DOCSLIB.ORG

Network Protocol Analyzers (Sniffers)

Network Protocol Analyzers (Sniffers)

Network Protocol Analyzers (Sniffers) What are Network Protocol Analyzers (Packet Sniffers)? Wireshark Examples: • Ping (ICMP request & reply) • ARP • Nmap SYN scan • FTP (clear text password) • HTTP POST (clear text password) • IP Spoofing with Nmap • MAC Spoofing via Nmap • MITM via ARP Spoofing using Nping Page 1 Network Protocol Analyzers (Sniffers) Capture Packets from Network Interface Network Interface Card (NIC) – promiscuous mode Remember: switched networks do not forward packets Page 2 Network Protocol Analyzers (Sniffers) Popular Packet Sniffers: Capsa Network Analyzer Cain and Abel Carnivore (FBI) dSniff ettercap Fiddler Lanmeter Microsoft Network Monitor NarusInsight ngrep Network Grep SkyGrabber snoop tcpdump Wireshark (formerly known as Ethereal) http://en.wikipedia.org/wiki/Packet_analyzer Page 3 Network Protocol Analyzers (Sniffers) Page 4 Network Protocol Analyzers (Sniffers) Local Capture No Filter Update list of packets in real time Page 5 Network Protocol Analyzers (Sniffers) Wireshark Page 6 Network Protocol Analyzers (Sniffers) Ping Page 7 Network Protocol Analyzers (Sniffers) Request Ping Reply Page 8 Network Protocol Analyzers (Sniffers) ARP PC_22:3e:db 00:98:76:54:2f:db Address Resolution Protocol (ARP) – network layer address to link layer address Network Protocol Analyzers (Sniffers) ARP PC_12:2e:db (00:12:34:56:7f:db) Request PC_12:2e:db (00:12:34:56:7f:db) PC_12:2e:db (00:12:34:56:7f:db) PC_22:3e:db (00:98:76:54:2f:db) Response PC_12:2e:db (00:12:34:56:7f:db) PC_22:3e:db (00:98:76:54:2f:db) Page 10 Network Protocol Analyzers (Sniffers) Nmap SYN scan Item 9 – SMTP – no SYN-ACK Item 11 – Microsoft-DS (port 445) – SYN Item 16 – Microsoft-DS (port 445) – SYN-ACK (Port 445 – SMB over IP) PC_22:3e:db (00:98:76:54:2f:db) Network Protocol Analyzers (Sniffers) FTP – clear text password username pswd username username pswd Page 12 Network Protocol Analyzers (Sniffers) HTTP POST with clear text password Page 13 Network Protocol Analyzers (Sniffers) IP Spoofing with Nmap -S 192.168.1.254 (spoofed IP address) Page 14 Network Protocol Analyzers (Sniffers) IP Spoofing with Nmap Port checks from non-existent IP address Page 15 Network Protocol Analyzers (Sniffers) MAC Spoofing via Nmap Step 1: Generate new MAC address using nmap -spoof-mac 0 (generates a MAC address) Page 16 Network Protocol Analyzers (Sniffers) MAC Spoofing Step 2: Change the MAC address: ifconfig sudo ifdown eth0 sudo ifconfig eth0 hw ether CA:3B:3E:91:D1:3E sudo ifup eth0 ifconfig Page 17 Network Protocol Analyzers (Sniffers) MAC Spoofing - Original MAC Spoofing - Spoofed Page 18 Network Protocol Analyzers (Sniffers) Copyright 2013 Stacy (Dene’) Nelson Page 19 Network Protocol Analyzers (Sniffers) Copyright 2013 Stacy (Dene’) Nelson Page 20 Network Protocol Analyzers (Sniffers) Copyright 2013 Stacy (Dene’) Nelson Page 21 Network Protocol Analyzers (Sniffers) Copyright 2013 Stacy (Dene’) Nelson Page 22 Network Protocol Analyzers (Sniffers) Copyright 2013 Stacy (Dene’) Nelson Page 23 .

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    23 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us