MITM/Wired/Network Tap: Difference between revisions

From charlesreid1

No edit summary
No edit summary
Line 1: Line 1:
==Setup==
=Setup=


===Network Configuration===
For a wired network tap, we need an attacking device with two network interfaces - one to connect to the sheep, one to connect to the network device.


Caveman ASCII art of my network configuration:
A physical network tap can be as simple as a crossover cable connecting to the target computer. This is easier if  the attacking computer is a router running OpenWRT or a Raspberry Pi or some other low form factor computer.
 
==The Network Arrangement==
 
The network will be arranged as follows:


<pre>
<pre>
--------------------        --------------
[ Router ]-----[ Attacker ]------[ Sheep ]
|    Router       |---------|  kronos    |
|                  |        | 10.0.0.19  |
|                  |        --------------
|                  |        --------------
|    10.0.0.1    |---------|  mars    |
|                  |        | 10.0.0.133 |
--------------------        --------------
</pre>
</pre>


===Attacker/Sheep===
Usually the attacker has two ethernet ports, but in this case I'll be using one ethernet port and one wireless card:
 
In this scenario, the attacker Kronos <code>10.0.0.19</code> will be attacking the sheep Mars <code>10.0.0.133</code>
 
Both are running [[Kali]] Linux.
 
===The Attack===
 
As described on the [[ARP Poisoning]] attack page, this attacks the lookup table that every router has that maps IP addresses to MAC addresses. If an attacker can modify entries in that table, they can receive all traffic intended for another party, make a connection to that party, and forward it along, tampering with the sheep's information.
 
 
 


<pre>
[ Router ]  ~  ~  ~  ~  [ Attacker ]---------[ Sheep ]
</pre>






{{MITMFlag}}
{{MITMFlag}}

Revision as of 16:34, 25 August 2015

Setup

For a wired network tap, we need an attacking device with two network interfaces - one to connect to the sheep, one to connect to the network device.

A physical network tap can be as simple as a crossover cable connecting to the target computer. This is easier if the attacking computer is a router running OpenWRT or a Raspberry Pi or some other low form factor computer.

The Network Arrangement

The network will be arranged as follows: 

[ Router ]-----[ Attacker ]------[ Sheep ]

Usually the attacker has two ethernet ports, but in this case I'll be using one ethernet port and one wireless card: 

[ Router ]  ~  ~  ~  ~   [ Attacker ]---------[ Sheep ]



Defcon.png
monkey in the middle attacks
in which an attacker tricks two parties into thinking they're communicating with each other, but both are communicating with the attacker.

MITM

Wireless Attacks: MITM/Wireless

Wired Attacks: MITM/Wired


Layer 1 and 2 MITM Attacks:

MITM/Layer 1 and 2

Network Tap: MITM/Wired/Network Tap

Evil Twin Attack: Evil Twin  · MITM/Evil Twin


Layer 3 and 4 MITM Attacks:

MITM/Layer 3 and 4

Traffic Sniffing: MITM/Sniffing

ARP Poisoning: MITM/ARP Poisoning

Traffic Injection/Modification: MITM/Traffic Injection

DNS Attacks: MITM/DNS  · Bettercap/Failed DNS Spoofing Attack  · Bettercap/Failed DNS Spoofing Attack 2

DHCP Attacks: MITM/DHCP

WPAD MITM Attack: MITM/WPAD

Port Stealing: MITM/Port Stealing

Rushing Attack: MITM/Rushing Attack

Attacking HTTPS: MITM/HTTPS


Layer 5 MITM Attacks:

Session Hijacking: MITM/Session Hijacking


Toolz:

Ettercap  · Bettercap  · MITMf  · EvilFOCA

Wireshark  · Aircrack

Dsniff  · Arpspoof  · Dnsspoof

SSLSniff  · SSLStrip  · Frankencert

Driftnet  · Karma


MITM Labs: {{MITMLabs}}


Category:MITM  · Category:Attacks  · Category:Kali Attack Layers

Template:MITMLabs  · Template:MITMFlag

Flags  · Template:MITMFlag  · e




Retrieved from "https://charlesreid1.com/w/index.php?title=MITM/Wired/Network_Tap&oldid=8283"