Add to collection(s) Add to saved
  1. No category
Uploaded by معاذ قدري خالد عبد العزيز معاذ قدري خالد عبد العزيز

Exp4

advertisement 
Network Security Lab
Experiment#4
Packet Sniffing & Spoofing
Dr. Ahmed Awad & Eng. Ibrahim Amryeh
March 7, 2021
1
Objectives
The purpose of this experiment is to get familiar with the basic functionality of
network sniffing and spoofing tools and understand their basic implementation.
2
Pre-Lab
Answer the following questions:
a. What is a network sniffer?
b. What is a network spoofer?
c. Provide some examples of network sniffing and spoofing tools.
3
Procedure
3.1
Packet Sniffing Using tcpdump
a. What is the purpose of tcpdump tool?
b. Run the tcpdump command for 3 seconds and log the results in an output file named captured.log. Check the content of the file and show a
captured packet.
c. Analyze each field of the packet you have chosen.
3.2
pcap Library
a. What is the purpose of pcap library?
b. Provide the name of the interface on which you are willing to do sniffing
using pcap.
1
c. Get the C file named GetInterface.c from the directory named Exp4codes from Moodle.
d. Compile the code. Are there errors? If yes, please execute the
following Linux command and recompile: sudo apt-get install
libpcap-dev.
e. Run the program and pass the name of the interface you wish to apply
sniffing on as an argument.
f. What is meant by the promiscuous mode of a network interface?
g. What is meant by traffic filtering in sniffing?
h. Ger the C file named Sniffer.c from the directory textbfExp4-codes from
Moodle.
i. Compile the code and make sure that it is error free.
j. Run the code and explain the output. What packet did you capture?
k. Modify the code to capture only http traffic. Compile and run your modified code.
l. download the file sniffex.c from Exp4-codes on Moodle.
m. Compile the code and make sure that it is error free.
n. Run the code and explain the output.
o. Modify the code sniffex.c so that it captures the password when somebody is using telnet on the network you are monitoring. Please prepare
another machine (or a VM) with a telnetd server. Use telnet and show
the captured password.
3.3
Packet Spoofing
Usually an Operating System (OS) automatically sets the protocol headers for
different packets. A user can set only few fields such as destination IP address
and destination port number. However, a user with root privileges can construct
a complete packet from using root sockets. This is known as packet spoofing.
Raw sockets provide a programmer with the basic constructs to build arbitrary
packets with setting their header fields as the programmer wishes. To prepare a
packet, a programmer has to: (1) create a raw socket. (2) construct the packets.
(3) send out the packet through the raw socket.
a. Provide some applications for packet spoofing in computer networks.
b. Download the file spoof.c from the directory Exp4-codes available on
Moodle.
2
c. Compile the code and make sure that it is error free.
d. Check the code and understand its basic functionality. Read carefully its
documentation in the file spoof.readme.
e. Use the compiled code to create an ICMP echo request packet and send it
from the IP address 128.10.130.190 to the destination IP address 128.10.130.191.
f. Run tcpdump from another terminal and re-run the spoof program. Capture the sent packet and show its content.
g. Construct a spoofed Ethernet frame with the destination MAC address
99:99:99:99:99:99 from the source IP address 01:02:03:04:05:06 with
a payload containing the date of today. Run the tcpdump and capture
the spoofed Ethernet frame when it is sent.
References
https://seedsecuritylabs.org/
3
Related documents
Warriors of the net questions 1. What three things are put on the
Warriors of the net questions 1. What three things are put on the
Algebra 1 Preparing for Success Packet
Algebra 1 Preparing for Success Packet
AP Biology –
AP Biology –
Download
advertisement