Add to collection(s) Add to saved
  1. No category
Uploaded by leo_dabbles

CSEC 600 Lab 4

advertisement 
CSEC 600
MS Computing Security 1st Sem
Lab 6.04 and 6.05
Lab 6.04
4 Step 1
Downloading and Installing wire shark
4 step 2
Welcome to Wire shark
Selecting the interface from where we can sniff
4 Step 3
ARPs and ICMPs in Wire shark and exploring Packet list , details and bytes .
4 Step 3
Selecting Packet bytes to change ASCII to as bits
4 Step 4
Using Display filter arp || icmp to filter only arp and icmp packets
4 Step 5
Pinging another machine on the same network and checking the arp , icmp entries in the Packet
list . In this example pinging 172.16.11.1 from source with Ip 172.16.11.2
4 Step 6
Saving the capture
Opening the saved packet capture, which pretty much looks the same as the live capture from
Wireshark
4 Step 7
Arp -a and arp -d to clear the arp cache
4 step 8
displayed in the following column fields:
Packet List Column
Local Communication
Remote Communication
No. (Number)
60
55
Time
6.033439
5.039364
Source
AzureWav_c7:9d:1f
ec:2e:98:c7:9d:1f
AzureWav_c7:9d:1f
Destination
Destination broadcast
ff:ff:ff:ff:ff:ff:
Broadcast
Protocol
ARP
ARP
Length
42 bytes
42 bytes
Info
Who has 192.168.1.3? Tell
192.168.1.21
Who has 192.168.1.1? Tell
192.168.1.21
4 step 9
Using the other fields in the ARP frame, fill in the following information:
ARP Row Field
Local Communication
Remote Communication
Sender MAC address
ec:2e:98:c7:9d:1f
ec:2e:98:c7:9d:1f
Sender IP address
192.168.1.21
192.168.1.21
Target MAC address
00:00:00:00:00:00
00:00:00:00:00:00
Target IP address
192.168.1.3
192.168.1.1
Ethernet II Row Field
Local Communication
Remote Communication
Destination
Broadcast ff:ff:ff:ff:ff:ff
Broadcast ff:ff:ff:ff:ff:ff
Source
AzureWav_c7:9d:1f
ec:2e:98:c7:9d:1f
AzureWav_c7:9d:1f
ec:2e:98:c7:9d:1f
Type
ARP
ARP
What’s the difference between Target MAC address in the ARP section and Destination
in the Ethernet header? Why is this so?
In APR section the target MAC was 00:00:00:00:00:00 where as in Ethernet II section the
Destination is ff:ff:ff:ff:ff:ff because when the source first looks for the destination it doesn’t
know the MAC of the source yet and hence we see 0 In Arp section and it broadcasts the
request to get the response from the destination so we see ff in Ethernet II section the
broadcast MAC
4 Step 10
Packet List Column
Local Communication
Remote Communication
No. (Number)
62
56
Time
6.181630
5.056103
Source
AmazonTe_de:de:e5
NetGear_ec:54:3e
Destination
AzureWav_c7:9d:1f
AzureWav_c7:9d:1f
Protocol
ARP
ARP
Length
42 bytes
42 bytes
Info
192.168.1.3 is at
dc:54:d7:de:de:e5
192.168.1.1 is at
6c:cd:d6:ec:54:3e
Step 11
ARP reply
ARP Row Field
Local Communication
Remote Communication
Sender MAC address
Dc:54:d7:de:de:e5
6c:cd:d6:ed:54:3e
Sender IP address
192.168.1.3
192.168.1.1
Target MAC address
ec:2e:98:c7:9d:1f
ec:2e: 98:c7:9d:1f
Target IP address
192.168.1.21
192.168.1.21
Ethernet II Row Field
Local Communication
Remote Communication
Destination
AzureWav_c7:9d:1f
Ec:2e:98:c7:9d:1f
AzureWav_c7:9d:1f
Ec:2e:98:c7:9d:1f
Source
AmazonTe_:de:de:e5
Dc:54:d7:de:de:e5
Netgear_ec:54:3e
6c:cd:d6:ec:54:3e
Type
ARP
ARP
Step 12
frame header and the Internet Protocol Version 4 header, fill in the following
information:
Ethernet II
Local Communication
Remote Communication
Destination
AmazonTe_de:de:e5
Netgear_ec:54:3e
Source
AzureWav_c7:9d:1f
AzureWav_c7:9d:1f
Type
IPv4
IPv4
Internet Protocol Version 4
Local Communication
Remote Communication
Source
192.168.1.21
192.168.1.21
Destination
192.168.1.3
142.250.80.36
Step 13.
4 Step 14
For devices, use the following: The source, the actual destination, default gateway
a
Local Communication
Remote Communication
ARP Request was sent to broadcast
ARP request was sent to broadcast
address looking for IP 192.168.1.3
address looking for Default gateway IP
192.168.1.1
b
c
d
MAC address of the Broadcast NW is
MAC address of the Broadcast NW is
being looked in ARP request
being looked in ARP request
ARP request was sent to local machine
ARP request was sent to local machine
which initiated the ARP request
which initiated the ARP request
AzureWav in this case
AzureWav in this case
The ARP reply contained the MAC
The ARP reply contains the Sender
address of the destination address
MAC that is MAC of the Router in this
case indicating this is remote network
e
Local machine from where the ping
was ran
Source MAC of the laptop is used
AzureWav in this case
AzureWav in this case
f
g
Source IP of the laptop from where the
Source IP of the laptop from where the
ping test was ran
ping test was ran
AzureWav in this case 192.168.1.21
AzureWav in this case 192.168.1.21
Destination MAC of the IP I pinged
For Outgoing MC Destination MAC of
MAC of 192.168.1.3 in this case
Router was used
Netgear_ec (6c:cd:d6:ec:54:3e)
h
Destination IP of the Host I pinged
192.168.1.3
Destination IP of the www.google.com
was used
142.250.80.36
i
For the Incoming ICMP reply source
For the incoming ICMP response the
MAC of the device AmazonT
MAC of default gateway (router) was
192.168.1.3 was used
used 192.168.1.1 default gateway
MAC 6c:cd:d6:ec:54:3e
j
For the Incoming ICMP reply source
For Incoming ICMP response the IP of
IP of the device AmazonT 192.168.1.3
www.google.com was used
was used
k
l
m
Destination MAC of my Laptop
Destination MAC of my Laptop
AzureWav was used
AzureWav was used
Destination IP of my Laptop
Destination IP of my Laptop
AzureWav 192,168.1.21 was used
AzureWav 192,168.1.21 was used
Router was not involved in Local
To get to remote network
network packet sniffing
www.google.com outside local NW.
Related documents
Ans
Ans
Lab 5
Lab 5
PresentationTopicARPattack
PresentationTopicARPattack
STATEMENT OF WORK (SOW)
STATEMENT OF WORK (SOW)
Download
advertisement