Packets don’t lie – Network Security Monitoring for the masses

On 18th June, I got an opportunity to present at RootConf Detecting anomalous network patterns conference on Network Security Monitoring. Here is the video of the recording –

Please feel to reach out if you find the talk interesting or would like to discuss implementing Network Security Monitoring in your network.

Network Protocols & Network Security Workshop VM

Image – Unsplash / @kellitungay

For the ongoing Network Protocols and Network Security workshop, we wanted to share the content which is going to be constantly updated with the participants.

One way is to share the presentation and the files (PCAP files, scripts to create the lab environment etc). This approach isn’t ideal if the content is going to be updated every now and then. Also, for participants, it is difficult to track the changes made to the presentation or avoid file duplication.

The other factors which were equally important – the hands-on labs should be easy to setup and available for practise later at any point of time.

The lab exercises shouldn’t mess with the main network. Who would be happy to bring the home internet offline and irk family members ? 🥺

The last bit was crucial in the context of this workshop. Some of the lab exercises such as ARP Spoofing would result in ARP cache poisoning for the whole network. The goal was also to have participants experiment with the labs in a safe environment.

Taking stock of the various factors, we decided to build a virtual machine(VM) using Ubuntu 20.04.2 LTS. The idea was to pack the lab exercises, the lab environment and most importantly the content inside the VM.

We’ve also made it possible for the participants to update the content and the lab exercises. This means that participants can run a couple of commands and have the latest content and lab exercises.

We are pretty stoked with how the VM has shaped up. Lot of exciting stuff in the pipeline !

Figure 1 – Network Protocols & Network Security Workshop VM

Wireshark – Packet Diagram view

Wireshark has introduced a great feature (version 3.3.0 and above) which can display a packet in a diagrammatic representation. We find this is particularly useful when teaching protocols and talking all things packets.

Figure 1 – Wireshark 3.4.5 with Packet Diagram View

To enable the Packet Diagram view and get the layout as shown in the image above – Wireshark > Preferences > Layout (under Appearance) > Select Packet List (Pane 1) , Packet Details (Pane 2) and Packet Diagram (Pane 3) > OK

If you would like to see the contents of the packet in the Packet Diagram, select a packet from the Packet List and right-click anywhere in the Packet Diagram > Show Field Values.