Lab Overview

Scenario

The scenario for this laboratory is an attacker and a sheep using laptops on the same wireless network. The goal here is to sniff the sheep's traffic over the network using Dsniff. Let's talk about what Dsniff does and does not do.

The Dsniff suite provides tools that read network traffic and search for interesting information/credentials - that's it. That means that we (the attacker) need to be able to read the sheep's network traffic before we can use Dsniff.

How we read the sheep's traffic depends on the type of network we're on.

• Wired networks: Man in the Middle/Wired
  • You must determine whether you're on a network switch or a network hub
  • Network switches selectively broadcast traffic from the gateway to the specific port corresponding to the intended destination node (this is determined using the ARP table, which maps MAC addresses to ports)
  • Network hubs broadcast all traffic to all ports, so all traffic is visible to all nodes, and nodes simply ignore traffic not intended fro them
• Wireless networks: Man in the Middle/Wireless

Notes on Detection

It is important to note the impact that an ARP spoofing attack will have on the network. ARP spoofing generates a MASSIVE amount of packet traffic, so it WILL slow down the network. Also, if it is an enterprise or business network, or any network with an active IT crew, they will almost surely be alerted to the attack. This is optimal for anonymous, small, unmonitored networks.

Setting Up

Wifi Network

This will use a standard wifi network that both the sheep and attacker can connect to. They should be on the same subnet.

Sheep

Sheep will be generating web/ssh/email/dropbox traffic. The sheep needs basic programs to do that stuff.

Attacker

To carry out the ARP poisoning attack, the attacker will need an ARP poisoning tool - this lab will use Arpspoof, part of the Dsniff suite.

To actually sniff the traffic, the attacker will need Dsniff.

Other tools?

Flags