MAC

Download Report

Transcript MAC 

1
 Packet Sniffing Motivation.
 Project Goal.
 Android platform.
 Packet capturing.
 Monitor mode Problem.
 ARP injection solution.
 Learning Process.
 Follow up.
2
• Wi-Fi and Bluetooth networks usage is growing continuously,
increasing traffic capacities in the wireless medium.
• Strong Need for a small and Mobile Sniffing Device.
Usage of such sniffing device:
• Important tool for Wireless network designers.
• Evaluate network protocols and their performance.
• Understanding and debugging network problems.
• Address network security issues.
3
• Develop packet sniffer application on a compact mobile
platform.
• Perform capturing of packets traveling in wireless networks.
• Store captured packets in a DB on the capturing device.
•Perform basic analysis of Captured data.
•Support the export of captured data to a PC for further
analysis.
4
Sniffing Interfaces:
Wi-Fi
Bluetooth
In the future:
802.11 b/g
802.15.1
3G, ZigBee, GSM
Hardware:
•Qualcomm processor :
•TI Wi-Fi and Bluetooth integrated chip:
•TI Wi-Fi driver :
•GPS
528 MHz
WiLink 4.0
WL 1251
ADP G 1
Software:
•Android Open Source Linux based OS.
•JAVA SDK 1.6 for Android
•NDK – for cross compile C files
6
• Packets loose all their headers on the way
to the APP layer.
• We a way to BYPASS the stack.
APP.
Application Data
DATA
TRANSPORT
TCP/UDP Segment
IP datagram
IP
header
TCP/UDP
header
DATA
NETWORK
TCP/UDP
header
DATA
Network Frame
Ethernet
header
IP
header
LINK
TCP/UDP
header
DATA
Ethernet
trailer
PHY
7
SW Implementations to bypass the stack:
• Raw Sockets.
• Tcpdump based on open source Libpcap library.
• Parsing and analyzing Raw packet headers.
OPEN
RAW SOCKET
APP.
TRANSPORT
NETWORK
Network Frame
• Using the same method we can inject custom
Ethernet
IP
TCP/UDP
DATA
Ethernet
made packets.
header
header
header
trailer
LINK
PHY
8
Wi-Fi Element Operational Modes:
APP.
• Master mode.
• Managed mode.
• AD-HOC mode.
• Promiscuous mode.
• Monitor Mode.
TRANSPORT
NETWORK
LINK
802.11
header
Ethernet
header
IP
header
TCP/UDP
header
DATA
Ideal sniffer:
• Uses Promiscuous or Monitor mode.
Problem:
TI Driver Prevents the Monitor and Promiscuous modes.
Ethernet
trailer
Driver
WiFi card
We will use Arp Protocol Properties to solve the problem.
Switched network properties:
• Constantly Learning MAC addresses.
MAC - A
•Prevent the sniffing of neighboring traffic.
5
port
MAC address
5
MAC - A
4
MAC - B
1
2 3
4
MAC - B
12
Host A ARP cache
IP add MAC address
Host B ARP cache
IP add MAC address
IP - B
IP - A
MAC - B
2
AP route table
Port
MAC address
2
MAC - A
3
MAC - B
MAC - A
3
1
Active Sniffer:
IP - C
MAC - C
13
Host A ARP cache
IP add MAC address
Host B ARP cache
IP add MAC address
IP - B
IP - A
MAC - B
MAC - C
2
AP route table
Port
MAC address
2
MAC - A
3
MAC - B
1
MAC - C
MAC - A
MAC - C
3
1
Active Sniffer:
IP - C
MAC - C
14
Host A ARP cache
IP add MAC address
Host B ARP cache
IP add MAC address
IP - B
IP - A
MAC - C
2
AP route table
Port
MAC address
2
MAC - A
3
MAC - B
1
MAC - C
MAC - C
3
1
Active Sniffer:
IP - C
MAC - C
15
• Domain Scanning to find Active Sniffing targets.
• Arp Packet Injection to the selected targets.
• Enabling Traffic Rerouting to Avoid denial of service.
• Capture and analyze the traffic.
Development

in JAVA under Android API.
Working and Cross Compiling for Linux based OS.
Understanding
Raw
of 802.11 protocol and it’s operational modes.
sockets usage.

Custom Packet creation and injection

ARP spoofing .
18
• Extending the Capture interfaces to sniff
ZigBee sensors.
• Building custom parsing engines using Raw sockets.
• Rewriting the driver to support Monitor mode.
• End much more…
19
20