Network Utility Programs
1-28-2015
For this class, there will be homework exercises requiring the use
of:
nmap ping
traceroute tcpdump wireshark nslookup
(or "host" or "dig"), whois (installed with dig), ssh, and
telnet.
The best way to run network utilities is under UNIX (Linux or Mac
OS X ("Terminal" or "X11"). The most useful are installed
with the OS (traceroute, ping, netstat, nslookup, dig, whois,
tcpdump, ...). "wireshark" can be selected as a network
utility during a Linux install. Instructions on use can be
obtained from the "man" pages (for manual) by typing "man
program-name" at the command line.
Wireshark - Network monitor program, can be
installed on Linux, Mac or Windows - http://wireshark.org
nmap, a port-scanning tool (http://www.insecure.org/nmap/)
(Windows also)
GnuPG - GNU Privacy Guard - open source programs for using
PGP - www.gnupg.org,
http://www.csc.gatech.edu/copeland/jac/6612/pgp/2011_gpg_Macintosh.html,
http://www.csc.gatech.edu/copeland/jac/6612/pgp/2011_gpg_Windows.html
c Compiler - gcc is standard in unix, linux, and
MacOS. Install cygwin http://cygwin.com
on Windows.
For Mac
To install additional UNIX applications, install MacPorts, www.macports.org , then use
MacPorts to install apps (e.g., in Terminal: >sudo port install
nmap). If "sudo" does not work, do "su", root password, then
>port install nmap. You may have to first Enable Root
User (in Finder, click on Help, type "Root User" in the search box,
click on "Enable Root User"). ">" indicates the Terminal
prompt (which may differ and which you do not type).
Host-Based Firewall
- for servers use the "Sharing" panel in "System Preferences
...". This will allow specific open server ports, but with no
restriction on incoming IP addresses. The
"/etc/hosts.allow"
file
appears
to
be
recognized by the sshd server, and perhaps other servers,
but only lines like "all : 130.207. " or "all
:130.207.0.0/255.255.0.0" can be used (no server
specification, or netmask specification by /16).
The application "Little
Snitch" ($25, http://www.obdev.at/products/littlesnitch/download.html)
works like the Vista firewall, limiting network connections
by application, ports, and IP ranges. The rule table
is built up by selections in a pop-up box whenever a new
connection is attempted. You can manually edit the
rules (e.g., change 130.207.225.12 to a subnet like
130.207.0.0/16).
I highly recommend "RBrowser" ($29, http://www.rbrowser.com/)
for transferring files between Macs and/or UNIX systems, and
synchronizing remote folders. It is easier than remote
mounting Mac disks, and works with any remote host running
an ssh server. Good GUI interface.
For Windows
Windows has ping, nslookup, telnet,
and "tracert" available from
the "Command Prompt" terminal window (cmd.exe).
"Command Prompt" -(terminal) Start -> Run -> type
"CMD" The program is %systemroot%\windows32\cmd.exe
Windows - unix environment
- cygwin -
http://www.cygwin.com/ When you run "setup.exe", on the
"Select Packages" screen, select the optional installs of
"gcc-compiler" under "development utils" to get the gcc c
compiler and "openssh" under "Net" to install the ssh
terminal and ssh-keygen. You can run "setup.exe" again
later to add other UNIX programs.
cygwin will provide a good ssh terminal to access a
UNIX system, but if you really want the power of a UNIX computer
where you can be "root", I recommend installing the Ubuntu
variant of Linux (http://www.ubuntu.com,
http://www.sobell.com) as a
dual-boot or virtual machine (http://www.parallels.com)
on your PC. This will give you a nice GUI - desktop and windowing.
MSDNAA Website, that has Visual Studio versions 2003, 2005,
and 2008: http://msdn02.e-academy.com/git_ece
You
can
down
load
these
for use at home, as long as your are a registered student of GA
Tech. The site requires a user name and password obtained from
msdnaa-help@ece-help.gatech.edu.
"dig" and "whois" - http://members.shaw.ca/nicholas.fong/dig/
"whois" is installed when "dig" is installed.
"notepad++" for true text file editing of .bat and .conf
files. http://sourceforge.net/projects/notepad-plus/
or Google for it. Windows "Notepad" may add problematic control
characters, and Wordpad and Word definitely will.
Wireshark- Network monitor
program - http://wireshark.org
WinSCP - a SFTP
and SCP client for Windows using SSH. Its main function is secure
copying of files between a local and a remote computer - http://sourceforge.net/projects/winscp/
SSH Server for
Windows - sshd. FreeSSHd - http://www.freesshd.com/ and
SSHwindows - http://sourceforge.net/projects/sshwindows/.
PuTTY - a
telnet and ssh client for Windows - http://www.chiark.greenend.org.uk/~sgtatham/putty/
PingPlotter
- A Windows XP program that does pings and traceroutes, - http://www.pingplotter.com
You need a remote server
to practice doing things over the network. You probably
already have an account user on the ECE UNIX servers.
Try to log onto (with SSH) to
ecelinsrva.ece.gatech.edu See http://www.ece-help.gatech.edu/unix/index.html
Look at the tutorial:
http://www.ece-help.gatech.edu/unix/tutorial/index.html
To ease logging on, look at http://www.csc.gatech.edu/copeland/jac/6612/info/SSH-No-Password-Login.txt
You can capture network traffic by saving the file from a Wireshark capture, or capturing
directly from the command line with tcpdump: http://www.tcpdump.org/.
A standard UNIX utility program, tcpdump uses the same capture
filtering commands as Wireshark (they both use lib/pcaplib). To
write your own analysis programs, you need the format of these
capture files: http://wiki.wireshark.org/Development/LibpcapFileFormat.
Up to Date Information
SANS Institute
Computer Emergency Response Taskforce (CERT)
Cisco -Security
Advisories,
Cisco "Internet
Protocol Journal" - http://www.cisco.com/ipj/
Example - "Handling IP Addresses" - http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_9-1/ip_addresses.html
IEEE Computer Society
IEEE CS Technical
Committee on Security and Privacy
Slashdot
Linux Security - linuxsecurity.com,
Patches at www.linuxsecurity.com/advisories/
Government Organizations
U.S. Dept. of Justice - Cyber
Crime
U.S. FBI - Cyber Crime
Secure Sockets Layer (SSL) for Web data transfer
Recent Attack Information.
Netcraft.
Add SSL to a socket (e.g., add TLS to email):
socat - (http://www.dest-unreach.org/socat/
Stunnel - (http://www.stunnel.org/)
Hacker Information
2600 magazine
Security Products
Test your Windows Configuration - Shields Up
See What Your Computer tell's
every Web Site you Access
Georgia
Tech Security Info (free
anti-virus for GT students)
Writing Secure Software
Learn
Unix Commands in 10 Minutes - ECE
UNIX Tutorial
Secure Programming for Linux and Unix HOWTO
The Network Time Protocol , NTP
(need accurate time for forensics)
The Official U.S. Government Time
Odds and Ends (old notes)
The best way to run network utilities is under UNIX (Linux or Mac
OSX). The most useful are installed with the OS (traceroute,
ping, netstat, nslookup, dig, whois, tcpdump, ...).
"wireshark" can be selected as a network utility during a Linux
install. Instructions on use can be obtained from the "man"
pages (for manual) by typing "man program-name" at the command line.
Windows has ping, nslookup, telnet, and "tracert" available in the
Command Prompt terminal window. You can "redirect" the output
into a text (.txt) file (e.g., tracert www.cnn.com >
C:\mystuff\trace.txt) and then edit the file in "Notepad" or
"Wordpad".
Ethereal (now "wireshark") - Network monitor
program, can be installed on Linux, Mac (see info/Install-wireshark-on-MacOS.html),
Windows - http://wireshark.org
WinSCP - a SFTP and
SCP client for Windows using SSH. Its main function is secure
copying of files between a local and a remote computer - http://sourceforge.net/projects/winscp/
OpenSSH for
Windows - ssh client and server - http://www.networksimplicity.com/openssh/
PuTTY - a
telnet and ssh client for Windows - http://www.chiark.greenend.org.uk/~sgtatham/putty/
PingPlotter -
A Windows XP program that does ping's and traceroute's, - http://www.pingplotter.com
dig - similar to "nslookup", does
automatic iterative name resolution with "+trace" option. A
good version for Windows is from http://members.shaw.ca/nicholas.fong/dig/
(includes "whois").
"whois" gives information about the owner and operator of a
subnet.
A different approche to downloading programs into Windows is to boot
up Linux from a CD that already has the utilities installed.
These CDs will do just that, without affecting your hard disk or the
Windows OS on it.
Knoppix - Boot
disc creates a Linux OS in RAM - http://knoppix.org/
(German- click on flag for English)
STD - Boot
disc creates a (old) Linux OS in RAM with many network security
tools - http://s-t-d.org/
Some things can be done from certain Web sites. I like the
Geek Tools "whois" lookup, but the "whois" utility in Linux and
MacOS now also does a good job of selecting the right registrar
based on the IP address.
Geek Tools -
A Web site that does pings, traceroutes, and whois, ... - http://www.geektools.com
Ditto - look at http://lg.he.com
and get the Hurricane Electric "HE" app for smartphones.