Module 08: Sniffing
Lab 1: Perform Active Sniffing
Active sniffing involves sending out multiple network probes to identify access points. The following is the list of different active sniffing techniques:
MAC Flooding: Involves flooding the CAM table with fake MAC address and IP pairs until it is full
DNS Poisoning: Involves tricking a DNS server into believing that it has received authentic information when, in reality, it has not
ARP Poisoning: Involves constructing a large number of forged ARP request and reply packets to overload a switch
DHCP Attacks: Involves performing a DHCP starvation attack and a rogue DHCP server attack
Switch port stealing: Involves flooding the switch with forged gratuitous ARP packets with the target MAC address as the source
Spoofing Attack: Involves performing MAC spoofing, VLAN hopping, and STP attacks to steal sensitive information
Task 1: Perform MAC Flooding using macof
Task 2: Perform a DHCP Starvation Attack using Yersinia
Lab 2: Perform Network Sniffing using Various Sniffing Tools
Task 1: Perform Password Sniffing using Wireshark
HTTP password & username harvesting using the wireshark
Remote Packet Capture Protocol v.0 (experimental) service can be used to add remote interface using machinIP , access credentials
Lab 3: Detect Network Sniffing
Network sniffing involves using sniffer tools that enable the real-time monitoring and analysis of data packets flowing over computer networks. These network sniffers can be detected by using various techniques such as:
Ping Method: Identifies if a system on the network is running in promiscuous mode
DNS Method: Identifies sniffers in the network by analyzing the increase in network traffic
ARP Method: Sends a non-broadcast ARP to all nodes in the network; a node on the network running in promiscuous mode will cache the local ARP address
Task 1: Detect ARP Poisoning and Promiscuous Mode in a Switch-Based Network
Sniffer detector script in wireshark
Last updated