sniffing_sp07

Download Report

Transcript sniffing_sp07 

CSCI 530 Lab
Packet Sniffing
Scenarios

You are a network administrator. You suspect that
some of the employees are not working and instead
spending all their time at www.espn.com



Could filter at the firewall for this address
But you want to see what sites they are accessing, without
their knowledge
You are a hacker. You have compromised a system.
You are unable to gain access to other systems on
the network. You want to get some usernames and
passwords to access these systems.
Solution – Packet Sniffer

Packet Sniffer


A tool that captures, interprets, and stores network packets
for analysis
Works at the Transport layer of the OSI 7 layer model
(Layer 4), but some can work at Network Layer (Layer 3)
 Normal network traffic is based on the destination IP
address
 Your network card will throw away any packets that are not
intended for that card
 In “Promiscuous Mode”, your network card will take all the
packets on the network, regardless of the destination IP
address.
Packet Sniffer Limitations

Sniffers are limited by the network topology



Cannot extend beyond normal network
boundaries
Cannot look past a router, switch, hub, etc.
However, if you put a packet sniffer on a
network backbone, then you will be able to
see traffic bound between intranets
Examples of Packet Sniffers

Ethernet Sniffers




Wireless Sniffers


Wireshark (formally known as Ethereal)
 You will be using this tool in the lab
DSniff
TCPDump
Airopeek
Bluetooth Sniffers


BlueSweep
BlueScanner
Defending against Sniffers

Change your network topology


Encryption



Part of your lab research – find out which topology and/or
device is most protective against sniffers
SSH
IPSec
Detect sniffers


Antisniff – from the l0pht group
Snort
 Normally for intrusion detection, but will also attempt to
detect a host working in promiscuous mode
Lab Assignment


Handout has been posted
DEN Students:




This lab can be done on a home machine (I advice against
doing it at work).
The DEN lab will be set up next week. You will receive an
e-mail with your login by next week.
Lab is due by 2/12, 11:59:59 PM for all students
All labs must be submitted as either a .doc, .pdf, or
.txt file