CSCI 530 LabScenariosSolution – Packet SnifferPacket Sniffer LimitationsExamples of Packet SniffersDefending against SniffersLab AssignmentLab Assignment ContinuedCSCI 530 LabPacket SniffingScenariosYou are a network administrator. You suspect that some of the employees are not working and instead spending all their time at www.espn.comCould filter at the firewall for this addressBut you want to see what sites they are accessing, without their knowledgeYou are a hacker. You have compromised a system. You are unable to gain access to other systems on the network. You want to get some usernames and passwords to access these systems.Solution – Packet SnifferPacket SnifferA tool that captures, interprets, and stores network packets for analysisWorks at the Transport layer of the OSI 7 layer model (Layer 4), but some can work at Network Layer (Layer 3)Normal network traffic is based on the destination IP addressYour network card will throw away any packets that are not intended for that cardIn “Promiscuous Mode”, your network card will take all the packets on the network, regardless of the destination IP address.Packet Sniffer LimitationsSniffers are limited by the network topologyCannot extend beyond normal network boundariesCannot look past a router, switch, hub, etc.However, if you put a packet sniffer on a network backbone, then you will be able to see traffic bound between intranetsExamples of Packet SniffersEthernet SniffersWireshark (formally known as Ethereal)You will be using this tool in the labDSniffTCPDumpWireless SniffersAiropeekBluetooth SniffersBlueSweepBlueScannerDefending against SniffersChange your network topologyPart of your lab research – find out which topology and/or device is most protective against sniffersEncryptionSSHIPSecDetect sniffersAntisniff – from the l0pht groupSnortNormally for intrusion detection, but will also attempt to detect a host working in promiscuous modeLab AssignmentHandout has been postedDEN Students:This lab can be done on a home machine (I advice against doing it at work). The DEN lab will be set up next week. You will receive an e-mail with your login by next week.Lab assignment is DUE on 9/25/06 by 11:59:59 PM FOR DEN STUDENTS ONLYAll other students, this lab is to be done during next week’s (9/18) lab section and is due before the following week’s (9/25) lab sectionLab Assignment ContinuedSubmission guidelinesE-mail the answers questions at the end of the handout by the due date. Attach as a text file, .doc, or .pdfSubmit to YOUR LAB T.A. ONLYSubject line must say:CSCI 530 Lab 3 <section day & time>Where <section day & time> are replaced with your day & timeExample:CSCI 530 Lab 3 Friday 12:30We do not send confirmation e-mails. If you request a read receipt or a return receipt, we will say yes and you will get a
View Full Document
Unlocking...