 |  |  |  |  |  |  |  |  |
Chappell Seminars
TM
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
| Recent Blog Entries (RSS Feed) |
| [R] Recorded course available - included in All-Access Pass (additional recordings in production) |
| COURSE LIST (View Schedule) |
50% off Summit 09 Registration More info
Summit 09 50% off for
All Access Pass Members
All Access Pass Members
Summit 09 Bonus: Licensed NetScanTools Pro - a $249 Value
All Summit 09 attendees will receive a full licensed copy of NetScanTools Pro – a
$249 value.
One of the labs for Summit 09 deals with SNMP snooping – locating information
about a device by taking advantage of available MIB (Management Information
Base) data through SNMP walking. Networks abound with SNMP-based devices
– we can use the Port Scanner tool to generate a simple UDP scan for port 161 to
discover those SNMP devices.
In NetScanTools, I discovered a few network printers supporting SNMP. I entered
ID (OID) .iso.org.dod.internet. I left the community string at the default as I was
certain no one had changed it since the printer was plugged in.certain no one had
changed it since the printer was plugged in.
The result… a 24-page document filled with information about that printer and the
other devices on the wired and wireless networks. The standard printer
information was puked out as expected, but this SNMP snoop yielded loads more
information:
As I started playing a bit more and finding other unique SNMP devices, I realized I
needed to load some new MIBs - a MIB is a database of objects. I found
hundreds of MIBs available online at www.oidview.com/mibs/detail.html.
One of the coolest features in NetScanTools' SNMP tool is the ability to determine
listening ports on the target without using a port scan. By generating
udpLocalPort and tcpConnState queries, I could get the list of open UDP and TCP
ports directly from the source.
Using NetScanTools we can discover SNMP devices on the network, load an
unlimited number of additional MIBs and perform a dictionary attack to identify the
community string used by SNMP devices.
Join us at Summit 09 on December 7-9th! You'll get a copy of NetScanTools Pro
and 3 full days of hands-on individual and group labs focused on troubleshooting
and security. Don't miss it!
Download the Summit Information Guide. All Access Pass members receive a
50% discount to Chappell Summit 09.
All Summit 09 attendees will receive a full licensed copy of NetScanTools Pro – a
$249 value.
One of the labs for Summit 09 deals with SNMP snooping – locating information
about a device by taking advantage of available MIB (Management Information
Base) data through SNMP walking. Networks abound with SNMP-based devices
– we can use the Port Scanner tool to generate a simple UDP scan for port 161 to
discover those SNMP devices.
In NetScanTools, I discovered a few network printers supporting SNMP. I entered
ID (OID) .iso.org.dod.internet. I left the community string at the default as I was
certain no one had changed it since the printer was plugged in.certain no one had
changed it since the printer was plugged in.
The result… a 24-page document filled with information about that printer and the
other devices on the wired and wireless networks. The standard printer
information was puked out as expected, but this SNMP snoop yielded loads more
information:
- ARP table listing devices on the wired and wireless network
- MAC layer In/Out statistics (including errors)
- TCP In/Out statistics (including errors)
- UDP In/Out statistics (including errors)
- ICMP In/Out statistics (including errors)
- Routing table
- List of all received/transmitted ICMP packets
- SSIDs, channel numbers and signal strength of local WLANs - not just the
WLAN that the printer was on and not just on the channel the printer was
on
As I started playing a bit more and finding other unique SNMP devices, I realized I
needed to load some new MIBs - a MIB is a database of objects. I found
hundreds of MIBs available online at www.oidview.com/mibs/detail.html.
One of the coolest features in NetScanTools' SNMP tool is the ability to determine
listening ports on the target without using a port scan. By generating
udpLocalPort and tcpConnState queries, I could get the list of open UDP and TCP
ports directly from the source.
Using NetScanTools we can discover SNMP devices on the network, load an
unlimited number of additional MIBs and perform a dictionary attack to identify the
community string used by SNMP devices.
Join us at Summit 09 on December 7-9th! You'll get a copy of NetScanTools Pro
and 3 full days of hands-on individual and group labs focused on troubleshooting
and security. Don't miss it!
Download the Summit Information Guide. All Access Pass members receive a
50% discount to Chappell Summit 09.
SNMP
Snooping
Snooping
ALL ACCESS PASS
includes Core 1, Core 2, Whiteboard
Videos, Ask Laura Videos, Trace File
Videos, Trace Files and access to all the
recorded Chappell Seminars.
[View the All Access Info PDF...]
Single membership; individual account
info@chappellU.com
includes Core 1, Core 2, Whiteboard
Videos, Ask Laura Videos, Trace File
Videos, Trace Files and access to all the
recorded Chappell Seminars.
[View the All Access Info PDF...]
Single membership; individual account
info@chappellU.com
$999
REGISTER FOR WEEKLY NEWS
COMING SOON!
The ultimate guide to
troubleshooting and
securing networks
with Wireshark
The ultimate guide to
troubleshooting and
securing networks
with Wireshark
Copyright Chappell University
All Rights Reserved
Privacy Policy
All Rights Reserved
Privacy Policy
Wireshark
- Practical tips throughout
- Basic through advanced techniques
- Undocumented features
- Exporting for reporting tricks
- Find the needle in the haystack
- Analyze unruly applications
- Spot the cause of slow web browsing
- Identify WLAN problems
- Analyze and replay VoIP connections
- Reassemble traffic of all kinds
- Catch scanning/discovery processes
- Hundreds of sample traffic files to work on
- Chapter review/answer sections
- Real world case studies
- Tricks for command-line capture
- Remote capture solutions
- Decrypting SSL traffic
- Tips for capturing on switched nets
- Custom profile configurations included
- Security color filters included
- more...
Sign up for the newsletter to be notified of
the book release!
- Practical tips throughout
- Basic through advanced techniques
- Undocumented features
- Exporting for reporting tricks
- Find the needle in the haystack
- Analyze unruly applications
- Spot the cause of slow web browsing
- Identify WLAN problems
- Analyze and replay VoIP connections
- Reassemble traffic of all kinds
- Catch scanning/discovery processes
- Hundreds of sample traffic files to work on
- Chapter review/answer sections
- Real world case studies
- Tricks for command-line capture
- Remote capture solutions
- Decrypting SSL traffic
- Tips for capturing on switched nets
- Custom profile configurations included
- Security color filters included
- more...
Sign up for the newsletter to be notified of
the book release!
