SlideShare a Scribd company logo

Top 5 false positives

Download as PPTX, PDF
Jasper Bongertz, profile picture
Jasper Bongertz

The document outlines a presentation from Sharkfest '16 by Jasper Bongertz, focusing on the top five false positives in network analysis. These include negative delta times, frame size and checksum issues, retransmissions with duplicate acknowledgments, zero window conditions, and retransmission costs, each illustrated with Wireshark demos. The session aimed to educate attendees on common pitfalls in network traffic analysis.

Internet
Related topics:
Network Analysis Insights
1 of 17
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
SharkFest ‘16 • Computer History Museum • June 13-16, 2016 SharkFest ‘16 Top 5 False Positives Jasper Bongertz Thursday, June 16, 2016 Expert Analyst | Airbus Defence and Space CyberSecurity
SharkFest ‘16 • Computer History Museum • June 13-16, 2016 @packetjay Agenda 1. Negative Delta Times 2. Frame size and checksum problems 3. Retransmissions and Duplicate ACKs 4. Zero Window 5. Retransmission cost
SharkFest ‘16 • Computer History Museum • June 13-16, 2016 @packetjay 1. Negative Delta Times
SharkFest ‘16 • Computer History Museum • June 13-16, 2016 @packetjay 1 - Wireshark Demo
SharkFest ‘16 • Computer History Museum • June 13-16, 2016 @packetjay 2. Frame size and checksum problems
SharkFest ‘16 • Computer History Museum • June 13-16, 2016 @packetjay 2 - Wireshark Demo
SharkFest ‘16 • Computer History Museum • June 13-16, 2016 @packetjay False Positive 2 explained The offloading effect Application Operating System NIC driver Application Operating System NIC driver Dum pcap Sender Receiver
SharkFest ‘16 • Computer History Museum • June 13-16, 2016 @packetjay 3. Retransmissions and Dup ACKs
SharkFest ‘16 • Computer History Museum • June 13-16, 2016 @packetjay 3 – Wireshark Demo
SharkFest ‘16 • Computer History Museum • June 13-16, 2016 @packetjay False Positive 3 explained (1/3) Mirror Port Monitor Port SPAN with a single port mirrored
SharkFest ‘16 • Computer History Museum • June 13-16, 2016 @packetjay False Positive 3 explained (2/3) Mirror Port Monitor Port Mirror Port SPAN with two ports mirrored
SharkFest ‘16 • Computer History Museum • June 13-16, 2016 @packetjay False Positive 3 explained (3/3) Mirror Port Monitor Port Mirror Port SPAN with two ports mirrored
SharkFest ‘16 • Computer History Museum • June 13-16, 2016 @packetjay 4. Zero Window
SharkFest ‘16 • Computer History Museum • June 13-16, 2016 @packetjay 4 – Wireshark Demo
SharkFest ‘16 • Computer History Museum • June 13-16, 2016 @packetjay 5. Retransmission cost
SharkFest ‘16 • Computer History Museum • June 13-16, 2016 @packetjay 5 – Wireshark Demo
SharkFest ‘16 • Computer History Museum • June 13-16, 2016 Q&A Mail: jasper@packet-foo.com Web: blog.packet-foo.com Twitter: @packetjay

More Related Content

PPT
Automated Penetration Testing With Core Impact
Tom Eston
 
PPT
Snort
Stickman Hai
 
PPT
Automated Penetration Testing With The Metasploit Framework
Tom Eston
 
PDF
Rapid7 NERC-CIP Compliance Guide
Rapid7
 
PDF
Vulnerability to Disasters
Prof. David E. Alexander (UCL)
 
ODP
Snort
Michael Boman
 
PPTX
Vulnerability Assesment
Dedi Dwianto
 
PPTX
Introduction to Intrusion detection and prevention system for network
Eng. Mohammed Ahmed Siddiqui
 
Automated Penetration Testing With Core Impact
Tom Eston
 
Snort
Stickman Hai
 
Automated Penetration Testing With The Metasploit Framework
Tom Eston
 
Rapid7 NERC-CIP Compliance Guide
Rapid7
 
Vulnerability to Disasters
Prof. David E. Alexander (UCL)
 
Snort
Michael Boman
 
Vulnerability Assesment
Dedi Dwianto
 
Introduction to Intrusion detection and prevention system for network
Eng. Mohammed Ahmed Siddiqui
 

Recently uploaded (20)

PPTX
1402_iCSC_-_RESTful_Web_APIs_--_Josef_Hammer.pptx
mwnorman1
 
PDF
📍 LABUAN4D EXCLUSIVE SERVER STAR GAMING ASIA NO.1 TERPOPULER DI INDONESIA ! 🌟
alexiskandar061
 
PDF
SlidesGDGoCxRAIS about Google Dialogflow and NotebookLM.pdf
minhtrietgect
 
PPTX
Reading as a good Form of Recreation
Raj Kumble
 
PPTX
Introduction to cybersecurity and digital nettiquette
shanefrancisjavier21
 
PPTX
Layers_of_the_Earth_Grade7.pptx class by
varadhanvara05
 
PPTX
TITLE DEFENSE entitle the impact of social media on education
AgustoJerizMarfil
 
PPTX
Internet Safety for Seniors presentation
mwnorman1
 
PPTX
t_and_OpenAI_Combined_two_pressentations
wuvjwfnaadbnzelauy
 
PDF
The Ikigai Template _ Recalibrate How You Spend Your Time.pdf
KinchitJain2
 
PDF
Smart Home Technology for Health Monitoring (www.kiu.ac.ug)
publication11
 
PPTX
Mathew Digital SEO Checklist Guidlines 2025
Mathew Digital
 
PDF
Alethe Consulting Corporate Profile and Solution Aproach
debashisrakshit2025
 
DOCX
Powerful Ways AIRCONNECT INFOSYSTEMS Pvt Ltd Enhances IT Infrastructure in In...
Airconnect pvtltd
 
PPTX
The-Importance-of-School-Sanitation.pptx
shinjanmandal111
 
PPTX
Top Website Bugs That Hurt User Experience – And How Expert Web Design Fixes
e-Definers Technology
 
PDF
Buy Cash App Verified Accounts Instantly – Secure Crypto Deal.pdf
pvaonit
 
PPTX
Cyber Hygine IN organizations in MSME or
paramkiet
 
PDF
BIOCHEM CH2 OVERVIEW OF MICROBIOLOGY.pdf
tbasharababneh
 
PPT
12 Things That Make People Trust a Website Instantly
Shethil Ahammed
 
1402_iCSC_-_RESTful_Web_APIs_--_Josef_Hammer.pptx
mwnorman1
 
📍 LABUAN4D EXCLUSIVE SERVER STAR GAMING ASIA NO.1 TERPOPULER DI INDONESIA ! 🌟
alexiskandar061
 
SlidesGDGoCxRAIS about Google Dialogflow and NotebookLM.pdf
minhtrietgect
 
Reading as a good Form of Recreation
Raj Kumble
 
Introduction to cybersecurity and digital nettiquette
shanefrancisjavier21
 
Layers_of_the_Earth_Grade7.pptx class by
varadhanvara05
 
TITLE DEFENSE entitle the impact of social media on education
AgustoJerizMarfil
 
Internet Safety for Seniors presentation
mwnorman1
 
t_and_OpenAI_Combined_two_pressentations
wuvjwfnaadbnzelauy
 
The Ikigai Template _ Recalibrate How You Spend Your Time.pdf
KinchitJain2
 
Smart Home Technology for Health Monitoring (www.kiu.ac.ug)
publication11
 
Mathew Digital SEO Checklist Guidlines 2025
Mathew Digital
 
Alethe Consulting Corporate Profile and Solution Aproach
debashisrakshit2025
 
Powerful Ways AIRCONNECT INFOSYSTEMS Pvt Ltd Enhances IT Infrastructure in In...
Airconnect pvtltd
 
The-Importance-of-School-Sanitation.pptx
shinjanmandal111
 
Top Website Bugs That Hurt User Experience – And How Expert Web Design Fixes
e-Definers Technology
 
Buy Cash App Verified Accounts Instantly – Secure Crypto Deal.pdf
pvaonit
 
Cyber Hygine IN organizations in MSME or
paramkiet
 
BIOCHEM CH2 OVERVIEW OF MICROBIOLOGY.pdf
tbasharababneh
 
12 Things That Make People Trust a Website Instantly
Shethil Ahammed
 
Ad

Featured (20)

PDF
2024 Trend Updates: What Really Works In SEO & Content Marketing
Search Engine Journal
 
PDF
Storytelling For The Web: Integrate Storytelling in your Design Process
Chiara Aliotta
 
PDF
Artificial Intelligence, Data and Competition – SCHREPEL – June 2024 OECD dis...
OECD Directorate for Financial and Enterprise Affairs
 
PDF
How to Leverage AI to Boost Employee Wellness - Lydia Di Francesco - SocialHR...
SocialHRCamp
 
PDF
2024 State of Marketing Report – by Hubspot
Marius Sescu
 
PDF
Everything You Need To Know About ChatGPT
Expeed Software
 
PDF
Product Design Trends in 2024 | Teenage Engineerings
Pixeldarts
 
PDF
How Race, Age and Gender Shape Attitudes Towards Mental Health
ThinkNow
 
PDF
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
marketingartwork
 
PDF
Skeleton Culture Code
Skeleton Technologies
 
PDF
PEPSICO Presentation to CAGNY Conference Feb 2024
Neil Kimberley
 
PDF
Content Methodology: A Best Practices Report (Webinar)
contently
 
PPTX
How to Prepare For a Successful Job Search for 2024
Albert Qian
 
PDF
Social Media Marketing Trends 2024 // The Global Indie Insights
Kurio // The Social Media Age(ncy)
 
PDF
Trends In Paid Search: Navigating The Digital Landscape In 2024
Search Engine Journal
 
PDF
5 Public speaking tips from TED - Visualized summary
SpeakerHub
 
PDF
ChatGPT and the Future of Work - Clark Boyd
Clark Boyd
 
PDF
Getting into the tech field. what next
Tessa Mero
 
PDF
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Lily Ray
 
PDF
How to have difficult conversations
Rajiv Jayarajah, MAppComm, ACC
 
2024 Trend Updates: What Really Works In SEO & Content Marketing
Search Engine Journal
 
Storytelling For The Web: Integrate Storytelling in your Design Process
Chiara Aliotta
 
Artificial Intelligence, Data and Competition – SCHREPEL – June 2024 OECD dis...
OECD Directorate for Financial and Enterprise Affairs
 
How to Leverage AI to Boost Employee Wellness - Lydia Di Francesco - SocialHR...
SocialHRCamp
 
2024 State of Marketing Report – by Hubspot
Marius Sescu
 
Everything You Need To Know About ChatGPT
Expeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Pixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
ThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
marketingartwork
 
Skeleton Culture Code
Skeleton Technologies
 
PEPSICO Presentation to CAGNY Conference Feb 2024
Neil Kimberley
 
Content Methodology: A Best Practices Report (Webinar)
contently
 
How to Prepare For a Successful Job Search for 2024
Albert Qian
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Kurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
SpeakerHub
 
ChatGPT and the Future of Work - Clark Boyd
Clark Boyd
 
Getting into the tech field. what next
Tessa Mero
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Lily Ray
 
How to have difficult conversations
Rajiv Jayarajah, MAppComm, ACC
 
Ad

Top 5 false positives

  • 1. SharkFest ‘16 • Computer History Museum • June 13-16, 2016 SharkFest ‘16 Top 5 False Positives Jasper Bongertz Thursday, June 16, 2016 Expert Analyst | Airbus Defence and Space CyberSecurity
  • 2. SharkFest ‘16 • Computer History Museum • June 13-16, 2016 @packetjay Agenda 1. Negative Delta Times 2. Frame size and checksum problems 3. Retransmissions and Duplicate ACKs 4. Zero Window 5. Retransmission cost
  • 3. SharkFest ‘16 • Computer History Museum • June 13-16, 2016 @packetjay 1. Negative Delta Times
  • 4. SharkFest ‘16 • Computer History Museum • June 13-16, 2016 @packetjay 1 - Wireshark Demo
  • 5. SharkFest ‘16 • Computer History Museum • June 13-16, 2016 @packetjay 2. Frame size and checksum problems
  • 6. SharkFest ‘16 • Computer History Museum • June 13-16, 2016 @packetjay 2 - Wireshark Demo
  • 7. SharkFest ‘16 • Computer History Museum • June 13-16, 2016 @packetjay False Positive 2 explained The offloading effect Application Operating System NIC driver Application Operating System NIC driver Dum pcap Sender Receiver
  • 8. SharkFest ‘16 • Computer History Museum • June 13-16, 2016 @packetjay 3. Retransmissions and Dup ACKs
  • 9. SharkFest ‘16 • Computer History Museum • June 13-16, 2016 @packetjay 3 – Wireshark Demo
  • 10. SharkFest ‘16 • Computer History Museum • June 13-16, 2016 @packetjay False Positive 3 explained (1/3) Mirror Port Monitor Port SPAN with a single port mirrored
  • 11. SharkFest ‘16 • Computer History Museum • June 13-16, 2016 @packetjay False Positive 3 explained (2/3) Mirror Port Monitor Port Mirror Port SPAN with two ports mirrored
  • 12. SharkFest ‘16 • Computer History Museum • June 13-16, 2016 @packetjay False Positive 3 explained (3/3) Mirror Port Monitor Port Mirror Port SPAN with two ports mirrored
  • 13. SharkFest ‘16 • Computer History Museum • June 13-16, 2016 @packetjay 4. Zero Window
  • 14. SharkFest ‘16 • Computer History Museum • June 13-16, 2016 @packetjay 4 – Wireshark Demo
  • 15. SharkFest ‘16 • Computer History Museum • June 13-16, 2016 @packetjay 5. Retransmission cost
  • 16. SharkFest ‘16 • Computer History Museum • June 13-16, 2016 @packetjay 5 – Wireshark Demo
  • 17. SharkFest ‘16 • Computer History Museum • June 13-16, 2016 Q&A Mail: jasper@packet-foo.com Web: blog.packet-foo.com Twitter: @packetjay

Editor's Notes

  • #18: Background Photo: Flickr user Fredrik Andreasson