Comptia A+
Replies
0
Views
226
djtech2k
djtech2k
doktor
  • Locked
  • Question
"642-437 - Implementing Cisco Unified Communications Voice over IP and QoS v8.0 (CVOICE v8.0)&q
Replies
1
Views
204
gnrslash4life
gnrslash4life
satian
  • Locked
  • Helpful tip
Best CCNA practice paper for CISCO certification
Replies
1
Views
228
jabbo99
jabbo99

Part and Inventory Search

Sponsor

Back
Top