1 / 14

Detection of Promiscuous nodes Using Arp Packets

Detection of Promiscuous nodes Using Arp Packets. By Engin Arslan. Introduction. Threats in local networks Packet sniffing can lead to access private, confidential data Use Arp packets to identify sniffers. Principle of Sniffing. Local networks are composed of Ethernet.

takara
Download Presentation

Detection of Promiscuous nodes Using Arp Packets

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Detection of Promiscuous nodes Using Arp Packets By Engin Arslan

  2. Introduction • Threats in local networks • Packet sniffing can lead to access private, confidential data • Use Arp packets to identify sniffers

  3. Principle of Sniffing • Local networks are composed of Ethernet. • Messages sent through local networks are expected to reach right person

  4. Principle of Sniffing • Network Interface Card manages to decide receive or drop packet • If own interface is destinationthen receive, drop otherwise • Set NIC to Prosmicious Mode to receive all packet regardless of destionation Sniffer

  5. Hardware Filter • NIC basically can set up for 4 filters • Unicast: Receive packets destined to same address • Broadcast: Receive all broadcast packets • All multicast: Receive multicast packets • Promiscuous: Receive all packet on the network without checking destination

  6. Arp Mechanism • Used to convert IP address & hardware address I am 192.1.10.15 with hw add 00.00.00.00.00.01 Who is 192.1.10.15

  7. ARP Packet Detection&Response • There are two kinds of filtering • Hardware Filter: ARP packet is received if destination address of ARP is valid • Software Filter: Requested IP address is same as host address

  8. Software Filter in Linux

  9. Detection of Promiscuous Mode • Prepare ARP packet with following properties • Destination of ARP packet is targeted PC FF.FF.FF.FF.FF.FE

  10. Send this packet to network • This packet is supposed to be blocked by hardware filter of target machine. If target machine reply ARP request, then it is in Promiscuous mode

  11. QUESTIONS

More Related