Module 08: Sniffing

Lab 1: Perform Active Sniffing

Active sniffing involves sending out multiple network probes to identify access points. The following is the list of different active sniffing techniques:

MAC Flooding: Involves flooding the CAM table with fake MAC address and IP pairs until it is full
DNS Poisoning: Involves tricking a DNS server into believing that it has received authentic information when, in reality, it has not
ARP Poisoning: Involves constructing a large number of forged ARP request and reply packets to overload a switch
DHCP Attacks: Involves performing a DHCP starvation attack and a rogue DHCP server attack
Switch port stealing: Involves flooding the switch with forged gratuitous ARP packets with the target MAC address as the source
Spoofing Attack: Involves performing MAC spoofing, VLAN hopping, and STP attacks to steal sensitive information

Task 1: Perform MAC Flooding using macof

macof -i eth0 -n 10

-i: specifies the interface and -n: specifies the number of packets to be sent (here, 10).

You can also target a single system by issuing the command macof -i eth0 -d [Target IP Address] (-d: Specifies the destination IP address).

Task 2: Perform a DHCP Starvation Attack using Yersinia

 ## To open yersenia into interactive mode
 yersinia -I

Lab 2: Perform Network Sniffing using Various Sniffing Tools

Task 1: Perform Password Sniffing using Wireshark

HTTP password & username harvesting using the wireshark

http.request.method == POST

Remote Packet Capture Protocol v.0 (experimental) service can be used to add remote interface using machinIP , access credentials

Lab 3: Detect Network Sniffing

Network sniffing involves using sniffer tools that enable the real-time monitoring and analysis of data packets flowing over computer networks. These network sniffers can be detected by using various techniques such as:

Ping Method: Identifies if a system on the network is running in promiscuous mode
DNS Method: Identifies sniffers in the network by analyzing the increase in network traffic
ARP Method: Sends a non-broadcast ARP to all nodes in the network; a node on the network running in promiscuous mode will cache the local ARP address

Task 1: Detect ARP Poisoning and Promiscuous Mode in a Switch-Based Network

Tool used in this section :

Cain & Abel

Sniffer detector script in wireshark

nmap --script=sniffer-detect [Target IP Address/ IP Address Range]

PreviousModule 07: Malware Threats NextModule 09 : Social Engineering

Last updated 1 year ago

hashtagLab 1: Perform Active Sniffing

hashtagTask 1: Perform MAC Flooding using macof

hashtagTask 2: Perform a DHCP Starvation Attack using Yersinia

hashtagLab 2: Perform Network Sniffing using Various Sniffing Tools

hashtagTask 1: Perform Password Sniffing using Wireshark

hashtagLab 3: Detect Network Sniffing

hashtagTask 1: Detect ARP Poisoning and Promiscuous Mode in a Switch-Based Network