CNIT 124: Advanced Ethical Hacking Ch 7: Capturing Traffic.

Slides:



Advertisements
Similar presentations
Ethical Hacking Module VII Sniffers.
Advertisements

LAN Devices 5.3 IT Essentials.
Media Access Control (MAC) addresses in the network access layer ▫ Associated w/ network interface card (NIC) ▫ 48 bits or 64 bits IP addresses for the.
Hands-On Ethical Hacking and Network Defense Lecture 15 Man in the Middle Attack to get Passwords from HTTPS Sessions.
Network Certification Preparation. Module - 1 Communication methods OSI reference model and layered communication TCP/IP model TCP and UDP IP addressing.
COEN 252 Computer Forensics Remote Sniffer Detection.
1 Version 3 Module 8 Ethernet Switching. 2 Version 3 Ethernet Switching Ethernet is a shared media –One node can transmit data at a time More nodes increases.
TCP/IP Protocol Suite 1 Chapter 7 Upon completion you will be able to: ARP and RARP Understand the need for ARP Understand the cases in which ARP is used.
IS 247 Introduction to Web Application Development Tim Wu.
Man in the Middle Paul Box Beatrice Wilds Will Lefevers.
1 Version 3 Module 8 Ethernet Switching. 2 Version 3 Ethernet Switching Ethernet is a shared media –One node can transmit data at a time More nodes increases.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Understanding Networks. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.
5-1 Data Link Layer r Today, we will study the data link layer… r This is the last layer in the network protocol stack we will study in this class…
Bob Baker Communications Bob Baker September 1999.
Networking Components
Integrity Check As You Well Know, It Is A Violation Of Academic Integrity To Fake The Results On Any.
Introduction to InfoSec – Recitation 12 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)
Wireshark and TCP/IP Basics ACM SIG-Security Lance Pendergrass.
Firewalls CS158B Don Tran. What is a Firewall? A firewall can be a program or a device that controls access to a network.
LTEC 4560 Summer 2012 Justin Kappel Networking Components.
Chapter 4: Managing LAN Traffic
Karlstad University Introduction to Vulnerability Assessment Labs Ge Zhang Dvg-C03.
Characteristics of Communication Systems
Common Devices Used In Computer Networks
Ethical Hacking Defeating Wireless Security. 2 Contact Sam Bowne Sam Bowne Computer Networking and Information Technology Computer Networking and Information.
Address Resolution Protocol(ARP) By:Protogenius. Overview Introduction When ARP is used? Types of ARP message ARP Message Format Example use of ARP ARP.
TCP/IP Protocol Suite 1 Chapter 7 Upon completion you will be able to: ARP and RARP Understand the need for ARP Understand the cases in which ARP is used.
Module 4: Configuring ISA Server as a Firewall. Overview Using ISA Server as a Firewall Examining Perimeter Networks and Templates Configuring System.
NETWORKING COMPONENTS AN OVERVIEW OF COMMONLY USED HARDWARE Christopher Johnson LTEC 4550.
© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—2-1 Ethernet LANs Exploring the Packet Delivery Process.
Application Block Diagram III. SOFTWARE PLATFORM Figure above shows a network protocol stack for a computer that connects to an Ethernet network and.
CHAPTER 9 Sniffing.
Media Access Control (MAC) addresses in the network access layer ▫ Associated w/ network interface card (NIC) ▫ 48 bits or 64 bits IP addresses for the.
INTRODUCTION TO NETWORKS 8/2/2015 SSIG SOUTHERN METHODIST UNIVERSITY.
A machine that acts as the central relay between computers on a network Low cost, low function machine usually operating at Layer 1 Ties together the.
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network, Enhanced Chapter 3: TCP/IP Architecture.
DHP Agenda: How to Access Web Interface of the DHP-1320 on Access Point Mode How to Access Web Interface of the DHP-1320 on Router Mode How to Change.
Monitoring Troubleshooting TCP/IP Chapter 3. Objectives for this Chapter Troubleshoot TCP/IP addressing Diagnose and resolve issues related to incorrect.
Advanced Packet Analysis and Troubleshooting Using Wireshark 23AF
Networking Material taken mainly from HowStuffWorks.com.
CSC 116 – Computer Networks Fall 2015 Instructor: Robert Spengler.
1 Microsoft Windows 2000 Network Infrastructure Administration Chapter 4 Monitoring Network Activity.
LANS A Overview (also a Review). NICS  Could be Ethernet, FDDI, Token Ring or Wireless.  Multiple Protocols can be bound to a NIC.  In WinDoze all.
Computer Communication: An example What happens when I click on
Networking Components Assignment 3 Corbin Watkins.
DIYTP Network Basics  How do computers communicate?  Network Interface Card (NIC)  Media Access Control Address (MAC)  Unique to each NIC 
.  Hubs send data from one computer to all other computers on the network. They are low-cost and low-function and typically operate at Layer 1 of the.
Internet Flow By: Terry Hernandez. Getting from the customers computer onto the internet Internet Browser
TCP/IP Protocol Suite 1 Chapter 7 Upon completion you will be able to: ARP ( and ARP ( RFC-826) and RARP ( RARP ( RFC-903) Understand the need for ARP.
The OSI Model An ISO (International standard Organization) that covers all aspects of network communications is the Open System Interconnection (OSI) model.
Switches – Continued. Switches If a switch has N ports with multiple computers per port, then how many simultaneous transmissions can you have? Explain.
The OSI Model. Understanding the OSI Model In early 1980s, manufacturers began to standardize networking so that networks from different manufacturers.
ADDRESS MAPPING ADDRESS MAPPING The delivery of a packet to a host or a router requires two levels of addressing: logical and physical. We need to be able.
© ExplorNet’s Centers for Quality Teaching and Learning 1 Install, configure, and deploy a SOHO wireless/wired router using appropriate settings. Objective.
Also known as hardware/physi cal address Customer Computer (Client) Internet Service Provider (ISP) MAC Address Each Computer has: Given by NIC card.
Fall  Computer Crimes  Operating System Identification  Firewalking 2.
Introduction to Vulnerability Assessment Labs Ge Zhang Dvg-C03.
Behrouz A. Forouzan TCP/IP Protocol Suite, 3rd Ed.
Networks Fall 2009.
Lab 2: Packet Capture & Traffic Analysis with Wireshark
LAN Vulnerabilities.
Advanced Penetration testing
CT1403 Lecture #3 Peer to Peer NWs
Ken Gunnells, Ph.D. - Networking Paul Crigler - Programming
Computer Networks 9/17/2018 Computer Networks.
Net 323: NETWORK Protocols
CIT 480: Securing Computer Systems
Advanced Penetration testing
Firewalls Routers, Switches, Hubs VPNs
Presentation transcript:

CNIT 124: Advanced Ethical Hacking Ch 7: Capturing Traffic

Topics Switches, Hubs and Wireless networks Wireshark – Promiscuous mode and Monitor mode – Filters – Following a Stream ARP Cache Poisoning DNS Cache Poisoning SSLstrip

Switches, Hubs and Wireless Networks

Hubs Operate at OSI layer 1 Repeat every bit out all ports – Except the receiving port Don't read addresses or any other content Ethernet NICs were designed for hubs

Ethernet NIC reads Destination MAC address First 6 bytes of frame

Ethernet Promiscuous Mode If Destination MAC != NIC's hardware address – Packet is discarded Unless NIC is in "Promiscuous mode" – Every packet passed on to higher levels, regardless of MAC address Also applies to outgoing traffic

Wireless LANs No Encryption is just like Hubs WEP uses same key for every packet WPA generates a different key for each device – WPA and WPA2 use keys derived from an EAPOL handshake, which occurs when a machine joins a Wi-Fi network, to encrypt traffic. Unless all four handshake packets are present for the session you're trying to decrypt, Wireshark won't be able to decrypt the traffic.

Wireshark

Promiscuous Mode in Wireshark Edit, Preferences Click "Capture" on left side "Capture packets in promiscuous mode on all network cards" on right side

Monitor Mode in Wireshark Edit, Preferences Click "Capture" on left side On the right side, on the "Interfaces" line, click Edit Wireless adapter may show a "Monitor mode" option Not all cards or drivers allow this

Display Filters frame contains attack Expression... button

Following a Stream

Extracting Files File, Export Objects, HTTP

ARP Cache Poisoning

Client tricked into sending packets to the wrong MAC Address Attacker must be on target's LAN

DNS Cache Poisoning

DNS Cache Poisoning (Client) Attacker sends false DNS replies Target is tricked into storing the wrong IP address for a domain name Attacker is usually on the same LAN – May not always be required DNSSEC might stop this someday – But not today

DNS Cache Poisoning (Server) Attacker can poison remote, shared DNS servers – Like Comcast DNS servers Affects many users Dan Kaminsky figured this out Patched in 2008 DNSSEC will patch it more thoroughly

SSLstrip

sslstrip Proxy Changes HTTPS to HTTP Target Using Facebook Attacker: sslstrip Proxy in the Middle To Internet HTTP HTTPS

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.