MITM Labs/Dsniffing Over Wifi: Difference between revisions
From charlesreid1
m (Admin moved page MITM Labs/Sniffing Over Wifi to MITM Labs/Dsniffing Over Wifi) |
|||
| Line 3: | Line 3: | ||
==Scenario== | ==Scenario== | ||
The scenario for this laboratory is an attacker and a sheep using laptops on the same wireless network. The goal here is to sniff the sheep's traffic over the network using [[Dsniff]]. | The scenario for this laboratory is an attacker and a sheep using laptops on the same wireless network. The goal here is to sniff the sheep's traffic over the network using [[Dsniff]]. Let's talk about what Dsniff does and does not do. | ||
The Dsniff suite provides tools that read network traffic and search for interesting information/credentials - that's it. That means that we (the attacker) need to be able to read the sheep's network traffic before we can use Dsniff. | |||
How we read the sheep's traffic depends on the type of network we're on. | |||
* Wired networks: [[Man in the Middle/Wired]] | |||
** You must determine whether you're on a network switch or a network hub | |||
** Network switches selectively broadcast traffic from the gateway to the specific port corresponding to the intended destination node (this is determined using the ARP table, which maps MAC addresses to ports) | |||
** Network hubs broadcast all traffic to all ports, so all traffic is visible to all nodes, and nodes simply ignore traffic not intended fro them | |||
* Wireless networks: [[Man in the Middle/Wireless]] | |||
==Setting Up== | ==Setting Up== | ||
Revision as of 01:31, 21 August 2016
Lab Overview
Scenario
The scenario for this laboratory is an attacker and a sheep using laptops on the same wireless network. The goal here is to sniff the sheep's traffic over the network using Dsniff. Let's talk about what Dsniff does and does not do.
The Dsniff suite provides tools that read network traffic and search for interesting information/credentials - that's it. That means that we (the attacker) need to be able to read the sheep's network traffic before we can use Dsniff.
How we read the sheep's traffic depends on the type of network we're on.
- Wired networks: Man in the Middle/Wired
- You must determine whether you're on a network switch or a network hub
- Network switches selectively broadcast traffic from the gateway to the specific port corresponding to the intended destination node (this is determined using the ARP table, which maps MAC addresses to ports)
- Network hubs broadcast all traffic to all ports, so all traffic is visible to all nodes, and nodes simply ignore traffic not intended fro them
- Wireless networks: Man in the Middle/Wireless
Setting Up
Wifi Network
This laboratory used a standard wifi network, which both the sheep and the attacker were connected to.
Sheep
Sheep will be generating web, ssh, and email traffic. (Dropbox would be nice too.) Just needs basic programs to do that stuff.
Attacker
The attacker will need Dsniff. Other recon tools?