Embedded Files
Sniffing is performed to collect basic information from the target and its network. It helps to find vulnerabilities and select exploits for the attack. It determines network information, system information, and organizational information.
Module Objective
Module Objective
The objective of this lab is to familiarize students with how to sniff a network and analyze packets for any attacks on the network. The primary objectives of this lab are to:
Sniff the network
Analyze incoming and outgoing packets
Troubleshoot the network for performance
Secure the network from attacks
Scenario
Scenario
Sniffing is a technique used to intercept data in information security, where many of the tools that are used to secure the network can also be used by attackers to exploit and compromise the same network. The core objective of sniffing is to steal data, such as sensitive information, email text, etc.
Network sniffing involves intercepting network traffic between two target network nodes and capturing network packets exchanged between nodes. A packet sniffer is also referred to as a network monitor that is used legitimately by a network administrator to monitor the network for vulnerabilities by capturing the network traffic and should there be any issues, proceeds to troubleshoot the same.
Similarly, sniffing tools can be used by attackers in promiscuous mode to capture and analyze all the network traffic. Once attackers have captured the network traffic they can analyze the packets and view the username and password information in a given network as this information is transmitted in a clear text format. An attacker can easily intrude into a network using this login information and compromise other systems on the network.
Hence, it is very crucial for a network administrator to be familiar with network traffic analyzers and he or she should be able to maintain and monitor a network to detect rogue packet sniffers, MAC attacks, DHCP attacks, ARP poisoning, spoofing, or DNS poisoning, and know the types of information that can be detected from the captured data and use the information to keep the network running smoothly.
Module Syllabus
Module Syllabus
Lawful Intercept
Benefits of Lawful Intercept
Network Components Used for Lawful Intercept
Wiretapping
Sniffing Threats
How a Sniffer Works?
Hacker Attacking a Switch
Types of Sniffing: Passive Sniffing
Types of Sniffing: Active Sniffing
Protocols Vulnerable to Sniffing
Tie to Data Link Layer in OSI Model
Hardware Protocol Analyzers
SPAN Port
MAC Flooding
MAC Address/CAM Table
How CAM Works?
What Happens When CAM Table is Full?
Mac Flooding Switches with macof
MAC Flooding Tool: Yersinia
How to Defend against MAC Attacks?
How DHCP Works?
DHCP Request/Reply Messages
IPv4 DHCP Packet Format
DHCP Starvation Attack
Rogue DHCP Server Attack
DHCP Starvation Attack Tool: Gobbler
How to Defend Against DHCP Starvation and Rogue Server Attack?
What is Address Resolution Protocol (ARP)?
ARP Spoofing Attack
How Does ARP Spoofing Work?
Threats of ARP Poisoning
ARP Poisoning Tool: Cain and Abel
ARP Poisoning Tool: WinArpAttacker
ARP Poisoning Tool: Ufasoft Snif
How to Defend Against ARP Poisoning? Use DHCP Snooping Binding Table and Dynamic ARP Inspection
Configuring DHCP Snooping and Dynamic ARP Inspection on Cisco Switches
MAC Spoofing/Duplicating
Spoofing Attack Threats
MAC Spoofing Tool: SMAC
How to Defend Against MAC Spoofing? Use DHCP Snooping Binding Table, Dynamic ARP Inspection and IP Source Guard
DNS Poisoning Techniques
Intranet DNS Spoofing
Internet DNS Spoofing
Proxy Server DNS Poisoning
DNS Cache Poisoning
How to Defend Against DNS Spoofing?
Sniffing Tool: Wireshark
Follow TCP Stream in Wireshark
Display Filters in Wireshark
Additional Wireshark Filters
Sniffing Tool: CACE Pilot
Sniffing Tool: Tcpdump/Windump
Discovery Tool: NetworkView
Discovery Tool: The Dude Sniffer
Password Sniffing Tool: Ace
Packet Sniffing Tool: Capsa Network Analyzer
OmniPeek Network Analyzer
Network Packet Analyzer: Observer
Session Capture Sniffer: NetWitness
Email Message Sniffer: Big-Mother
TCP/IP Packet Crafter: Packet Builder
Additional Sniffing Tools
How an Attacker Hacks the Network Using Sniffers?
How to Defend Against Sniffing?
Sniffing Prevention Techniques
How to Detect Sniffing?
Promiscuous Detection Tool: PromqryUI
Promiscuous Detection Tool: PromiScan
Report abuse