Network Utility Programs
For this class, there will be homework exercises requiring the use of:
nmap ping traceroute
tcpdump ethereal nslookup (or "host" or
"dig"), whois, ssh, and telnet.
The best way to run network utilities is under UNIX (Linux or Mac
OS X ("Terminal" or "X11"). The most useful are installed with
the OS (traceroute,
ping, netstat, nslookup, dig, whois, tcpdump, ...). "wireshark"
can be
selected as a network utility during a Linux install.
Instructions on
use can be obtained from the "man" pages (for manual) by typing "man
program-name" at the command line.
Ethereal (now "wireshark") - Network
monitor program, can be installed on Linux, Mac (see info/Install-wireshark-on-MacOS.html),
Windows
- http://wireshark.org
nmap, a port-scanning tool (http://www.insecure.org/nmap/)
(Windows
also)
PGP Encryption - PGP
International
(free, v.8.0 2003), PGP Corp ($59),
other Links (2002)
GPG - GNU Privacy Guard - open source replacement for PGP
- www.gnupg.org
MacOS - http://macgpg.sourceforge.net/
As of 2/26/2010 under Snow Leopard (OSX 10.6), the GPGMail plugin does
not work in Apple Mail. Thunderbird with the Enigmail plugin seems to the
only option for Snow Leopard users (it also can be used with
Thunderbird on Windows).
c Compiler - gcc is standard in unix, linux, and MacOS.
For Mac
To install additional UNIX applications, install MacPorts, www.macports.org , then use
MacPorts to install apps (e.g., #sudo port install nmap). If
"#sudo" does not work, do "#su", root password, then #port install
nmap. You may have to first start Utilities/Network Manager -
select
Securty and Authenticate, then Security and Enable Root User. "#"
indicates the Terminal prompt.
Host-Based Firewall
- for servers use the "Sharing" panel in "System Preferences
...". This will allow specific open server ports, but with no
restriction on incoming IP addresses. The
"/etc/hosts.allow"
file appears to be recognized by the sshd server,
and perhaps other servers, but only lines like "all : 130.207. "
can be used (no server specification, or range specification by
netmasks or /n).
The application "Little Snitch"
($25, http://www.obdev.at/products/littlesnitch/download.html)
works
like the Vista firewall, limiting network connections by
application, ports, and IP ranges. The rule table is built up by
selections in a pop-up box whenever a new connection is
attempted. You can manually edit the rules (e.g., change
130.207.225.12 to a subnet like 130.207.0.0/16).
For Windows
Windows has ping, nslookup, telnet,
and
"tracert" available from
the
"Command Prompt"
terminal window (cmd.exe).
"Command Prompt" -(terminal) Start -> Run -> type
"CMD" The program is %systemroot%\windows32\cmd.exe
Windows - unix environment
- cygwin - http://www.cygwin.com/
-manually
select the optional download of "development utils" to get the gcc
c
compiler.
Visual Studio 2003:
ftp://software.ece.gatech.edu/pub/software/Microsoft/VisualStudio/
This
version can only be used/run on GA Tech owned computers.
MSDNAA Website, that has Visual Studio versions 2003, 2005, and
2008: http://msdn02.e-academy.com/git_ece
You
can down load these for use at home, as long as your are a
registered student of GA Tech. The site requires a user name and
password obtained from msdnaa-help@ece-help.gatech.edu.
Borland's c++ compiler is free from Codegear - http://www.codegear.com/downloads/free/cppbuilder
"dig" and "whois" - http://members.shaw.ca/nicholas.fong/dig/
"notepad++" for true text file editing of .bat and .conf
files. Google for it.
Ethereal (now "wireshark") - Network
monitor program - http://wireshark.org
WinSCP - a SFTP and SCP
client for Windows using SSH. Its main function is secure copying of
files between a local and a remote computer - http://sourceforge.net/projects/winscp/
OpenSSH for
Windows - ssh client and server - http://www.networksimplicity.com/openssh/
PuTTY - a telnet
and ssh client for Windows - http://www.chiark.greenend.org.uk/~sgtatham/putty/
PingPlotter - A
Windows XP program that does pings and traceroutes, - http://www.pingplotter.com
Up to Date Information
SANS Institute
Computer Emergency Response Taskforce (CERT)
Dept. of Energy, Computer Incident Advisory Capability (CIAC) -Email Hoaxes
Cisco -
Security Advisories, Preventing DoS
Attacks
IEEE Computer Society
IEEE CS Technical Committee
on Security and Privacy
Netscape
Security Center
Slashdot
Linux Security - linuxsecurity.com,
Patches
at www.linuxsecurity.com/advisories/
Government Organizations
U.S. Dept. of Justice - Cyber
Crime
U.S. FBI - National
Infrastructure Protection Center
G8 Nations - Paris
Meeting
Secure Sockets Layer (SSL) for Web data transfer
Introduction
to
the Secure Sockets Layer (SSL) protocol. Netscape.
SSL 3.0 Spec
-Links to SSL 3.0 specification drafts and information on implementing
SSL. Netscape.
SSL
basics for Internet users. Planet SSL.
Find out what type of
secure server a site is running. Netcraft.
Add SSL to a socket (e.g., add TLS to email):
socat - (http://www.dest-unreach.org/socat/
Stunnel - (http://www.stunnel.org/)
Hacker Information
2600 magazine
Security Products
Test your Windows Configuration - Shields
Up
See What Your
Computer tell's every Web Site you Access
Georgia
Tech
Security Info (free
anti-virus for GT students)
Writing Secure Software
Learn
Unix Commands in 10 Minutes
Secure Programming for Linux and Unix HOWTO
The Network Time Protocol , NTP
(need accurate time for forensics)
The Official U.S. Government
Time
The best way to run network utilities is under UNIX (Linux or Mac
OSX). The most useful are installed with the OS (traceroute,
ping, netstat, nslookup, dig, whois, tcpdump, ...). "wireshark"
can be
selected as a network utility during a Linux install.
Instructions on
use can be obtained from the "man" pages (for manual) by typing "man
program-name" at the command line.
Windows has ping, nslookup, telnet, and "tracert" available in the
MSDOS
terminal window,
which is painful to use (80x25 characters, no scollback, ...).
You can "redirect" the output into a text (.txt) file (e.g., tracert
www.cnn.com > C:\mystuff\trace.txt) and then edit the file in
"notepad"
or "wordpad".
Ethereal (now "wireshark") - Network
monitor program, can be installed on Linux, Mac (see info/Install-wireshark-on-MacOS.html),
Windows
- http://wireshark.org
WinSCP - a SFTP and SCP
client for Windows using SSH. Its main function is secure copying of
files between a local and a remote computer - http://sourceforge.net/projects/winscp/
OpenSSH for
Windows - ssh client and server - http://www.networksimplicity.com/openssh/
PuTTY - a telnet
and ssh client for Windows - http://www.chiark.greenend.org.uk/~sgtatham/putty/
PingPlotter - A
Windows XP program that does pings and traceroutes, - http://www.pingplotter.com
dig - similar to "nslookup", does
automatic iterative name resolution with "+trace" option. A good
version for Windows is from http://members.shaw.ca/nicholas.fong/dig/
(includes
"whois").
"whois" gives information about the owner and operator of a
subnet.
A different approch to downloading programs into Windows is to boot up
Linux from a CD that already has the utilities installed. These
CDs will do just that, without affecting your hard disk or the Windows
OS on it.
Knoppix - Boot
disc creates a Linux OS in RAM - http://knoppix.org/
(German- click on
flag for English)
STD - Boot disc
creates a Linux OS in RAM with manynetwork security
tools - http://s-t-d.org/
Some things can be done from certain Web sites. I like the Geek
Tools
"whois" lookup, but the "whois" utility in Linux and MacOS now also
does a good job of selecting the right registrar based on the IP
address.
Geek Tools - A
Web site that does pings, traceroutes, and whois,
... - http://www.geektools.com
Some notes on use and installation are in the "info" folder - info/
Information Sources
Cisco "Internet Protocol
Journal" -
http://www.cisco.com/ipj/
Example - "Handling IP Addresses" - http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_9-1/ip_addresses.html