| < Day Day Up > |
|
Sapphire worm, 365
Save As dialog box, 140–141
Save As menu option, 137, 140
Save menu option, 137, 140
saving
capture files, 140–141, 306–307, 350
capture filters, 252, 253, 259
display filters, 252, 253, 259
sca keyword, 214, 217
Scan3.log file, 366
scanning
Null scans, 358–359
overview, 354, 376–377
similar-appearing activities, 378
TCP Connect scans, 355–356
TCP SYN scans, 356–357
XMAS scans, 357–358
sctp keyword, 214, 218
ISDN4BSD project, 44, 305
Secure Shell (SSH), 32
Secure Sockets Layer (SSL), 32
Sentinel tool, 30
Server Message Block (SMB) protocol, 233
session layer, Open Systems Interconnection (OSI) model, 17
Sharpe, Richard, 41, 54
Shomiti/Finisar Surveyor, 43, 304
Show Packet in New Window menu option, 160–161
signed integers, 230
Simple Network Management Protocol (SNMP). See SNMP (Simple Network Management Protocol)
Slammer worm, 365–366, 367
SMB (Server Message Block) protocol, 233
SMTP (Simple Mail Transfer Protocol), 7, 19
Sniffer, 3, 9, 43, 304, 307, 339, 342. See also sniffers
Sniffer Technologies, 342. See also Netasyst
sniffers. See also network analyzers
backdoor, 7–8, 359–363
detecting, 27–31, 36
FTP session example, 8–9
how they work, 35–36
intruder use, 6–8
list of products, 9–11
permission to use, 33
policy issues, 33, 36–37
protecting against, 31–33, 36
reasons for using, 5–11, 35
session capture, 8–9
vs. Sniffer, 3
tools for detecting, 30–31
ways to use, 6–8
writing programs, 19–20
sniffing, defined, 2
Sniffit, 10
SNMP (Simple Network Management Protocol)
Net-SNMP package, 77, 100, 111, 384
and UDP, 19
vulnerability to sniffers, 7
snoop
capturing and saving data, 329–330
command-line options, 328
defined, 10
Ethereal compatibility, 43
as format for reading capture files, 304
as format for saving capture files, 307
overview, 326
reading Ethereal files with, 330–333
usage output, 327
viewing capture files together with tcpdump capture files, 352
Snort
capturing and saving data, 322–325, 352
command-line options, 322
defined, 10
overview, 78, 320
and promiscuous mode, 206
reading Ethereal files with, 325–326
usage output, 320–322
Solaris. See also snoop
installing Ethereal from, 104–108
installing libpcap from, 83–85
spam prevention, 68
spanning ports, 24, 25, 27
Spanning Tree Protocol, 214
spoofing, 15–16, 26
SQL Server, 365
SQL Slammer worm, 365–366, 367
SSL (Secure Sockets Layer), 32
Stallman, Richard, 42
static functions, 397
Statistics submenu, Analyze menu, 194
stealth scans, 356–357
Stevens’ time-sequence graphs, 182–183, 192
stp keyword, 214
Stream Control Transmission Protocol, 214, 218
strings
in fields, 230, 234–236, 241
matches operator, 235
types, 235
strutil.h file, 396
sub-trees, 413–415, 432
SubSeven, 7, 360–361
Summary dialog box, Analyze menu, 192
Summary Window
filtering display, 134–136
overview, 128–130
pop-up menu, 197–198
Sun Microsystems. See also snoop
installing Ethereal from Solaris packages, 104–108
installing libpcap from Solaris packages, 83–85
Supported Protocols dialog box, Help menu, 196
SuSE Linux libpcap, 306
switches
defeating, 25–27
failing closed, 25
failing open, 25
flooding, 25, 37
vs. hubs, 22
and MAC addresses, 23
overview, 22–23
port mirroring feature, 24
reconfiguring port spanning, 27
SYN flag, 354, 355–356
syntax, Ethereal, 402
system requirements, 77
Systems Communication Arcitecture, 214, 217
| < Day Day Up > |
|