lOMoARcPSD|13772325
Packet Sniffing and Spoofing
Data Security (BMS College of Engineering)
StuDocu is not sponsored or endorsed by any college or university
Downloaded by Dk M (dkm7794@gmail.com)
lOMoARcPSD|13772325
Packet Sniffing and Spoofing
Computer Network Security | January
2021 – Lab1
Nithin S
PES2201800654
Sem 6, Section D
Specifications :
VM 1 : @pes2201800654-1 : 10.0.4.7
VM 2 : @pes2201800654-2 : 10.0.4.9
VM 3 :@ pes2201800654-3 : 10.0.4.8
HOST : 192.168.1.109
Nithin S | PES UNIVERSITY | PES2201800654
Downloaded by Dk M (dkm7794@gmail.com)
lOMoARcPSD|13772325
Task 1: Sniffing Packets
Task 1.1 Sniff IP packets using Scapy
1) Ping VM2 from VM3
2) Start sniffing on VM1 (sudo python sample.py)
The ICMP packet
- sent form 10.0.4.8
- to 10.0.4.9 was successfully sniffed by the
- attacker at 10.0.4.7
Nithin S | PES UNIVERSITY | PES2201800654
Downloaded by Dk M (dkm7794@gmail.com)
lOMoARcPSD|13772325
3) Running it without root privileges (python sample.py)
Network level permissions to sniff the packets are only permitted to root
users and hence the program can’t be executed without sudo.
Task 1.2 Capturing ICMP, TCP packet and Subnet
1) Capture only the ICMP packet
-
The ping command could have been executed by any VM.
In my case I have pinged 8.8.8.8 from the same VM where the sniffer
is active
The sniffed packet clearly shows the src : 10.0.4.7 and dst : 8.8.8.8
Nithin S | PES UNIVERSITY | PES2201800654
Downloaded by Dk M (dkm7794@gmail.com)
lOMoARcPSD|13772325
Capture any TCP packet that comes from a particular IP and with a
destination port number 23
1) Executing the command telnet 10.0.4.8 form 10.0.4.9 (VM2 to VM3)
-
Telnet connects on port 23 and hence can be sniffed by our program at
VM1 listening for port 23
-
In the below screenshots we can clearly see the src and destination of
the telnet session packet
-
Destination port is also specified explicitly as telnet
Nithin S | PES UNIVERSITY | PES2201800654
Downloaded by Dk M (dkm7794@gmail.com)
lOMoARcPSD|13772325
2) Sniffing telnet packets from VM1 at 10.0.4.7
Nithin S | PES UNIVERSITY | PES2201800654
Downloaded by Dk M (dkm7794@gmail.com)
lOMoARcPSD|13772325
Capture packets comes from or to go to a particular subnet
In my case
-
10.0.4.0/24 is the local subnet
192.168.1.0/24 is non-local host subnet
-
In the above screenshot
o 10.0.4.7 is the destination
o 192.168.1.109 is the source
ICMP packet response for the ping is being captured during the sniff
-
Nithin S | PES UNIVERSITY | PES2201800654
Downloaded by Dk M (dkm7794@gmail.com)
lOMoARcPSD|13772325
Task 2: Spoofing
1) sudo python spoof.py
- True source : 10.0.4.7 (VM1)
- Destination: 192.168.1.109
- Pseudo source : 10.0.4.8 (VM3)
-
Actual packet was sent from VM1 at 10.0.4.7
Destination 192.168.1.109 received the request and sent back the
response to pseudo source 10.0.4.8 at VM3
The below wireshark screenshot clearly shows the response being
received at VM3
Nithin S | PES UNIVERSITY | PES2201800654
Downloaded by Dk M (dkm7794@gmail.com)
lOMoARcPSD|13772325
Task 3: Traceroute
1) Traceroute for
- 192.168.1.109 different subnet : 2 hops
- 10.0.4.8 same subnet : 1 hop
-
Time to live exceeded error as captured in wireshark
Number of such errors received = (Total hops) -1
Nithin S | PES UNIVERSITY | PES2201800654
Downloaded by Dk M (dkm7794@gmail.com)
lOMoARcPSD|13772325
Task 4: Sniffing and-then Spoofing
1) Ping a non existent IP address from VM3 at 10.0.4.8
2) sniffspoof.py running at VM1 at 10.0.4.7 but serving the requests for
1.2.3.4
-
Screenshots with original clarity are uploaded with this document as a
zip file
Nithin S | PES UNIVERSITY | PES2201800654
Downloaded by Dk M (dkm7794@gmail.com)