Free Essay

Packet Sniffing

In: Computers and Technology

Submitted By anky
Words 3356
Pages 14
A SEMINAR REPORT ON | PACKET SNIFFER | SUBMITTED BY SUBMITTED ONKUNAL GOPAL THAKUR MAY 14,2010VISHAL SHIRGUPPIJUSTIN FRANCISSHAZIA ALIUNDER THE GUIDANCE OF MR. SUNIL SURVEFR. CONCEICAO RODRIGUES COLLEGE OF ENGINEERINGBANDRA(W)MUMBAI – 400 050 |

CERTIFICATE

This is to certify that, Mr. KUNAL GOPAL THAKUR , Mr. VISHAL SHIRGUPPI ,Mr. JUSTIN FRANCIS and Ms. SHAZIA ALI have completed their project on PACKET SNIFFER satisfactorily in partial fulfillment under the department of Computer Engineering during academic year 2009-2010.

____________________________ Teacher In-Charge

ACKNOWLEDGEMENT

We would like to express our sincere thanks and gratitude to our guide Mr. Sunil Surve for his valuable guidance and suggestions. We are highly indebted to him for providing us an excellent opportunity to learn and present our studies in the form of this seminar report.
We take this opportunity to thank the members of the teaching and non-teaching staff of Fr.CRCE for the timely help extended by them.
Lastly thanking our parents, for their morale support and encouragement.

Kunal Gopal Thakur
Vishal Shirguppi
Justin Francis
Shazia Ali

ABSTRACT:
Packet sniffing is a technique of monitoring every packet that crosses the network. A packet sniffer is a piece of software or hardware that monitors all network traffic. The security threat presented by sniffers is their ability to capture all incoming and outgoing traffic, including clear-text passwords and usernames or other sensitive material. While packet sniffers can be fully passive, some aren’t, therefore they can be detected. This paper discusses the different methods that Anti-Sniff uses to detect these sniffing programs.[------PACKET SNIFFER DETECTION WITH ANTI SNIFF]

Table of Contents 1.0 Introduction.......................................................................................................................................................1

2.0 What is a packet sniffer? .................................................................................................................................2

3.0 Uses of a packet sniffer....................................................................................................................................3

4.0Sniffing tool……………………………………………………………………………………....4

5.0 Sniffing methods ..............................................................................................................................................5

5.1.1 IP-based sniffing ...........................................................................................................................................5

5.1.2 MAC-based sniffing ......................................................................................................................................5

5.1.3 ARP-based sniffing........................................................................................................................................5

6.0 Anti sniff assumption........................................................................................................................................7

7.0 Anti-Sniff detection methods…………………………………………………………………….7

7.1 Mac Detection…………………………………………………………………………………..7

7.1.1 Ethernet Network Interface Cards…………………………………………………………….8

7.1.2 TCP/IP on Ethernet ………………………………………………………………………….8
7.1.3 Implementation ……………………………….………………………………………………8
7.1.4 Results ………………………………………………………………………………………..9
7.2 DNS Detection………………………………………………………………………………….10
7.2.1 Exploit Sniffer Behavior………………………………………………………………………11
7.2.2 Implementation……………………………………………………………………………….12
7.2.3 Results ………………………………………………………………………………………..13
8.0 Conclusion……………………………………………………………………………………...14
9.0 References……………………………………………………………………………………....15

1.0 Introduction
Packet sniffing is a technique of monitoring every packet that crosses the network. A packet sniffer is a piece of software or hardware that monitors all network traffic. This is unlike standard network hosts that only receive traffic sent specifically to them. The security threat presented by sniffers is their ability to capture all incoming and outgoing traffic, including clear-text passwords and user names or other sensitive material. In theory, it’s impossible to detect these sniffing tools because they are passive in nature, meaning that they only collect data. While they can be fully passive, some aren’t therefore they can be detected. This paper discusses the different packet sniffing methods and explains how Anti-Sniff tries to detect these sniffing programs.

2. Working of packet sniffer:
A packet sniffer works by looking at every packet sent in the network, including packets not intended for itself. This is accomplished in a variety of ways. These sniffing methods will be described below. Sniffers also work differently depending on the type of network they are in
Shared Ethernet:
In a shared Ethernet environment, all hosts are connected to the same bus and compete with one another for bandwidth. In such an environment packets meant for one machine are received by all the other machines. Thus, any machine in such an environment placed in promiscuous mode will be able to capture packets meant for other machines and can therefore listen to all the traffic on the network.
Switched Ethernet:
An Ethernet environment in which the hosts are connected to a switch instead of a hub is called a Switched Ethernet. The switch maintains a table keeping track of each computer's MAC address and delivers packets destined for a particular machine to the port on which that machine is connected. The switch is an intelligent device that sends packets to the destined computer only and does not broadcast to all the machines on the network, as in the previous case. This switched Ethernet environment was intended for better network performance, but as an added benefit, a machine in promiscuous mode will not work here. As a result of this, most network administrators assume that sniffers don't work in a Switched Environment. [2]

3. Uses of Packet Sniffers
Sniffing programs are found in two forms. 1) Commercial packet sniffers are used to help maintain networks. 2) Underground packet sniffers are used by attackers to gain unauthorized access to remote hosts. Listed below are some common uses of sniffing programs:
• Searching for clear-text usernames and passwords from the network.
• Conversion of network traffic into human readable form.
• Network analysis to find bottlenecks.
• Network intrusion detection to monitor for attackers.
Using a sniffer in an illegitimate way is considered a passive attack. It does not directly interface or connect to any other systems on the network. However, the computer that the sniffer is installed on could have been compromised using an active attack. The passive nature of sniffers is what makes detecting them so difficult. The following list describes a few reasons why intruders are using sniffers on the network: * Capturing clear-text usernames and passwords * Compromising proprietary information * Capturing and replaying Voice over IP telephone conversations * Mapping a network * Passive OS fingerprinting
Obviously, these are illegal uses of a sniffer, unless you are a penetration tester whose job it is to find these types of weaknesses and report them to an organization. For sniffing to occur, an intruder must first gain access to the communication cable of the systems that are of interest. This means being on the same shared network segment, or tapping into the cable somewhere between the paths of communications. If the intruder is not physically present at the target system or communications access point, there are still ways to sniff network traffic. These include: * Breaking into a target computer and installing remotely controlled sniffing software. * Breaking into a communications access point, such as an Internet Service Provider (ISP) and installing sniffing software. * Locating/finding a system at the ISP that already has sniffing software installed. * Using social engineering to gain physical access at an ISP to install a packet sniffer. * Having an insider accomplice at the target computer organization or the ISP install the sniffer. * Redirecting communications to take a path that includes the intruder’s computer.
4. Sniffing Tools * tcpdump: Tcpdump is a powerful tool that allows us to sniff network packets and make some statistical analysis out of those dumps. One major drawback to tcpdump is the size of the flat file containing the text output. But tcpdump allows us to precisely see all the traffic and enables us to create statistical monitoring scripts.[3] * sniffit: Robust packet sniffer with good filtering. [3] * Ethereal: A free network protocol analyzer for UNIX and Windows. It allows you to examine data from a live network or from a capture file on disk.[3] * Hunt: The main goal of the HUNT project is to develop tools for exploiting well-known weaknesses in the TCP/IP protocol suite. [3] * Dsniff: Dsniff is a collection of tools for network auditing and penetration testing. dsniff, filesnarf, mailsnarf, msgsnarf, urlsnarf, and webspy passively monitor a network for interesting data (passwords, e-mail, files, etc.). arpspoof, dnsspoof, and macof facilitate the interception of network traffic normally unavailable to an attacker (e.g, due to layer-2 switching). sshmitm and webmitm implement active monkey-in-the-middle attacks against redirected SSH and HTTPS sessions by exploiting weak bindings in ad-hoc PKI. * IP spoofing : When the sniffing program is on a segment between two communicating end points, the intruder can impersonate one end in order to hijack the connection. This is often combined with a denial of service (DoS) attack against the forged address so they don't interfere anymore. [1]

5.1 Sniffing methods [4]
There are three types of sniffing methods. Some methods work in non-switched networks while others work in switched networks. The sniffing methods are: IP-based sniffing, MAC-based sniffing, and ARP-based sniffing.
5.1.1 IP-based sniffing
This is the original way of packet sniffing. It works by putting the network card into promiscuous mode and sniffing all packets matching the IP address filter. Normally, the IP address filter isn’t set so it can capture all the packets. This method only works in non-switched networks.
5.1.2 MAC-based sniffing
This method works by putting the network card into promiscuous mode and sniffing all packets matching the MAC address filter.
5.1.3 ARP-based sniffing
This method works a little different. It doesn’t put the network card into promiscuous mode. This isn’t necessary because ARP packets will be sent to us. This happens because the ARP protocol is stateless. Because of this, sniffing can be done on a switched network. To perform this kind of sniffing, you first have to poison the ARP cache1 of the two hosts that you want to sniff, identifying yourself as the other host in the connection. Once the ARP caches are poisoned, the two hosts start their connection, but instead of sending the traffic directly to the other host it gets sent to us. We then log the traffic and forward it to the real intended host on the other side of the connection. This is called a man-in-the-middle attack. See Diagram 1 for a general idea of the way it works.

Diagram 1: ARP sniffing method

6 ANTI-SNIFF ASSUMPTIONS
We have made various assumptions when we developed our remote sniffer detector. These assumptions limit the types of sniffers that we can detect. However, we feel that our assumptions are valid and reasonable .One assumption we have made is that the sniffer is an actual sniffer program running on a host .That is, we disallow the possibility that the sniffer is a dedicated device that a hacker physically attaches to the network. This is a rather reasonable assumption since a lot of break-ins are done remotely by hackers with no physical access to the network whatsoever. Usually, a UNIX machine is broken in to , and the hacker logs on to the compromised machine and installs a sniffer with root access. Another assumption we have made is that the network segment that we are interested in, the network segment which we wish to detect whether a sniffer is running or not, is an Ethernet segment. Again, this is a reasonable assumption since a large percentage of the network segments on the Internet are Ethernet .This leads us to mention that we also assume that TCP/IP is the protocol that the network is using. Although some of our techniques can be modified to support other networking protocols, the implementation is based on TCP/IP since it is, by far, the most popular network protocol today.

7.0 Anti-Sniff detection methods :
7.1 MAC DETECTION
The MAC detection technique for detecting sniffers running on a Ethernet segment requires that the machine running the detector be on the same Ethernet segment as the host that is suspected of running a sniffer. Thus, this technique allows remote detection of sniffers on the same Ethernet segment, but not the remote detection of sniffers across different networks .The basic idea behind the MAC detection technique is simple and has been discussed in the past [6].

7.1.1 Ethernet Network Interface Cards:
A basic Ethernet network interface card has a unique medium access control (MAC) address assigned to it by its manufacturer. Thus, all network interface cards (NIC) can be uniquely identified by its MAC address. Since Ethernet is a shared medium network, all data packets are essentially broadcasted. Since passing all packets broadcasted on the network to the operating system is inefficient , Ethernet controller chips typically implement a filter which filters out any packet that does not contain a target MAC address for the NIC .Since sniffers are interested in all traffic on the Ethernet segment, NICs provide a promiscuous mode. In promiscuous mode, all Ethernet data packets, regardless of the target MAC address, are passed to the operating system. Thus, when a sniffer is running on a machine, the machine's NIC is set to promiscuous mode to capture all of the Ethernet traffic . Figure2 shows the flow diagram of the Ethernet data packet path to the operating system .
7.1.2 TCP/IP on Ethernet:
The Ethernet protocol standard, IEEE 802.3, specifies the Ethernet packet structure. Figure2 shows a IP packet encapsulated in a Ethernet packet. For TCP/IP, a normal IP packet destined to a particular Ethernet host has the destination host's MAC address filled in the Ethernet header and the IP address of the destination filled in the IP header. Thus, IP packets transported by Ethernet have two addresses, both of which normally correspond to a machine's MAC address and IP address [6].

7.1.3 Implementation :
The implementation of the MAC detection technique is quite simple. The detection tool implements a ICMP Echo Request packet generator .The tool generates the full ICMP packet as well as the outer Ethernet packet that encapsulates the ICMP packet. The Ethernet packet is generate such that the target MAC address is different from the actual MAC address of the target machine. So, for any suspected host on the Ethernet segment, the tool can generate the ICMP Echo Request with incorrect MAC address and check if a ICMP Echo Reply is returned. If so, the suspected host is in promiscuous mode. Thus, a sniffer could likely be running on that host. Figure 3 shows how the MAC detection technique works as implemented.

7.1.4 Results :
The MAC detection technique works only against operating systems with a TCP/IP protocol stack that does not have the check against correct MAC addresses. We were able to confirm that Linux 2.0.35 was vulnerable to this kind of sniffer detection. We were able to detect when a Linux machine went in to promiscuous mode with 100% accuracy. However, FreeBSD 2.2.7 was not vulnerable to this kind of sniffer detection. The networking code in FreeBSD 2.2.7 correctly implements the necessary check so that incorrectly addressed Ethernet packets never reach the ICMP processing code.

Flow of Ethernet data packet with OS

8.0 DNS DETECTION:
The DNS detection technique exploits a behavior common in all password sniffers to date. This technique requires that the system administrator controls the Domain Name Server (DNS) [6]
8.1 Exploit Sniffer Behavior:
The DNS detection technique works by exploiting a behavior common to all password sniffers we have seen. The key observation is that all current password sniffers are not truly passive. In fact, password sniffers do generate network traffic, although it is usually hard to distinguish whether the generated network traffic was from the sniffer or not. It turns out that all password sniffers we have come across do a reverse DNS lookup on the traffic that it sniffed. Since this traffic is generated by the sniffer program, the trick is to detect this DNS lookup some how from normal DNS lookup requests. It is not hard to come up with the following idea. We can generate fake traffic to the Ethernet segment with a source address of some unused IP address that we provide the DNS service for. Then, since the traffic we generate should normally be ignored by the hosts on the segment, if a DNS lookup request is generated, we know that there is a sniffer on the Ethernet segment.
8.2 Implementation:
The implementation of the DNS detection technique is quite straight forward. The tool that implement this technique runs on the machine that is registered to provide the reverse DNS lookup for the trigger IP address, the invalid IP address that is used as the source address in the fake traffic. The tool generates a fake FTP [PR85] connection with the source IP address set to the trigger IP address. Then, the tool waits for a period of user definable time on the DNS service port. Within this period of time, the tool counts the number of DNS requests for the trigger IP address. When the time expires, the tool reports the number of DNS request counted. Note that the tool never returns a DNS reply. This is to avoid having the DNS entry being cached in some intermediate DNS server. The reason why DNS request needs to be counted is that the fake FTP traffic may actually be destined for a real machine on the network that provides FTP service. If so, that machine may trigger a DNS lookup. Thus, there are two cases we need to consider. If the fake FTP traffic ends up being destined to a real machine on the network, then if we count two or more DNS lookups, a sniffer is probably running on the network. Otherwise, if only one DNS lookup occurs, it is probably a legitimate lookup being performed by the host. The other case is that the fake traffic ends up being destined to no particular machine on the network. Then, if one or more DNS lookup occurs, there is most likely a sniffer on the network.

8.3 Results :
The DNS detection technique was able to detect sniffers running on a Ethernet segment with 100% accuracy regardless of operating system type. The default behavior of esniff, linsniff, sniffit and even tcpdump is to perform the reverse DNS lookup. Furthermore, it is possible to assign a trigger IP address to each network segment to perform the DNS detection technique .This is useful because even if the password sniffer does not perform a reverse DNS lookup, that is, the tool does not detect a sniffer in the required timeout period, the hacker may sometime in the future perform a reverse DNS lookup on the logged password entry. If so, then this technique can be extended to keep track of which IP address is assigned to what network and report a DNS lookup whenever it sees it in the future. request. Thus, the router will never generate the traffic on the network. However, this is possible to do if the machine running the tool is on the same network, therefore it can generate the fake traffic with invalid MAC addresses.

Diagram of DNS detection.

9.0 Conclusion :
When computers communicate over networks, they normally just listen to the traffic specifically for them. However, network cards have the ability to enter promiscuous mode, which allows them to listen to all network traffic regardless of if it’s directed to them. Packet sniffers can capture things like clear-text passwords and usernames or other sensitive material. Because of this packet sniffers are a serious matter for network security. Fortunately, not all sniffers are fully passive. Since they aren’t tools like Anti-Sniff can detect them. Since sniffing is possible on non-switched and switched networks, it’s a good practice to encrypt your data communications.

References-
1 ) Website (http://www.iss.net/security_center/advice/Underground/Hacking/Methods/Technical/Packet_sniffing/default.htm)
2) Ryan Spangler “Packet Sniffing on Layer 2 Switched Local Area Networks” University of Wisconsin – Whitewater Department of Computer and Network Administration
Packetwatch Research URL : http://www.packetwatch.net (December 2003)
3) Suhas A Desai “ Packet Sniffing: Sniffing Tools Detection Prevention Methods” University of California Department of Network Administration.(April 2004)
4) Ryan Spangler University of Wisconsin –“Packet Sniffer Detection with Anti Sniff ” Research URL http://www.packetwatch.net (May 2003) 5) A. Ornaghi, M. Valleri, “Man in the middle attacks Demos” Blackhat [Online Document], 2003,
Available HTTP: http://www.blackhat.com/presentations/bh-usa-03/bh-usa-03-ornaghi-valleri.pdf
6) Remote Sniffer Detection- David Wu and Frederick Wong fdavidwu , fredwongg@cs.berkeley.edu Computer Science Division University of California, Berkeley, CA 94720 (December 14, 1998)

Similar Documents

Free Essay

Packet Sniffing Prevention

...The ‘s’ = security Tips to Defend against Sniffing • Restrict the physical access to the network media to ensure that a packet sniffer is not able to be installed • Use encryption to protect confidential information • Permanetly add MAC address to the gateway to the ARP cache • Use static IP and static ARP table –prevents attackers from adding the spoofed ARP entries • Turn off network identification broadcast and restrict the network to authorized users • Use IPv6 instead of IPv4 • Use encrypted sessions like: SSh, SCP, SSL • Use security :PGP and S/Mipe, VPN, IPsec, TLS and OTP Packet Sniffing Prevention • Best way – Use Encryption • Secure Socket Layer –encapsulates data with help of original certificates and digital signatures • IP Security- adds security at packet level. (each packet has a header is encrypted which contains the major information like addresses) • PGP and MIME: Commonly used Email services. As emails are stored for extended periods, it is best to use them so emails don’t end up in wrong mailboxes. • VPN (Virtual Private Network – provide encrypted data across the Internet. They are more secure, but if hacked the data may be seen even...

Words: 551 - Pages: 3

Free Essay

Mister

...Session CRJ 115 7 December 2015 Packet Sniffers: A Bittersweet Software Packet sniffing software is a controversial subject and a double-edged sword. It can be used to analyze network problems and detect Internet misuse. But at the same time, it allows hackers and people with malicious intention to "sniff" out your password, get your personal information, and invade your privacy. That is also why securing and encrypting data is so important. In this paper, the definition of packet sniffing will be introduced and several functionality and possible uses of packet sniffers will be explained. Also, information on how to protect against sniffers and man-in-the-middle attacks will be provided. An example of a packet sniffer program, Wireshark, will be given, followed by a case study involving the restaurant chain Dave & Buster's, which will show the negative consequences that can occur when organizations are not aware of the threat of packet sniffing by hackers. A packet sniffer is "a computer program or a piece of computer hardware that can intercept and log traffic passing over a digital network or part of a network" (Connolly, 2003). Packet sniffers are known by alternate names including network analyzer, protocol analyzer or sniffer, or for particular types of networks, an Ethernet sniffer or wireless sniffer (Connolly, 2003)....

Words: 2443 - Pages: 10

Free Essay

Packet Sniffer Report

...IMPLEMENTATION OF PACKET SNIFFING IN JAVA USING JPCAP LIBRARY Project Report Submitted in Partial Fulfillment of the Requirement for the Award of Degree of Bachelor of Engineering in Computer Science Engineering of Rajiv Gandhi Proudyogiki Vishwavidalaya, Bhopal (MP) By Siddharth Pateriya Swarna Swaminathan (0131CS081077) (0131CS081084) Department of Computer Science Engineering Jai Narain College of Technology, Bhopal June – 2012 DECLARATION We, Siddharth Pateriya and Swarna Swaminathan, the students of Bachelor of Engineering (Computer Science Engineering), Jai Narain College of Technology, Bhopal hereby declare that the work presented in this Major Project is an authentic record of our own and has been carried out taking care of Engineering Ethics under the guidance of Prof. Manish Mishra. Siddharth Pateriya Swarna Swaminathan (0131CS081077) (0131CS081084) CERTIFICATE This is to certify that the work embodied in this Major Project entitled “Implementation of Packet Sniffing in Java using Jpcap Library” has been satisfactorily completed by the students of final year, Mr. Siddharth Pateriya and Ms.Swarna Swaminathan....

Words: 8200 - Pages: 33

Free Essay

Sniffer

...Pallavi Asrodia, Hemlata Patel / International Journal of Engineering Research and Applications (IJERA) ISSN: 2248-9622 www.ijera.com Vol. 2, Issue 3, May-Jun 2012, pp.854-856 Network Traffic Analysis Using Packet Sniffer Pallavi Asrodia*, Hemlata Patel** *(Computer Science, dept., Jawaharlal Institute of Technology, Borawan, Khargone (M.P.) India.) ** (Computer Science, dept., Jawaharlal Institute of Technology, Borawan, Khargone (M.P.) India) ABSTRACT In the past five decades computer networks have kept up growing in size, complexity and, overall, in the number of its users as well as being in a permanent evolution. Hence the amount of network traffic flowing over their nodes has increased drastically. With the development and popularization of network Technology, the management, maintenance and monitoring of network is Important to keep the network smooth and improve Economic efficiency. For this purpose packet sniffer is used. Packet sniffing is important in network monitoring to troubleshoot and to log network. Packet sniffers are useful for analyzing network traffic over wired or wireless networks. This paper focuses on the basics of packet sniffer; it’s working Principle which used for analysis Network traffic. Keywords- Packet capture, Traffic analysis, Libpcap, Network Monitoring, NIC, Promiscuous mode, Berkeley Packet Filter, Network analyzer, Packet sniffer. unresponsive to those packets do not belong to themselves by just ignoring....

Words: 2215 - Pages: 9

Free Essay

Report

...SOFTWARE REQUIREMENT SPECIFICATION NET VIGILANT NETWORK MONITOR V1.1 Printed On: 3rd Dec 2007 C:\Washington University\ProjectDocument2.doc Department Of Computer Science & Engineering Washington University in Saint Louis Submitted By Subharthi Paul Madhuri Kulkarni Table of Contents |1 |INTRODUCTION |3 | |1.1 |Abstract____________________________________________________________ |4 | |1.2 |Introduction_________________________________________________________ |5 | |1.3 |Product Overview____________________________________________________ |6 | | | | | |2 |SPECIFIC REQUIREMENTS |8 | |2.1 |External Interface Requirements_________________________________________ |9 | | |2.1.1 User Interfaces_________________________________________________...

Words: 1548 - Pages: 7

Premium Essay

Selecting Security Countermeasures

...Top network level threats include: •Information gathering •Sniffing •Spoofing •Session hijacking •Denial of service Information Gathering Network devices can be discovered and profiled in much the same way as other types of systems. Attackers usually start with port scanning. After they identify open ports, they use banner grabbing and enumeration to detect device types and to determine operating system and application versions. Armed with this information, an attacker can attack known vulnerabilities that may not be updated with security patches. Countermeasures to prevent information gathering include: •Configure routers to restrict their responses to footprinting requests. •Configure operating systems that host network software (for example, software firewalls) to prevent footprinting by disabling unused protocols and unnecessary ports. Sniffing or eavesdropping is the act of monitoring traffic on the network for data such as plaintext passwords or configuration information. With a simple packet sniffer, an attacker can easily read all plaintext traffic. Also, attackers can crack packets encrypted by lightweight hashing algorithms and can decipher the payload that you considered to be safe. The sniffing of packets requires a packet sniffer in the path of the server/client communication. Countermeasures to help prevent sniffing include: •Use strong physical security and proper segmenting of the network....

Words: 650 - Pages: 3

Free Essay

Csec630 Lab Assignment 2

...By changing the default settings of the rules provided on the Snort website, there is a chance that the user might disable packet sniffing on a port that needs to be enabled, causing no alerts on that port. There is also a possibility that user may have set a range of ports to be scanned by Snort IDS for sniffing and the traffic that is coming in the network is not through any of those ports, muting the alerts. 2. If we only went to a few web sites, why are there so many alerts? An Intrusion Detection System (IDS) provides a wide range of monitoring techniques including packet sniffing, file integrity monitoring, and even artificial intelligence algorithms that detect anomalies in network traffic. Snort, a public domain intrusion detection system, monitors traffic by analyzing every packet on a network, looking for malevolent content. It does this by putting the network adaptor in promiscuous mode so that it can see all network traffic on the wire, a process referred to as packet sniffing. Snort is a rule-based IDS, which means that it applies a set of rules to each packet based on known attack signatures. When it detects an attack signature, it performs the action designated in the rule. 3. What are the advantages of logging more information to the alerts file? The advantage of logging more information in the alerts file gives the network...

Words: 1658 - Pages: 7

Premium Essay

Is4560

...These are usually teenagers that don't use programs to hack into computer systems, instead use tools made by skilled hackers that makes them wreak the same havoc as professional hackers ethical hacking – Move security forward, find flaws with the intent of fixing – Use skills for defensive, preventive purposes – Promote proactive security: test before incidents happen - instead of fixing stuff afterwards – Stay within the legal limits Promiscuous Mode A mode on a NIC adapter that does not ignore packets...

Words: 1515 - Pages: 7

Premium Essay

Computer Security

...SNIFFING What is Sniffing? * Sniffing is a technique for gaining access through Network-Based attack. * A sniffer is a program that gathers traffic from the local network, and is useful for attackers looking to swipe data as well as network administrator trying to troubleshoot problems. * Using sniffer, an attacker can read data passing by a given machine in real time or store the data. What does one sniff? A sniffer can grab anything sent across the LAN, Including * User IDs and passwords * Web Pages being visited * Email messages * Files shared using the Network File System * Chat sessions * DNS queries Types of Sniffing * Passive Sniffing Sniffing performed on a hub is known as passive sniffing. * Active Sniffing When sniffing is performed on a switched network, it is known as active sniffing. Dsniff (Sniffer tool) * Dsniff is a set of password sniffing and network traffic analysis tools * Big advantage of Dsniff is the amazing number of protocols that it interpret.Eg Telnet,Ftp,Http * Nearly every sniffer can dump raw bits grabbed off the network. However, these raw bits are pretty much useless, unless the attacker can interpret what they mean. Foiling Switches with floods * Initiated via Dsniffs Macof program * It works by sending out a flood of traffic with random MAC address on the LAN....

Words: 266 - Pages: 2

Premium Essay

Network Eavesdropping

...Network Eavesdropping Description Network Eavesdropping or network sniffing is a network layer attack consisting of capturing packets from the network transmitted by others' computers and reading the data content in search of sensitive information like passwords, session tokens, or any kind of confidential information. The attack could be done using tools called network sniffers. These tools collect packets on the network and, depending on the quality of the tool, analyze the collected data like protocol decoders or stream reassembling. Depending on the network context, for the sniffing to be the effective, some conditions must be met: • LAN environment with HUBs This is the ideal case because the hub is a network repeater that duplicates every network frame received to all ports, so the attack is very simple to implement because no other condition must be met. • LAN environment with switches To be effective for eavesdropping, a preliminary condition must be met. Because a switch by default only transmits a frame to the port, a mechanism that will duplicate or will redirect the network packets to an evil system is necessary. For example, to duplicate traffic from one port to another port, a special configuration on the switch is necessary. To redirect the traffic from one port to another, there must be a preliminary exploitation like the arp spoof attack....

Words: 387 - Pages: 2

Premium Essay

Internet Security

...While you already know about malware, there are two more common techniques used by hackers to access your data: port knocking and packet sniffing. There are several ports on your computer that allow different applications to transfer data to and from your computer. A good application would instantly close the port as soon as it sends or receives information. However, there are some applications that delay or forget to close these ports. Sometimes it is the OS to blame. Port knocking, or port scanning, is the technique where hackers keep on trying to access the different ports on your computer or server. Once they find an open port, they can easily reach your data and use it the way they want. You might know that to transmit data over Internet, it is divided into several chunks (called packets) of equal size. Each packet contains the sequence number of the packet preceded by the IP address of...

Words: 764 - Pages: 4

Premium Essay

Myrtle & Associates/Bellview Law Group to Mab Law Firm Network Integration

...White Paper: This white paper discusses how to choose the integration approach best fitting the needs of Myrtle & Associates and Bellview Law Group in their merging into one law firm: MAB Law Firm. Assumptions: 1. Both Myrtle & Associates & Bellview Law Group Utilized Access To the Internet via a Digital Subscribers Line(DSL) 2. Myrtle & Associates & Bellview Law Group are separated by a considerable geographical distance. 3. Current Novell Servers Used by Bellview Law Group are Old. 4. All internal hard cabling runs will be wired with CAT 5e. Current Network Diagram Please See Exhibit (A-1 & A-2) Diagram of Proposed Network Integration Please See Exhibit (B) Challenges to Integrating the Current LANs, Challenges integrating the Myrtle & Associates and Bellview Law Group networks will be presented by the following: * The geographical distance between the two offices (L2TP/IPsec) * Bellview Law Group use of Novell and IPX/SPX instead of TCP/IP Integrating these two networks will be faced by the geographical distance between the two offices where the law firms reside. One solution would be to lease a dedicated line however; this option would be a very expensive one and is unnecessary due to new Virtual Private Network (VPN) technologies such as Layer 2 Tunneling Protocol (L2TP). Layer 2 Tunneling Protocol (L2TP) is a VPN technology allows for communication between two LAN segments separated by......

Words: 2057 - Pages: 9

Premium Essay

Wireless Attacks

...Wireless networks are vulnerable to the following specific security attacks: Attack Description Rogue access point A rogue access point is any unauthorized access point added to a network. Examples include: • An attacker or an employee with access to the wired network installs a wireless access point on a free port. The access port then provides a method for remotely accessing the network. • An attacker near a valid wireless access point installs an access point with the same (or similar) SSID. The access point is configured to prompt for credentials, allowing the attacker to steal those credentials or use them in a man-in-the-middle attack to connect to the valid wireless access point. • An attacker configures a wireless access point in a public location, and then monitors traffic of those who connect to the access point to capture sensitive information such as usernames and passwords. Be aware of the following to mitigate and protect your network against rogue access points: • Monitor the radio frequencies in your area to identify access points broadcasting in your area. • Put access points in separate virtual LANs and implement some type of intrusion detection to help identify when an attacker is attempting to set up a rogue access point or is using a brute force attack to gain access. • When you find an unauthorized access point, unplug the Ethernet cable on the access point to disconnect it from the wired network. A rogue access point that is configured to......

Words: 1056 - Pages: 5

Free Essay

Security Attack

...Sniffing 6.) Spoofing 7.) Identity Theft III. Solutions to contemporary IS security issues A. Solutions for “Spamming” B. Solutions for “Hacking” C. Solutions for “Jamming” D. Solutions for “Malicious Software” E. Solutions for “Sniffing” F. Solutions for “Spoofing” G. Solutions for “Identity Theft” IV. The Future of Information Systems Security A. New technologies and techniques effecting the future of Information Systems Security B. Tips and information regarding maintaining a Secure Information System C. How security issues will continue to shape Information Systems Management V. Conclusion Abstract The purpose of this paper is to discuss the pressing issues pertaining to Information Systems security. We will be covering the history of Information Systems Security, the current security issues, and why it is important to be knowledgeable in Information Systems security. Also, we will cover some solutions to the issues that we have discovered, and we will touch on the future of Information Systems security, with some tips and techniques on how to properly maintain and operate a secure Information System. Introduction Information Systems security is one of the biggest challenges facing society’s technological age. Information Systems have become an integral part of everyday life in the home, businesses,...

Words: 4780 - Pages: 20

Premium Essay

Case Project 1-4: Wireless Sniffing

...The best way to accomplish this task is by using a Packet Sniffer...

Words: 307 - Pages: 2