Categories
Security Tools

Using Wireshark and tcpdump

Wireshark and tcpdump is a free and open-source network packet analyzer. Where Wireshark is a desktop application that can be installed on multiple Operating Systems while tcpdump is a commandline utility mainly seen in Linux/Unix based Operating Systems.

In this post we are using tcpdump to capture packets from a remote machine and analyse it using Wireshark.

Before we begin we need the following

  • A remote computer linux server with SSH enabled and tcpdump installed.
  • Root access to the server.
  • Any service which can be used to generate network traffic, like Apache Webserver or a node server.
  • A local computer with Wireshark installed.

The goal here is to capture the network traffic on a remote computer using tcpdump , download and analyse using wireshark.

Capturing packet remotely

In order to capture packets remotely connect using SSH, Connect to the remote server and start tcpdump like below.

[root@technix ~]#  tcpdump -s 0 -i ens192 -w tcpdump_Capture.pcap

In short, the above command will capture all traffic on the specified interface with -i option and write it to a file tcpdump_capture.pcap in a format compatible with Wireshark. Once you’ve finished capturing traffic, end the tcpdump session by pressing Ctrl+C

Note:

Make sure you use the proper network interface to capture the traffic, In this case, it was a Redhat Linux box and the interface name was ens192, In the case of certain other machines it might be eth0.

Analyzing the tcpdump file using Wireshark

we can download the tcpdump file from the remote server using any of the file transfer utilities like WinScp, Filezilla, or pscp.exe.

Once downloaded you can open the file in Wireshark. Open Wireshark, then import the tcpdump captured session using File –> Open and browse for your file. You can also double-click the tcpdump capture file to open it in Wireshark, as long as it has the *.pcap file extension.

This blog gives a basic introduction for using Wireshark and tcpdump, more details can be obtained from their respective websites.

Categories
Security Tools

OWASP Dependency-Check: what does it do?

The Open Web Application Security Project (OWASP), is an online community where we get free articles, methodologies, documentation tools, and other content related to Web Application Security.

Open source components have become an integral part of software development. The increasingly widespread use of open source components requires that developers take a more proactive approach to open source security management. They need to make sure throughout the development process that the software products that they are creating and maintaining don’t contain vulnerable components.

The OWASP Top 10 2013 contains a new entry: A9-Using Components with Known Vulnerabilities. Dependency-Check can currently be used to scan applications (and their dependent libraries) to identify any known vulnerable components.

Supported Programming Languages and Integrations

The OWASP Dependency-Check currently supports five different programming languages. Java and .NET are fully supported and additional experimental support is provided for Ruby, Node.js, and Python.

The OWASP’s tool also supports the Jenkins plugin, and can fail the build process, allowing you to make sure only approved code with no open source vulnerabilities is deployed to production.

Vulnerability Scanning

Scanning is the process of running the tool on the user’s code, to identify any vulnerable open source component. This is usually done by conducting a comparison between the user’s code and known open source vulnerabilities in the vulnerabilities database.  

The OWASP Dependency-Check uses a variety of analyzers to build a list of Common Platform Enumeration (CPE) entries. CPE is a structured naming scheme, which includes a method for checking names against a system.

Reporting is extremely important when dealing with vulnerability management, since it provides all security and development teams with actionable insights, as well as giving stakeholders the metrics that they need. The OWASP Dependency-Check can support these needs and can generate reports and exports in a variety of formats: XML, CSV, JSON, and HTML.  

OWASP Dependency-Check: Pros & Cons

proscons
It’s freeNo Dashboard
Multi reporting and export optionsNo overview report or report comparison
Easy to deploy and runNo vulnerability remediation
Lightweight