CSCI 530 LabScenariosSolution – Packet SnifferPacket Sniffer LimitationsExamples of Packet SniffersDefending against SniffersLab AssignmentCSCI 530 LabPacket SniffingScenariosYou are a network administrator. You suspect that some of the employees are not working and instead spending all their time at www.espn.comCould filter at the firewall for this addressBut you want to see what sites they are accessing, without their knowledgeYou are a hacker. You have compromised a system. You are unable to gain access to other systems on the network. You want to get some usernames and passwords to access these systems.Solution – Packet SnifferPacket SnifferA tool that captures, interprets, and stores network packets for analysisWorks at the Transport layer of the OSI 7 layer model (Layer 4), but some can work at Network Layer (Layer 3)Normal network traffic is based on the destination IP addressYour network card will throw away any packets that are not intended for that cardIn “Promiscuous Mode”, your network card will take all the packets on the network, regardless of the destination IP address.Packet Sniffer LimitationsSniffers are limited by the network topologyCannot extend beyond normal network boundariesCannot look past a router, switch, hub, etc.However, if you put a packet sniffer on a network backbone, then you will be able to see traffic bound between intranetsExamples of Packet SniffersEthernet SniffersWireshark (formally known as Ethereal)You will be using this tool in the labDSniffTCPDumpWireless SniffersAiropeekBluetooth SniffersBlueSweepBlueScannerDefending against SniffersChange your network topologyPart of your lab research – find out which topology and/or device is most protective against sniffersEncryptionSSHIPSecDetect sniffersAntisniff – from the l0pht groupSnortNormally for intrusion detection, but will also attempt to detect a host working in promiscuous modeLab AssignmentHandout has been postedDEN Students:This lab can be done on a home machine (I advice against doing it at work). The DEN lab will be set up next week. You will receive an e-mail with your login by next week.Lab is due by 2/12, 11:59:59 PM for all studentsAll labs must be submitted as either a .doc, .pdf, or .txt
View Full Document