CSCI 530 Lab Packet Sniffing Scenarios l You

CSCI 530 Lab Packet Sniffing

Scenarios l You are a network administrator. You suspect that some of the employees are not working and instead spending all their time at www. espn. com l l l Could filter at the firewall for this address But you want to see what sites they are accessing, without their knowledge You are a hacker. You have compromised a system. You are unable to gain access to other systems on the network. You want to get some usernames and passwords to access these systems.

Solution – Packet Sniffer l l A tool that captures, interprets, and stores network packets for analysis Works at the Transport layer of the OSI 7 layer model (Layer 4), but some can work at Network Layer (Layer 3) l Normal network traffic is based on the destination IP address l Your network card will throw away any packets that are not intended for that card l In “Promiscuous Mode”, your network card will take all the packets on the network, regardless of the destination IP address.

Packet Sniffer Limitations l Sniffers are limited by the network topology l l l Cannot extend beyond normal network boundaries Cannot look past a router, switch, hub, etc. However, if you put a packet sniffer on a network backbone, then you will be able to see traffic bound between intranets

Examples of Packet Sniffers l Ethernet Sniffers l l Wireless Sniffers l l Wireshark (formally known as Ethereal) l You will be using this tool in the lab DSniff TCPDump Airopeek Bluetooth Sniffers l l Blue. Sweep Blue. Scanner

Defending against Sniffers l Change your network topology l l Encryption l l l Part of your lab research – find out which topology and/or device is most protective against sniffers SSH IPSec Detect sniffers l l Antisniff – from the l 0 pht group Snort l Normally for intrusion detection, but will also attempt to detect a host working in promiscuous mode

Lab Assignment l l Handout has been posted DEN Students: l l This lab can be done on a home machine (I advice against doing it at work). The DEN lab will be set up next week. You will receive an e -mail with your login by next week. Lab assignment is DUE on 9/25/06 by 11: 59 PM FOR DEN STUDENTS ONLY All other students, this lab is to be done during next week’s (9/18) lab section and is due before the following week’s (9/25) lab section

Lab Assignment Continued l Submission guidelines l l E-mail the answers questions at the end of the handout by the due date. Attach as a text file, . doc, or. pdf Submit to YOUR LAB T. A. ONLY Subject line must say: CSCI 530 Lab 3 <section day & time> Where <section day & time> are replaced with your day & time Example: CSCI 530 Lab 3 Friday 12: 30 We do not send confirmation e-mails. If you request a read receipt or a return receipt, we will say yes and you will get a confirmation.