SlideShare ist ein Scribd-Unternehmen logo

Sniffing via dsniff

K
Kshitij Tayal
IngenieurwesenTechnologie
1 von 59
Downloaden Sie, um offline zu lesen
SNIFFING By - KSHITIJ TAYAL (13MCMB13)
What is Sniffing ? ● Sniffing is a technique for gaining access through Network-Based attack. ● A sniffer is a program that gathers traffic from the local network, and is useful for attackers looking to swipe data as well as network administrator trying to troubleshoot problems. ● Using sniffer , an attacker can read data passing by a given machine in real time or store the data.
What does one sniff ? A sniffer can grab anything sent across the LAN , including ● UserIds and passwords ● Web Pages being visited ● Email messages ● Files shared using the Network File System ● Chat sessions ● DNS queries
Non-Promiscuous Mode In non-Promiscous mode, a sniffer gathers data going to and from its host system only. Ethernet controller only gets interrupted when one of the following conditions are met :- ● Destination MAC Address= My MAC Address ● Destination MAC Address= Broadcast MAC ● Destination MAC Address is found in the list of group MAC(Multicast group) All other packets are dropped
Promiscuous Mode ● In Promiscuous mode ,a sniffer gathers all traffic passing by the network interface ● The controller passes all traffic it receives to the central processing unit (CPU) rather than passing only the frames that the controller is intended to receive ● This mode is normally used for packet sniffing
Types of Sniffing ● Passive Sniffing Sniffing performed on a hub is known as passive sniffing. ● Active Sniffing When sniffing is performed on a switched network,it is known as active sniffing.
Passive Sniffing:Sniffing Through a Hub
Passive Sniffing ● In Passive Sniffing any data sent across the LAN is actually sent to each and every machine connected to the LAN. ● Therefore,the sniffer will be able to gather data sent to and from any other system on the LAN.
Active Sniffing : Sniffing Throgh a Switch
Active Sniffing ● Looks for associated MAC address and sends data only to the required connection on the switch. ● Therefore,the sniffer will be able to see data going to and from its machine only. ● All of the other interesting information flowing on the LAN will be unavailable to the sniffer.
Sniffing via switched LAN ● In Active Sniffing we Injects traffic into the LAN to redirect victim’s traffic to attacker ● Active sniffing can be performed by two ways :- 1. MAC flooding 2. Poisoning ARP(address resolution protocol) table
Dsniff (Sniffer tool) ● Dsniff is a set of password sniffing and network traffic analysis tools ● Big advantage of Dsniff is the amazing number of protocols that it interpret.Eg Telnet,Ftp,Http ● Nearly every sniffer can dump raw bits grabbed off the network.However , these raw bits are pretty much useless, unless the attacker can interpret what they mean.
Foiling Switches with floods ● Initiated via Dsniff’s Macof program ● It works by sending out a flood of traffic with random MAC address on the LAN. ● As the number of different MAC addresses in use on the network increases,the switch dutifully stores the MAC addresses used by each link on the switch. ● When switch’s memory becomes exhausted, the switch will start forwarding data to all links on the switch ● At this point, Dsniff can capture desired packets
Foiling Switches with Spoofed ARP Messaged ● Some switches are not subject to this MAC flooding attack because they stop storing new MAC address when the remaining capacity of their memory reaches a given limit. ● To sniff in a switched environment where MAC flooding doesn't work,Dsniff includes a tool called arpspoof ● As the name applies , arpspoof allows an attacker to manipulate Address Resolution Protocol(ARP) traffic
Network Diagram before Sniffing
Step 1. First we configure the Ip layer of the attacker's machine to forward any traffic it receives from the LAN to the IP address of the default router Step 2. The attacker activates the Dsniff arpspoof program,which sends fake ARP replies to the victim's machine. Step 3. The attacker's fake ARP messages changes the victim's ARP table by remapping the default router's IP address to the attacker's MAC address Essentially,the attacker tells the victim that to access the default router,use the attacker's MAC address,thereby poisoning the ARP table of the Victim. Once the poisoned ARP message takes effect, all traffic from the victim machine to the outside world will be sent to tha attacker's machine. Steps involved in Arpspoofing
Steps involved in Arpspoofing Step 4. Victim sends the data,forwarding it to what it thinks is the default router,but using the attacker's MAC address. Step 5. The attacker sniffs the information from the line Step 6. The attackers machine forwards the victim's traffic to the actual default router on the LAN because we configured the attacker's machine for IP forwarding
Network Diagram after Sniffing
Step 1 – Configure IP Forwarding
Check ARP Table before Arpspoof
Check ARP Table before Arpspoof
Step2 – Send Fake ARP Response to Target Machine
Step2 – Send Fake ARP Response to Router
Man-in-the-Middle Attack Successfull
URLSNARF – It grabs list of all URLs from HTTP traffic
WEBSPY – It views a target web browsing in real time
WEBSPY
Sniffing and Spoofing DNS ● DNS maps domain names to IP addresses. ● Dsniff includes a program called dnsspoof that lets an attacker send a false DNS response to a victim,which will make the victim access the attacker's machine when they intended to access another machine ● If a user wants to surf to www.icicibank.com,the attacker can trick the client into connecting to the attacker's Web Server, where the attacker could display a fake bank login screen,gathering the victim's userID and password.
Step 1. The attacker fires up the dnsspoof program from the Dsniff suite.This program sniffs the LAN. Step 2. The victim tries to resolve the name www.icicibank.com using DNS Step 3. The attacker sniffs the DNS query from the line. Steps involved in Dnsspoof
Steps involved in Dnsspoof Step 4. Attacker immediately sends a fake DNS response This response will have a lie, claimimg that www.icicibank.com should resolve to Attackers web server rather than the original server The victim machine will cache this incorrect DNS entry.At some later time,the real response from the real DNS server will arrive,but it will be ignored by the victim's machine Step 5. Finally ,the victim's browser makes a connection with the Attacker's Web Server instead of desired destination
A DNS attack using Dsniff
Sniffing HTTPS and SSH ● Security in HTTPS and SSH built on a trust model of underlying public key Infrastructure – HTTPS server sends to browser a certificate containing server’s public key signed by a Certificate Authority – SSL connection uses a session key randomly generated by server to encrypt data between server and client – With SSH, a session key is transmitted in an encrypted fashion using a private key stored on the server
Sniffing HTTPS and SSH ● Dsniff takes advantage of poor trust decisions made by a clueless user via man-in-the middle attack – Web browser user may trust a certificate that is not signed by a trusted party – SSH user can still connect to a server whose public key has changed ● Name of the tools in the Dsniff suite for attacking HTTPS and SSH are – Webmitm – Sshmitm Here mitm stands for Monkey-in-the-Middle Attack
Step 1. The attacker first runs the dnsspoof program configured to send false DNS information so that a DNS query for a given Web-Site will resolve to the attacker's IP address.Additionally,the attacker activates the webmitm program which will trnsparently proxy all HTTP and HTTPS traffic. Step 2. The dnsspoof program detects a DNS request and send a DNS reply directing the client to the attacker's machine Step 3 Victim's browser start to establish an SSL connection. Steps involved in Sniffing an HTTPS connection
Steps involved in Sniffing an HTTPS connection Step 4 Webmitm then acts as an SSL proxy, establishing two separate SSL connections: --one from the victim to the attacker's machine by sending its own certificate ,and --the other from the attacker's machine to the actual Web Server. Step 5 As far as the Web Server is concerned, it has established a valid SSL connection with the client,not knowing that it is actually communicating with the attacker's machine in the middle
Sniffing an HTTPS connection
Bogus Certificate ● Webmitm must send the attacker's certificate to the victim so that the attacker can establish its own SSL connection with the victim to decrypt the data passed from the browser. ● When the victim's browser establishes the SSL session to the attacker,it will notice that certificate is not signed by a trusted Certificate authority. ● The browser will notice that the DNS name in the certificate does not match the name of the website that the user is trying to access.
Dsniff’s sshmitm ● Allows attacker to view data sent across an SSH session ● Supports sniffing of SSH protocol version 1 ● Just like the Web browsers, the SSH client will complain that it doesn't recognize the public key inserted by the attacker
TCPNICE ● It forces other connection to “play nice” with their tcp connections ● It basically reduces the speed of TCP connection by following methods --Inject TCP tiny window advertisements. --Inject ICMP source quench replies. --Inject ICMP fragmentation-needed replies with tiny next-hop MTUs. ● It lets the attacker slow such connections down so a sniffing tool can more easily keep the data.
TCPKILL ● It terminate the existing/in-progress TCP connection ● It’s usage is very primitive ( kill all connections from port number xx , or from IP address x.x.x.x etc ) ● It allows attacker to sniff the UserID and password on subsequent new session
Sniffing Defenses ● Use HTTPS for encrypted web traffic ● Use SSH for encrypted login sessions ● Pay attention to warning messages on your browser and SSH client ● Get rid of hubs ● Use static ARP tables on the end systems,hard coding the MAC addresses for all systems on the LAN
THANK YOU

Empfohlen

Session hijacking
Session hijackingSession hijacking
Session hijackingGayatri Kapse
 
Alphorm.com Formation Hacking et Sécurité 2020 (3of4) : Attaques Réseaux, Sys...
Alphorm.com Formation Hacking et Sécurité 2020 (3of4) : Attaques Réseaux, Sys...Alphorm.com Formation Hacking et Sécurité 2020 (3of4) : Attaques Réseaux, Sys...
Alphorm.com Formation Hacking et Sécurité 2020 (3of4) : Attaques Réseaux, Sys...Alphorm
 
Arp spoofing
Arp spoofingArp spoofing
Arp spoofingLuthfi Widyanto
 
Proxy servers
Proxy serversProxy servers
Proxy serversKumar
 
Network security
Network securityNetwork security
Network securityTelematika Open Session
 
Etude et mise en place d’un VPN
Etude et mise en place d’un VPNEtude et mise en place d’un VPN
Etude et mise en place d’un VPNCharif Khrichfa
 
Email investigation
Email investigationEmail investigation
Email investigationAnimesh Shaw
 
Network scanning
Network scanningNetwork scanning
Network scanningoceanofwebs
 

Empfohlen

Session hijacking
Session hijackingSession hijacking
Session hijackingGayatri Kapse
 
Alphorm.com Formation Hacking et Sécurité 2020 (3of4) : Attaques Réseaux, Sys...
Alphorm.com Formation Hacking et Sécurité 2020 (3of4) : Attaques Réseaux, Sys...Alphorm.com Formation Hacking et Sécurité 2020 (3of4) : Attaques Réseaux, Sys...
Alphorm.com Formation Hacking et Sécurité 2020 (3of4) : Attaques Réseaux, Sys...Alphorm
 
Arp spoofing
Arp spoofingArp spoofing
Arp spoofingLuthfi Widyanto
 
Proxy servers
Proxy serversProxy servers
Proxy serversKumar
 
Network security
Network securityNetwork security
Network securityTelematika Open Session
 
Etude et mise en place d’un VPN
Etude et mise en place d’un VPNEtude et mise en place d’un VPN
Etude et mise en place d’un VPNCharif Khrichfa
 
Email investigation
Email investigationEmail investigation
Email investigationAnimesh Shaw
 
Network scanning
Network scanningNetwork scanning
Network scanningoceanofwebs
 
DDoS ATTACKS
DDoS ATTACKSDDoS ATTACKS
DDoS ATTACKSAnil Antony
 
Detection of phishing websites
Detection of phishing websitesDetection of phishing websites
Detection of phishing websitesm srikanth
 
Mise en place d’un système de détection
Mise en place d’un système de détectionMise en place d’un système de détection
Mise en place d’un système de détectionManassé Achim kpaya
 
Anti phishing
Anti phishingAnti phishing
Anti phishingShethwala Ridhvesh
 
Packet sniffing in LAN
Packet sniffing in LANPacket sniffing in LAN
Packet sniffing in LANArpit Suthar
 
Prensentation on packet sniffer and injection tool
Prensentation on packet sniffer and injection toolPrensentation on packet sniffer and injection tool
Prensentation on packet sniffer and injection toolIssar Kapadia
 
Suricata
SuricataSuricata
Suricatatex_morgan
 
Lecture 10 intruders
Lecture 10 intrudersLecture 10 intruders
Lecture 10 intrudersrajakhurram
 
Computer Security and Intrusion Detection(IDS/IPS)
Computer Security and Intrusion Detection(IDS/IPS)Computer Security and Intrusion Detection(IDS/IPS)
Computer Security and Intrusion Detection(IDS/IPS)LJ PROJECTS
 
Types of Threat Actors and Attack Vectors
Types of Threat Actors and Attack VectorsTypes of Threat Actors and Attack Vectors
Types of Threat Actors and Attack VectorsLearningwithRayYT
 
Arpspoofing
ArpspoofingArpspoofing
ArpspoofingUTD Computer Security Group
 
Phishing detection & protection scheme
Phishing detection & protection schemePhishing detection & protection scheme
Phishing detection & protection schemeMussavir Shaikh
 
Chapter 8 distributed file systems
Chapter 8 distributed file systemsChapter 8 distributed file systems
Chapter 8 distributed file systemsAbDul ThaYyal
 
Port Scanning
Port ScanningPort Scanning
Port Scanningamiable_indian
 
Arp Poisoning
Arp PoisoningArp Poisoning
Arp PoisoningHouda Elmoutaoukil
 
Virtual Private Network(VPN)
Virtual Private Network(VPN)Virtual Private Network(VPN)
Virtual Private Network(VPN)Abrish06
 
Password sniffing
Password sniffingPassword sniffing
Password sniffingSRIMCA
 
Introduction to foot printing
Introduction to foot printingIntroduction to foot printing
Introduction to foot printingCHETAN THAKRE
 
Ceh v5 module 01 introduction to ethical hacking
Ceh v5 module 01 introduction to ethical hackingCeh v5 module 01 introduction to ethical hacking
Ceh v5 module 01 introduction to ethical hackingVi Tính Hoàng Nam
 
IDS, IPS, IDPS
IDS, IPS, IDPSIDS, IPS, IDPS
IDS, IPS, IDPSMinhaz A V
 
Module 5 Sniffers
Module 5 SniffersModule 5 Sniffers
Module 5 Sniffersleminhvuong
 
Hacking Cisco
Hacking CiscoHacking Cisco
Hacking Ciscoguestd05b31
 

Weitere ähnliche Inhalte

Was ist angesagt?

Detection of phishing websites
Detection of phishing websitesDetection of phishing websites
Detection of phishing websitesm srikanth
 
Mise en place d’un système de détection
Mise en place d’un système de détectionMise en place d’un système de détection
Mise en place d’un système de détectionManassé Achim kpaya
 
Packet sniffing in LAN
Packet sniffing in LANPacket sniffing in LAN
Packet sniffing in LANArpit Suthar
 
Prensentation on packet sniffer and injection tool
Prensentation on packet sniffer and injection toolPrensentation on packet sniffer and injection tool
Prensentation on packet sniffer and injection toolIssar Kapadia
 
Lecture 10 intruders
Lecture 10 intrudersLecture 10 intruders
Lecture 10 intrudersrajakhurram
 
Computer Security and Intrusion Detection(IDS/IPS)
Computer Security and Intrusion Detection(IDS/IPS)Computer Security and Intrusion Detection(IDS/IPS)
Computer Security and Intrusion Detection(IDS/IPS)LJ PROJECTS
 
Types of Threat Actors and Attack Vectors
Types of Threat Actors and Attack VectorsTypes of Threat Actors and Attack Vectors
Types of Threat Actors and Attack VectorsLearningwithRayYT
 
Phishing detection & protection scheme
Phishing detection & protection schemePhishing detection & protection scheme
Phishing detection & protection schemeMussavir Shaikh
 
Chapter 8 distributed file systems
Chapter 8 distributed file systemsChapter 8 distributed file systems
Chapter 8 distributed file systemsAbDul ThaYyal
 
Virtual Private Network(VPN)
Virtual Private Network(VPN)Virtual Private Network(VPN)
Virtual Private Network(VPN)Abrish06
 
Password sniffing
Password sniffingPassword sniffing
Password sniffingSRIMCA
 
Introduction to foot printing
Introduction to foot printingIntroduction to foot printing
Introduction to foot printingCHETAN THAKRE
 
Ceh v5 module 01 introduction to ethical hacking
Ceh v5 module 01 introduction to ethical hackingCeh v5 module 01 introduction to ethical hacking
Ceh v5 module 01 introduction to ethical hackingVi Tính Hoàng Nam
 
IDS, IPS, IDPS
IDS, IPS, IDPSIDS, IPS, IDPS
IDS, IPS, IDPSMinhaz A V
 

Was ist angesagt? (20)

DDoS ATTACKS
DDoS ATTACKSDDoS ATTACKS
DDoS ATTACKS
 
Detection of phishing websites
Detection of phishing websitesDetection of phishing websites
Detection of phishing websites
 
Mise en place d’un système de détection
Mise en place d’un système de détectionMise en place d’un système de détection
Mise en place d’un système de détection
 
Anti phishing
Anti phishingAnti phishing
Anti phishing
 
Packet sniffing in LAN
Packet sniffing in LANPacket sniffing in LAN
Packet sniffing in LAN
 
Prensentation on packet sniffer and injection tool
Prensentation on packet sniffer and injection toolPrensentation on packet sniffer and injection tool
Prensentation on packet sniffer and injection tool
 
Suricata
SuricataSuricata
Suricata
 
Lecture 10 intruders
Lecture 10 intrudersLecture 10 intruders
Lecture 10 intruders
 
Computer Security and Intrusion Detection(IDS/IPS)
Computer Security and Intrusion Detection(IDS/IPS)Computer Security and Intrusion Detection(IDS/IPS)
Computer Security and Intrusion Detection(IDS/IPS)
 
Types of Threat Actors and Attack Vectors
Types of Threat Actors and Attack VectorsTypes of Threat Actors and Attack Vectors
Types of Threat Actors and Attack Vectors
 
Arpspoofing
ArpspoofingArpspoofing
Arpspoofing
 
Phishing detection & protection scheme
Phishing detection & protection schemePhishing detection & protection scheme
Phishing detection & protection scheme
 
Chapter 8 distributed file systems
Chapter 8 distributed file systemsChapter 8 distributed file systems
Chapter 8 distributed file systems
 
Port Scanning
Port ScanningPort Scanning
Port Scanning
 
Arp Poisoning
Arp PoisoningArp Poisoning
Arp Poisoning
 
Virtual Private Network(VPN)
Virtual Private Network(VPN)Virtual Private Network(VPN)
Virtual Private Network(VPN)
 
Password sniffing
Password sniffingPassword sniffing
Password sniffing
 
Introduction to foot printing
Introduction to foot printingIntroduction to foot printing
Introduction to foot printing
 
Ceh v5 module 01 introduction to ethical hacking
Ceh v5 module 01 introduction to ethical hackingCeh v5 module 01 introduction to ethical hacking
Ceh v5 module 01 introduction to ethical hacking
 
IDS, IPS, IDPS
IDS, IPS, IDPSIDS, IPS, IDPS
IDS, IPS, IDPS
 

Ähnlich wie Sniffing via dsniff

Module 5 Sniffers
Module 5 SniffersModule 5 Sniffers
Module 5 Sniffersleminhvuong
 
Internet security
Internet securityInternet security
Internet securitygohel
 
Ethical Hacking - sniffing
Ethical Hacking - sniffingEthical Hacking - sniffing
Ethical Hacking - sniffingBhavya Chawla
 
Lecture 7 Attacker and there tools.pptx
Lecture 7 Attacker and there tools.pptxLecture 7 Attacker and there tools.pptx
Lecture 7 Attacker and there tools.pptxAsmaaLafi1
 
Hacking Cisco Networks and Countermeasures
Hacking Cisco Networks and CountermeasuresHacking Cisco Networks and Countermeasures
Hacking Cisco Networks and Countermeasuresdkaya
 
Network And Application Layer Attacks
Network And Application Layer AttacksNetwork And Application Layer Attacks
Network And Application Layer AttacksArun Modi
 
Hacking Fundamentals - Jen Johnson , Miria Grunick
Hacking Fundamentals - Jen Johnson , Miria GrunickHacking Fundamentals - Jen Johnson , Miria Grunick
Hacking Fundamentals - Jen Johnson , Miria Grunickamiable_indian
 
Module 6 Session Hijacking
Module 6 Session HijackingModule 6 Session Hijacking
Module 6 Session Hijackingleminhvuong
 
Network Penetration Testing
Network Penetration TestingNetwork Penetration Testing
Network Penetration TestingMohammed Adam
 
04-post-connection-attacks.pdf
04-post-connection-attacks.pdf04-post-connection-attacks.pdf
04-post-connection-attacks.pdfxasako1838
 
Detection and analysis_of_syn_flood_ddos
Detection and analysis_of_syn_flood_ddosDetection and analysis_of_syn_flood_ddos
Detection and analysis_of_syn_flood_ddosOleh Stupak
 
Modul 2 - Footprinting Scanning Enumeration.ppt
Modul 2 - Footprinting Scanning Enumeration.pptModul 2 - Footprinting Scanning Enumeration.ppt
Modul 2 - Footprinting Scanning Enumeration.pptcemporku
 
modul2-footprintingscanningenumeration.pdf
modul2-footprintingscanningenumeration.pdfmodul2-footprintingscanningenumeration.pdf
modul2-footprintingscanningenumeration.pdftehkotak4
 

Ähnlich wie Sniffing via dsniff (20)

Module 5 Sniffers
Module 5 SniffersModule 5 Sniffers
Module 5 Sniffers
 
Hacking Cisco
Hacking CiscoHacking Cisco
Hacking Cisco
 
Packet sniffers
Packet sniffersPacket sniffers
Packet sniffers
 
Internet security
Internet securityInternet security
Internet security
 
Internet security
Internet securityInternet security
Internet security
 
DDoS-bdNOG
DDoS-bdNOGDDoS-bdNOG
DDoS-bdNOG
 
Ethical Hacking - sniffing
Ethical Hacking - sniffingEthical Hacking - sniffing
Ethical Hacking - sniffing
 
Lecture 7 Attacker and there tools.pptx
Lecture 7 Attacker and there tools.pptxLecture 7 Attacker and there tools.pptx
Lecture 7 Attacker and there tools.pptx
 
Hacking Cisco Networks and Countermeasures
Hacking Cisco Networks and CountermeasuresHacking Cisco Networks and Countermeasures
Hacking Cisco Networks and Countermeasures
 
Network And Application Layer Attacks
Network And Application Layer AttacksNetwork And Application Layer Attacks
Network And Application Layer Attacks
 
Hacking Fundamentals - Jen Johnson , Miria Grunick
Hacking Fundamentals - Jen Johnson , Miria GrunickHacking Fundamentals - Jen Johnson , Miria Grunick
Hacking Fundamentals - Jen Johnson , Miria Grunick
 
Module 6 Session Hijacking
Module 6 Session HijackingModule 6 Session Hijacking
Module 6 Session Hijacking
 
Network Penetration Testing
Network Penetration TestingNetwork Penetration Testing
Network Penetration Testing
 
04-post-connection-attacks.pdf
04-post-connection-attacks.pdf04-post-connection-attacks.pdf
04-post-connection-attacks.pdf
 
Detection and analysis_of_syn_flood_ddos
Detection and analysis_of_syn_flood_ddosDetection and analysis_of_syn_flood_ddos
Detection and analysis_of_syn_flood_ddos
 
Ceh v5 module 07 sniffers
Ceh v5 module 07 sniffersCeh v5 module 07 sniffers
Ceh v5 module 07 sniffers
 
DDoS Attacks
DDoS AttacksDDoS Attacks
DDoS Attacks
 
Tunneling
TunnelingTunneling
Tunneling
 
Modul 2 - Footprinting Scanning Enumeration.ppt
Modul 2 - Footprinting Scanning Enumeration.pptModul 2 - Footprinting Scanning Enumeration.ppt
Modul 2 - Footprinting Scanning Enumeration.ppt
 
modul2-footprintingscanningenumeration.pdf
modul2-footprintingscanningenumeration.pdfmodul2-footprintingscanningenumeration.pdf
modul2-footprintingscanningenumeration.pdf
 

Kürzlich hochgeladen

Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxDecoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxJoão Esperancinha
 
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...ranjana rawat
 
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Call Girls in Nagpur High Profile
 
Extrusion Processes and Their Limitations
Extrusion Processes and Their LimitationsExtrusion Processes and Their Limitations
Extrusion Processes and Their Limitations120cr0395
 
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSAPPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSKurinjimalarL3
 
Introduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptxIntroduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptxupamatechverse
 
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICSHARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICSRajkumarAkumalla
 
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escortsranjana rawat
 
Porous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingPorous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingrakeshbaidya232001
 
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escortsranjana rawat
 
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...Call Girls in Nagpur High Profile
 
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVHARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVRajaP95
 
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxAsutosh Ranjan
 
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Serviceranjana rawat
 
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130Suhani Kapoor
 

Kürzlich hochgeladen (20)

Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxDecoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
 
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
 
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
 
Roadmap to Membership of RICS - Pathways and Routes
Roadmap to Membership of RICS - Pathways and RoutesRoadmap to Membership of RICS - Pathways and Routes
Roadmap to Membership of RICS - Pathways and Routes
 
Extrusion Processes and Their Limitations
Extrusion Processes and Their LimitationsExtrusion Processes and Their Limitations
Extrusion Processes and Their Limitations
 
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSAPPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
 
Introduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptxIntroduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptx
 
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICSHARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
HARDNESS, FRACTURE TOUGHNESS AND STRENGTH OF CERAMICS
 
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
 
Porous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingPorous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writing
 
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
 
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
 
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVHARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
 
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptx
 
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINEDJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
 
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
 
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
 
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
 

Sniffing via dsniff

  • 2. What is Sniffing ? ● Sniffing is a technique for gaining access through Network-Based attack. ● A sniffer is a program that gathers traffic from the local network, and is useful for attackers looking to swipe data as well as network administrator trying to troubleshoot problems. ● Using sniffer , an attacker can read data passing by a given machine in real time or store the data.
  • 3. What does one sniff ? A sniffer can grab anything sent across the LAN , including ● UserIds and passwords ● Web Pages being visited ● Email messages ● Files shared using the Network File System ● Chat sessions ● DNS queries
  • 4. Non-Promiscuous Mode In non-Promiscous mode, a sniffer gathers data going to and from its host system only. Ethernet controller only gets interrupted when one of the following conditions are met :- ● Destination MAC Address= My MAC Address ● Destination MAC Address= Broadcast MAC ● Destination MAC Address is found in the list of group MAC(Multicast group) All other packets are dropped
  • 5. Promiscuous Mode ● In Promiscuous mode ,a sniffer gathers all traffic passing by the network interface ● The controller passes all traffic it receives to the central processing unit (CPU) rather than passing only the frames that the controller is intended to receive ● This mode is normally used for packet sniffing
  • 6. Types of Sniffing ● Passive Sniffing Sniffing performed on a hub is known as passive sniffing. ● Active Sniffing When sniffing is performed on a switched network,it is known as active sniffing.
  • 8. Passive Sniffing ● In Passive Sniffing any data sent across the LAN is actually sent to each and every machine connected to the LAN. ● Therefore,the sniffer will be able to gather data sent to and from any other system on the LAN.
  • 9. Active Sniffing : Sniffing Throgh a Switch
  • 10. Active Sniffing ● Looks for associated MAC address and sends data only to the required connection on the switch. ● Therefore,the sniffer will be able to see data going to and from its machine only. ● All of the other interesting information flowing on the LAN will be unavailable to the sniffer.
  • 11. Sniffing via switched LAN ● In Active Sniffing we Injects traffic into the LAN to redirect victim’s traffic to attacker ● Active sniffing can be performed by two ways :- 1. MAC flooding 2. Poisoning ARP(address resolution protocol) table
  • 12. Dsniff (Sniffer tool) ● Dsniff is a set of password sniffing and network traffic analysis tools ● Big advantage of Dsniff is the amazing number of protocols that it interpret.Eg Telnet,Ftp,Http ● Nearly every sniffer can dump raw bits grabbed off the network.However , these raw bits are pretty much useless, unless the attacker can interpret what they mean.
  • 13. Foiling Switches with floods ● Initiated via Dsniff’s Macof program ● It works by sending out a flood of traffic with random MAC address on the LAN. ● As the number of different MAC addresses in use on the network increases,the switch dutifully stores the MAC addresses used by each link on the switch. ● When switch’s memory becomes exhausted, the switch will start forwarding data to all links on the switch ● At this point, Dsniff can capture desired packets
  • 14.
  • 15. Foiling Switches with Spoofed ARP Messaged ● Some switches are not subject to this MAC flooding attack because they stop storing new MAC address when the remaining capacity of their memory reaches a given limit. ● To sniff in a switched environment where MAC flooding doesn't work,Dsniff includes a tool called arpspoof ● As the name applies , arpspoof allows an attacker to manipulate Address Resolution Protocol(ARP) traffic
  • 17. Step 1. First we configure the Ip layer of the attacker's machine to forward any traffic it receives from the LAN to the IP address of the default router Step 2. The attacker activates the Dsniff arpspoof program,which sends fake ARP replies to the victim's machine. Step 3. The attacker's fake ARP messages changes the victim's ARP table by remapping the default router's IP address to the attacker's MAC address Essentially,the attacker tells the victim that to access the default router,use the attacker's MAC address,thereby poisoning the ARP table of the Victim. Once the poisoned ARP message takes effect, all traffic from the victim machine to the outside world will be sent to tha attacker's machine. Steps involved in Arpspoofing
  • 18. Steps involved in Arpspoofing Step 4. Victim sends the data,forwarding it to what it thinks is the default router,but using the attacker's MAC address. Step 5. The attacker sniffs the information from the line Step 6. The attackers machine forwards the victim's traffic to the actual default router on the LAN because we configured the attacker's machine for IP forwarding
  • 20. Step 1 – Configure IP Forwarding
  • 21. Check ARP Table before Arpspoof
  • 22. Check ARP Table before Arpspoof
  • 23. Step2 – Send Fake ARP Response to Target Machine
  • 24. Step2 – Send Fake ARP Response to Router
  • 26. URLSNARF – It grabs list of all URLs from HTTP traffic
  • 27. WEBSPY – It views a target web browsing in real time
  • 29.
  • 30. Sniffing and Spoofing DNS ● DNS maps domain names to IP addresses. ● Dsniff includes a program called dnsspoof that lets an attacker send a false DNS response to a victim,which will make the victim access the attacker's machine when they intended to access another machine ● If a user wants to surf to www.icicibank.com,the attacker can trick the client into connecting to the attacker's Web Server, where the attacker could display a fake bank login screen,gathering the victim's userID and password.
  • 31. Step 1. The attacker fires up the dnsspoof program from the Dsniff suite.This program sniffs the LAN. Step 2. The victim tries to resolve the name www.icicibank.com using DNS Step 3. The attacker sniffs the DNS query from the line. Steps involved in Dnsspoof
  • 32. Steps involved in Dnsspoof Step 4. Attacker immediately sends a fake DNS response This response will have a lie, claimimg that www.icicibank.com should resolve to Attackers web server rather than the original server The victim machine will cache this incorrect DNS entry.At some later time,the real response from the real DNS server will arrive,but it will be ignored by the victim's machine Step 5. Finally ,the victim's browser makes a connection with the Attacker's Web Server instead of desired destination
  • 33. A DNS attack using Dsniff
  • 34.
  • 35.
  • 36.
  • 37. Sniffing HTTPS and SSH ● Security in HTTPS and SSH built on a trust model of underlying public key Infrastructure – HTTPS server sends to browser a certificate containing server’s public key signed by a Certificate Authority – SSL connection uses a session key randomly generated by server to encrypt data between server and client – With SSH, a session key is transmitted in an encrypted fashion using a private key stored on the server
  • 38. Sniffing HTTPS and SSH ● Dsniff takes advantage of poor trust decisions made by a clueless user via man-in-the middle attack – Web browser user may trust a certificate that is not signed by a trusted party – SSH user can still connect to a server whose public key has changed ● Name of the tools in the Dsniff suite for attacking HTTPS and SSH are – Webmitm – Sshmitm Here mitm stands for Monkey-in-the-Middle Attack
  • 39. Step 1. The attacker first runs the dnsspoof program configured to send false DNS information so that a DNS query for a given Web-Site will resolve to the attacker's IP address.Additionally,the attacker activates the webmitm program which will trnsparently proxy all HTTP and HTTPS traffic. Step 2. The dnsspoof program detects a DNS request and send a DNS reply directing the client to the attacker's machine Step 3 Victim's browser start to establish an SSL connection. Steps involved in Sniffing an HTTPS connection
  • 40. Steps involved in Sniffing an HTTPS connection Step 4 Webmitm then acts as an SSL proxy, establishing two separate SSL connections: --one from the victim to the attacker's machine by sending its own certificate ,and --the other from the attacker's machine to the actual Web Server. Step 5 As far as the Web Server is concerned, it has established a valid SSL connection with the client,not knowing that it is actually communicating with the attacker's machine in the middle
  • 41. Sniffing an HTTPS connection
  • 42.
  • 43.
  • 44. Bogus Certificate ● Webmitm must send the attacker's certificate to the victim so that the attacker can establish its own SSL connection with the victim to decrypt the data passed from the browser. ● When the victim's browser establishes the SSL session to the attacker,it will notice that certificate is not signed by a trusted Certificate authority. ● The browser will notice that the DNS name in the certificate does not match the name of the website that the user is trying to access.
  • 45.
  • 46.
  • 47.
  • 48. Dsniff’s sshmitm ● Allows attacker to view data sent across an SSH session ● Supports sniffing of SSH protocol version 1 ● Just like the Web browsers, the SSH client will complain that it doesn't recognize the public key inserted by the attacker
  • 49.
  • 50.
  • 51. TCPNICE ● It forces other connection to “play nice” with their tcp connections ● It basically reduces the speed of TCP connection by following methods --Inject TCP tiny window advertisements. --Inject ICMP source quench replies. --Inject ICMP fragmentation-needed replies with tiny next-hop MTUs. ● It lets the attacker slow such connections down so a sniffing tool can more easily keep the data.
  • 52.
  • 53.
  • 54.
  • 55. TCPKILL ● It terminate the existing/in-progress TCP connection ● It’s usage is very primitive ( kill all connections from port number xx , or from IP address x.x.x.x etc ) ● It allows attacker to sniff the UserID and password on subsequent new session
  • 56.
  • 57.
  • 58. Sniffing Defenses ● Use HTTPS for encrypted web traffic ● Use SSH for encrypted login sessions ● Pay attention to warning messages on your browser and SSH client ● Get rid of hubs ● Use static ARP tables on the end systems,hard coding the MAC addresses for all systems on the LAN