MITM Labs/Dsniffing Over Wifi: Difference between revisions
From charlesreid1
(→Sheep) |
|||
| Line 22: | Line 22: | ||
===Sheep=== | ===Sheep=== | ||
Sheep will be generating web | Sheep will be generating web/ssh/email/dropbox traffic. The sheep needs basic programs to do that stuff. | ||
===Attacker=== | ===Attacker=== | ||
Revision as of 03:36, 21 August 2016
Lab Overview
Scenario
The scenario for this laboratory is an attacker and a sheep using laptops on the same wireless network. The goal here is to sniff the sheep's traffic over the network using Dsniff. Let's talk about what Dsniff does and does not do.
The Dsniff suite provides tools that read network traffic and search for interesting information/credentials - that's it. That means that we (the attacker) need to be able to read the sheep's network traffic before we can use Dsniff.
How we read the sheep's traffic depends on the type of network we're on.
- Wired networks: Man in the Middle/Wired
- You must determine whether you're on a network switch or a network hub
- Network switches selectively broadcast traffic from the gateway to the specific port corresponding to the intended destination node (this is determined using the ARP table, which maps MAC addresses to ports)
- Network hubs broadcast all traffic to all ports, so all traffic is visible to all nodes, and nodes simply ignore traffic not intended fro them
- Wireless networks: Man in the Middle/Wireless
Setting Up
Wifi Network
This will use a standard wifi network that both the sheep and attacker can connect to. They should be on the same subnet.
Sheep
Sheep will be generating web/ssh/email/dropbox traffic. The sheep needs basic programs to do that stuff.
Attacker
The attacker will need Dsniff. Other recon tools?