Lab Overview

Scenario

The scenario for this laboratory is an attacker and a sheep using laptops on the same wireless network. The goal here is to sniff the sheep's traffic over the network using Dsniff. Let's talk about what Dsniff does and does not do.

The Dsniff suite provides tools that read network traffic and search for interesting information/credentials - that's it. That means that we (the attacker) need to be able to read the sheep's network traffic before we can use Dsniff.

How we read the sheep's traffic depends on the type of network we're on.

• Wired networks: Man in the Middle/Wired
  • You must determine whether you're on a network switch or a network hub
  • Network switches selectively broadcast traffic from the gateway to the specific port corresponding to the intended destination node (this is determined using the ARP table, which maps MAC addresses to ports)
  • Network hubs broadcast all traffic to all ports, so all traffic is visible to all nodes, and nodes simply ignore traffic not intended fro them
• Wireless networks: Man in the Middle/Wireless

Setting Up

Wifi Network

This laboratory used a standard wifi network, which both the sheep and the attacker were connected to.

Sheep

Sheep will be generating web, ssh, and email traffic. (Dropbox would be nice too.) Just needs basic programs to do that stuff.

Attacker

The attacker will need Dsniff. Other recon tools?

Flags