Presentation is loading. Please wait.

Presentation is loading. Please wait.

CNIT 124: Advanced Ethical Hacking Ch 7: Capturing Traffic.

Published byAmi Byrd Modified over 8 years ago

Similar presentations

Presentation on theme: "CNIT 124: Advanced Ethical Hacking Ch 7: Capturing Traffic."— Presentation transcript:

1 CNIT 124: Advanced Ethical Hacking Ch 7: Capturing Traffic

2 Topics Switches, Hubs and Wireless networks Wireshark – Promiscuous mode and Monitor mode – Filters – Following a Stream ARP Cache Poisoning DNS Cache Poisoning SSLstrip

3 Switches, Hubs and Wireless Networks

4 Hubs Operate at OSI layer 1 Repeat every bit out all ports – Except the receiving port Don't read addresses or any other content Ethernet NICs were designed for hubs

5 Ethernet NIC reads Destination MAC address First 6 bytes of frame

6 Ethernet Promiscuous Mode If Destination MAC != NIC's hardware address – Packet is discarded Unless NIC is in "Promiscuous mode" – Every packet passed on to higher levels, regardless of MAC address Also applies to outgoing traffic

7 Wireless LANs No Encryption is just like Hubs WEP uses same key for every packet WPA generates a different key for each device – WPA and WPA2 use keys derived from an EAPOL handshake, which occurs when a machine joins a Wi-Fi network, to encrypt traffic. Unless all four handshake packets are present for the session you're trying to decrypt, Wireshark won't be able to decrypt the traffic.

8 Wireshark

9 Promiscuous Mode in Wireshark Edit, Preferences Click "Capture" on left side "Capture packets in promiscuous mode on all network cards" on right side

10 Monitor Mode in Wireshark Edit, Preferences Click "Capture" on left side On the right side, on the "Interfaces" line, click Edit Wireless adapter may show a "Monitor mode" option Not all cards or drivers allow this

11 Display Filters frame contains attack Expression... button

12 Following a Stream

13 Extracting Files File, Export Objects, HTTP

14 ARP Cache Poisoning

15 Client tricked into sending packets to the wrong MAC Address Attacker must be on target's LAN

16 DNS Cache Poisoning

17 DNS Cache Poisoning (Client) Attacker sends false DNS replies Target is tricked into storing the wrong IP address for a domain name Attacker is usually on the same LAN – May not always be required DNSSEC might stop this someday – But not today

18 DNS Cache Poisoning (Server) Attacker can poison remote, shared DNS servers – Like Comcast DNS servers Affects many users Dan Kaminsky figured this out Patched in 2008 DNSSEC will patch it more thoroughly

19 SSLstrip

20 sslstrip Proxy Changes HTTPS to HTTP Target Using Facebook Attacker: sslstrip Proxy in the Middle To Internet HTTP HTTPS

Download ppt "CNIT 124: Advanced Ethical Hacking Ch 7: Capturing Traffic."

Similar presentations

Ethical Hacking Module VII Sniffers.

Ethical Hacking Module VII Sniffers.
LAN Devices 5.3 IT Essentials.

LAN Devices 5.3 IT Essentials.
Media Access Control (MAC) addresses in the network access layer ▫ Associated w/ network interface card (NIC) ▫ 48 bits or 64 bits IP addresses for the.

Media Access Control (MAC) addresses in the network access layer ▫ Associated w/ network interface card (NIC) ▫ 48 bits or 64 bits IP addresses for the.
Hands-On Ethical Hacking and Network Defense Lecture 15 Man in the Middle Attack to get Passwords from HTTPS Sessions.

Hands-On Ethical Hacking and Network Defense Lecture 15 Man in the Middle Attack to get Passwords from HTTPS Sessions.
Network Certification Preparation. Module - 1 Communication methods OSI reference model and layered communication TCP/IP model TCP and UDP IP addressing.

Network Certification Preparation. Module - 1 Communication methods OSI reference model and layered communication TCP/IP model TCP and UDP IP addressing.
COEN 252 Computer Forensics Remote Sniffer Detection.

COEN 252 Computer Forensics Remote Sniffer Detection.
1 Version 3 Module 8 Ethernet Switching. 2 Version 3 Ethernet Switching Ethernet is a shared media –One node can transmit data at a time More nodes increases.

1 Version 3 Module 8 Ethernet Switching. 2 Version 3 Ethernet Switching Ethernet is a shared media –One node can transmit data at a time More nodes increases.
TCP/IP Protocol Suite 1 Chapter 7 Upon completion you will be able to: ARP and RARP Understand the need for ARP Understand the cases in which ARP is used.

TCP/IP Protocol Suite 1 Chapter 7 Upon completion you will be able to: ARP and RARP Understand the need for ARP Understand the cases in which ARP is used.
IS 247 Introduction to Web Application Development Tim Wu.

IS 247 Introduction to Web Application Development Tim Wu.
Man in the Middle Paul Box Beatrice Wilds Will Lefevers.

Man in the Middle Paul Box Beatrice Wilds Will Lefevers.
1 Version 3 Module 8 Ethernet Switching. 2 Version 3 Ethernet Switching Ethernet is a shared media –One node can transmit data at a time More nodes increases.

1 Version 3 Module 8 Ethernet Switching. 2 Version 3 Ethernet Switching Ethernet is a shared media –One node can transmit data at a time More nodes increases.
Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.
Understanding Networks. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.

Understanding Networks. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.
5-1 Data Link Layer r Today, we will study the data link layer… r This is the last layer in the network protocol stack we will study in this class…

5-1 Data Link Layer r Today, we will study the data link layer… r This is the last layer in the network protocol stack we will study in this class…
Bob Baker Communications Bob Baker September 1999.

Bob Baker Communications Bob Baker September 1999.
Networking Components

Networking Components
1. ---------------------- Integrity Check ---------------------- As You Well Know, It Is A Violation Of Academic Integrity To Fake The Results On Any.

Integrity Check As You Well Know, It Is A Violation Of Academic Integrity To Fake The Results On Any.
Introduction to InfoSec – Recitation 12 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)

Introduction to InfoSec – Recitation 12 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)
Wireshark and TCP/IP Basics ACM SIG-Security Lance Pendergrass.

Wireshark and TCP/IP Basics ACM SIG-Security Lance Pendergrass.
Firewalls CS158B Don Tran. What is a Firewall? A firewall can be a program or a device that controls access to a network.

Firewalls CS158B Don Tran. What is a Firewall? A firewall can be a program or a device that controls access to a network.

Similar presentations

Ads by Google