1 / 17

Network Security: Lab#4-2 Packet Sniffers

Network Security: Lab#4-2 Packet Sniffers. J. H. Wang Dec. 2, 2013. Objectives. To learn to use packet sniffers Tcpdump/WinDump Wireshark (formerly Ethereal) Cain and Abel. Packages Used in this Lab. Packages tcpdump/WinDump WireShark Cain and Abel. Experiment Scenario.

tuan
Download Presentation

Network Security: Lab#4-2 Packet Sniffers

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Network Security: Lab#4-2Packet Sniffers J. H. Wang Dec. 2, 2013

  2. Objectives • To learn to use packet sniffers • Tcpdump/WinDump • Wireshark (formerly Ethereal) • Cain and Abel

  3. Packages Used in this Lab • Packages • tcpdump/WinDump • WireShark • Cain and Abel

  4. Experiment Scenario • To test the basic functions of a packet sniffer • Dump packets • Check packet details: IP, port, protocol, … • Packet statistics • To test the vulnerability of some protocols • Use FTP to login and transfer files • Use sftp to login and transfer files

  5. Packet Sniffers • tcpdump/WinDump • Wireshark • Cain and Abel • ettercap

  6. tcpdump • Homepage: http://www.tcpdump.org/ • Current version (for Linux): • tcpdump 4.5.1: a powerful command-line packet analyzer • libpcap 1.5.1: and a C/C++ library for network traffic capture • For Windows: • WinDump 3.9.5: http://www.winpcap.org/windump/ • Windows version of tcpdump • WinPcap 4.1.3: http://www.winpcap.org/ • Windows version of libpcap • A driver for low-level network access • A library for low-level network analysis

  7. Example Commands • To display all network adapters • WinDump -D • To listen to all traffic in network adapter #1 • WinDump -i 1 • To listen to all traffic with source or destination port number 80 • WinDump -i 1 port 80 • To dump all captured packets in file • WinDump -r <file>

  8. Wireshark • Homepage: http://www.wireshark.org/ • Latest version: 1.10.3 (formerly Ethereal) • Also includes the latest WinPcap library

  9. Example Usage for Wireshark • To display all network interfaces • Choose [Capture/Interfaces] • To start capturing packets • Click [Start] • To stop capturing packets • [Capture/Stop]

  10. To display statistics about packets • [Statistics/Summary] • [Statistics/Protocol Hierarchy] • [Statistics/Endpoints] • [Statistics/IO Graphs] • [Statistics/Flow Graph] • [Statistics/WLAN Traffic]

  11. Cain and Abel • Homepage: http://www.oxid.it/cain.html • Version: 4.9.47 • A “password recovery tool” for Microsoft operating systems • Using dictionary, brute-force, cryptanalysis attacks • A packet sniffer • Man-in-the-middle attack using ARP spoofing • Installation steps • Cain and Abel • WinPcap 4.1.2 library for packet capturing

  12. Packet sniffer • [Configure]: to select the network adapter • [Filters and Ports]: to select the ports to be monitored • Right click on sniffer, then [Scan MAC Address] • ARP Poison Routing (APR)

  13. ettercap • Homepage: http://ettercap.sourceforge.net/ • Version: 0.8.0-Lacassagne • Platforms: Linux/FreeBSD/Mac OS X/Windows XP/Solaris • Man-in-the-middle attack using ARP spoofing • It uses libpcap library • Installation

  14. Another Usage of Packet Sniffer: Vulnerability of FTP • First, open the packet sniffer • Second, use FTP to login • Under [Start], type “cmd” • ftp 140.124.13.2 • Type in username & password • bye • Then, check the username and password in packet sniffer

  15. Example for sftp • First, open the packet sniffer • Second, use psftp to login and transfer files • Start “psftp” • open 140.124.13.2 • Type in username & password • bye • Then, check the username and password in packet sniffer

  16. Other Examples • You can also check the vulnerability for the following protocols • Telnet vs. ssh • SMTP vs. SMTPS (with SSL) or SMTPAuth • POP3 • …

  17. Summary • Packet sniffer • tcpdump/WinDump • Wireshark • Cain & Abel • Ettercap • Vulnerability of protocols • FTP

More Related