NETWORK SNIFFING - Eman Alashwali · WHAT IS NETWORK SNIFFING ? Network analysis = Packet Analysis...
Transcript of NETWORK SNIFFING - Eman Alashwali · WHAT IS NETWORK SNIFFING ? Network analysis = Packet Analysis...
![Page 1: NETWORK SNIFFING - Eman Alashwali · WHAT IS NETWORK SNIFFING ? Network analysis = Packet Analysis = Eavesdropping Capturing network traffic and inspecting it closely to determine](https://reader034.fdocuments.in/reader034/viewer/2022052519/5f101edd7e708231d4478c39/html5/thumbnails/1.jpg)
NETWORK SNIFFING With a focus on the risks of insecure login in
Universities Online Systems
By: Eman Alashwali
Image source: http://alsoalso.net/criminal-crab/
![Page 2: NETWORK SNIFFING - Eman Alashwali · WHAT IS NETWORK SNIFFING ? Network analysis = Packet Analysis = Eavesdropping Capturing network traffic and inspecting it closely to determine](https://reader034.fdocuments.in/reader034/viewer/2022052519/5f101edd7e708231d4478c39/html5/thumbnails/2.jpg)
OUTLINE
Sniffing: What? Why? Who? How?
Sniffing Tools
Risks
The Goal
Illustration Examples
Real World Example
Defences
Conclusion
![Page 3: NETWORK SNIFFING - Eman Alashwali · WHAT IS NETWORK SNIFFING ? Network analysis = Packet Analysis = Eavesdropping Capturing network traffic and inspecting it closely to determine](https://reader034.fdocuments.in/reader034/viewer/2022052519/5f101edd7e708231d4478c39/html5/thumbnails/3.jpg)
WHAT IS NETWORK SNIFFING ?
Network analysis = Packet Analysis = Eavesdropping
Capturing network traffic and inspecting it closely to determine what is happening on the network
![Page 4: NETWORK SNIFFING - Eman Alashwali · WHAT IS NETWORK SNIFFING ? Network analysis = Packet Analysis = Eavesdropping Capturing network traffic and inspecting it closely to determine](https://reader034.fdocuments.in/reader034/viewer/2022052519/5f101edd7e708231d4478c39/html5/thumbnails/4.jpg)
WHY SNIFFING ?
Troubleshooting problems on the network
Analysing the performance of a network
Discovering the origin of virus
Detect Denial of Service (DoS) attacks
Educational purposes
Malicious purposes
![Page 5: NETWORK SNIFFING - Eman Alashwali · WHAT IS NETWORK SNIFFING ? Network analysis = Packet Analysis = Eavesdropping Capturing network traffic and inspecting it closely to determine](https://reader034.fdocuments.in/reader034/viewer/2022052519/5f101edd7e708231d4478c39/html5/thumbnails/5.jpg)
WHO ?
System administrators
Network engineers
Security engineers
Researchers and Teachers
Attackers
![Page 6: NETWORK SNIFFING - Eman Alashwali · WHAT IS NETWORK SNIFFING ? Network analysis = Packet Analysis = Eavesdropping Capturing network traffic and inspecting it closely to determine](https://reader034.fdocuments.in/reader034/viewer/2022052519/5f101edd7e708231d4478c39/html5/thumbnails/6.jpg)
HOW SNIFFING WORKS?
Non-switched (shared bus broadcast) networks
The message is sent to all machines over the network
NIC checks the destination address
NIC accepts the packet if it has the machine’s address
Otherwise, it discards it
![Page 7: NETWORK SNIFFING - Eman Alashwali · WHAT IS NETWORK SNIFFING ? Network analysis = Packet Analysis = Eavesdropping Capturing network traffic and inspecting it closely to determine](https://reader034.fdocuments.in/reader034/viewer/2022052519/5f101edd7e708231d4478c39/html5/thumbnails/7.jpg)
HOW SNIFFING ?
Put the NIC into “promiscuous mode”
The NIC does not discard packets not addressed to its machine
![Page 8: NETWORK SNIFFING - Eman Alashwali · WHAT IS NETWORK SNIFFING ? Network analysis = Packet Analysis = Eavesdropping Capturing network traffic and inspecting it closely to determine](https://reader034.fdocuments.in/reader034/viewer/2022052519/5f101edd7e708231d4478c39/html5/thumbnails/8.jpg)
OUTLINE
What? Why? How? Who?
Sniffing Tools
Risks
The Goal
Illustration Examples
Real World Example
Defences
Conclusion
![Page 9: NETWORK SNIFFING - Eman Alashwali · WHAT IS NETWORK SNIFFING ? Network analysis = Packet Analysis = Eavesdropping Capturing network traffic and inspecting it closely to determine](https://reader034.fdocuments.in/reader034/viewer/2022052519/5f101edd7e708231d4478c39/html5/thumbnails/9.jpg)
SNIFFING TOOLS
Programs used to decode packets that travels across the network layer of the TCP/IP and display them in a readable format
![Page 10: NETWORK SNIFFING - Eman Alashwali · WHAT IS NETWORK SNIFFING ? Network analysis = Packet Analysis = Eavesdropping Capturing network traffic and inspecting it closely to determine](https://reader034.fdocuments.in/reader034/viewer/2022052519/5f101edd7e708231d4478c39/html5/thumbnails/10.jpg)
EXAMPLES SNIFFING TOOLS
Wireshark
Cain & Abel (Windows)
Tcpdump (Unx based systems)
Windum (Windows version of Tcpdump)
Dsniff (Different platforms)
Ettercap (Windows, Linux)
Packetyzer (Windows)
![Page 11: NETWORK SNIFFING - Eman Alashwali · WHAT IS NETWORK SNIFFING ? Network analysis = Packet Analysis = Eavesdropping Capturing network traffic and inspecting it closely to determine](https://reader034.fdocuments.in/reader034/viewer/2022052519/5f101edd7e708231d4478c39/html5/thumbnails/11.jpg)
WIRESHARK
Filter
Summary
Protocol Tree Windows
Data View Windows
![Page 12: NETWORK SNIFFING - Eman Alashwali · WHAT IS NETWORK SNIFFING ? Network analysis = Packet Analysis = Eavesdropping Capturing network traffic and inspecting it closely to determine](https://reader034.fdocuments.in/reader034/viewer/2022052519/5f101edd7e708231d4478c39/html5/thumbnails/12.jpg)
Cain & Abel
Permit sniffing on a switched network.
Passwords
ARP Poisoning
![Page 13: NETWORK SNIFFING - Eman Alashwali · WHAT IS NETWORK SNIFFING ? Network analysis = Packet Analysis = Eavesdropping Capturing network traffic and inspecting it closely to determine](https://reader034.fdocuments.in/reader034/viewer/2022052519/5f101edd7e708231d4478c39/html5/thumbnails/13.jpg)
OUTLINE
What? Why? How? Who?
Sniffing Tools
Risks
The Goal
Illustration Examples
Real World Example
Defences
Conclusion
![Page 14: NETWORK SNIFFING - Eman Alashwali · WHAT IS NETWORK SNIFFING ? Network analysis = Packet Analysis = Eavesdropping Capturing network traffic and inspecting it closely to determine](https://reader034.fdocuments.in/reader034/viewer/2022052519/5f101edd7e708231d4478c39/html5/thumbnails/14.jpg)
RISKS
Capturing cleartext usernames and passwords
Compromising proprietary information
![Page 15: NETWORK SNIFFING - Eman Alashwali · WHAT IS NETWORK SNIFFING ? Network analysis = Packet Analysis = Eavesdropping Capturing network traffic and inspecting it closely to determine](https://reader034.fdocuments.in/reader034/viewer/2022052519/5f101edd7e708231d4478c39/html5/thumbnails/15.jpg)
OUTLINE
What? Why? How? Who?
Sniffing Tools
Risks
The Goal
Illustration Examples
Real World Example
Defences
Conclusion
![Page 16: NETWORK SNIFFING - Eman Alashwali · WHAT IS NETWORK SNIFFING ? Network analysis = Packet Analysis = Eavesdropping Capturing network traffic and inspecting it closely to determine](https://reader034.fdocuments.in/reader034/viewer/2022052519/5f101edd7e708231d4478c39/html5/thumbnails/16.jpg)
OUR GOAL
Demonstrate the risks of insecure login
Stress the importance of secure login in educational electronic systems, specially online systems
![Page 17: NETWORK SNIFFING - Eman Alashwali · WHAT IS NETWORK SNIFFING ? Network analysis = Packet Analysis = Eavesdropping Capturing network traffic and inspecting it closely to determine](https://reader034.fdocuments.in/reader034/viewer/2022052519/5f101edd7e708231d4478c39/html5/thumbnails/17.jpg)
OUTLINE
What? Why? How? Who?
Sniffing Tools
Risks
The Goal
Illustration Examples
Real World Example
Defences
Conclusion
![Page 18: NETWORK SNIFFING - Eman Alashwali · WHAT IS NETWORK SNIFFING ? Network analysis = Packet Analysis = Eavesdropping Capturing network traffic and inspecting it closely to determine](https://reader034.fdocuments.in/reader034/viewer/2022052519/5f101edd7e708231d4478c39/html5/thumbnails/18.jpg)
“ ENOUGH TALK .. LET’S GET TO WORK”
![Page 19: NETWORK SNIFFING - Eman Alashwali · WHAT IS NETWORK SNIFFING ? Network analysis = Packet Analysis = Eavesdropping Capturing network traffic and inspecting it closely to determine](https://reader034.fdocuments.in/reader034/viewer/2022052519/5f101edd7e708231d4478c39/html5/thumbnails/19.jpg)
TOPOLOGY
Orange Cables: PC1 & PC2
White Cables: Uplink from the Hub to the Switch
Orange Cable: To the Lab actual Switch
HUB
Switch
![Page 20: NETWORK SNIFFING - Eman Alashwali · WHAT IS NETWORK SNIFFING ? Network analysis = Packet Analysis = Eavesdropping Capturing network traffic and inspecting it closely to determine](https://reader034.fdocuments.in/reader034/viewer/2022052519/5f101edd7e708231d4478c39/html5/thumbnails/20.jpg)
REQUIREMENTS
HW:
Switch; Hub; Two Laptops
Services:
Internet; Web hosting
SW:
Programming with PHP and MySQL
Sniffing tools: Wireshark; Cane & Abel
Operating Systems: Linux (Ubuntu 11) & Windows 7
Simulating educational system (editing grades)
![Page 21: NETWORK SNIFFING - Eman Alashwali · WHAT IS NETWORK SNIFFING ? Network analysis = Packet Analysis = Eavesdropping Capturing network traffic and inspecting it closely to determine](https://reader034.fdocuments.in/reader034/viewer/2022052519/5f101edd7e708231d4478c39/html5/thumbnails/21.jpg)
DATABASE
users
userID
username
password
testcw
students
stdID
studentname
studentcourse
studentgrade
![Page 22: NETWORK SNIFFING - Eman Alashwali · WHAT IS NETWORK SNIFFING ? Network analysis = Packet Analysis = Eavesdropping Capturing network traffic and inspecting it closely to determine](https://reader034.fdocuments.in/reader034/viewer/2022052519/5f101edd7e708231d4478c39/html5/thumbnails/22.jpg)
DATABASE
![Page 23: NETWORK SNIFFING - Eman Alashwali · WHAT IS NETWORK SNIFFING ? Network analysis = Packet Analysis = Eavesdropping Capturing network traffic and inspecting it closely to determine](https://reader034.fdocuments.in/reader034/viewer/2022052519/5f101edd7e708231d4478c39/html5/thumbnails/23.jpg)
WEB PAGES
Login Page
Successful YES NO
View Grades Page
Edit Grades Page
Error Create a Session
Submit
Update the Database
Logout
Index.html
view.php
edit.php
logout.php
userLogin.php
connect-db.php
![Page 24: NETWORK SNIFFING - Eman Alashwali · WHAT IS NETWORK SNIFFING ? Network analysis = Packet Analysis = Eavesdropping Capturing network traffic and inspecting it closely to determine](https://reader034.fdocuments.in/reader034/viewer/2022052519/5f101edd7e708231d4478c39/html5/thumbnails/24.jpg)
WEB PAGES
![Page 25: NETWORK SNIFFING - Eman Alashwali · WHAT IS NETWORK SNIFFING ? Network analysis = Packet Analysis = Eavesdropping Capturing network traffic and inspecting it closely to determine](https://reader034.fdocuments.in/reader034/viewer/2022052519/5f101edd7e708231d4478c39/html5/thumbnails/25.jpg)
1. CLEARTEXT PASSWORD SNIFFING
The User’s Side
1
2
Image source: http://alsoalso.net/criminal-crab/
![Page 26: NETWORK SNIFFING - Eman Alashwali · WHAT IS NETWORK SNIFFING ? Network analysis = Packet Analysis = Eavesdropping Capturing network traffic and inspecting it closely to determine](https://reader034.fdocuments.in/reader034/viewer/2022052519/5f101edd7e708231d4478c39/html5/thumbnails/26.jpg)
1. CLEARTEXT PASSWORD SNIFFING
Running Cain and Abel sniffing tool
The attacker’s Side
![Page 27: NETWORK SNIFFING - Eman Alashwali · WHAT IS NETWORK SNIFFING ? Network analysis = Packet Analysis = Eavesdropping Capturing network traffic and inspecting it closely to determine](https://reader034.fdocuments.in/reader034/viewer/2022052519/5f101edd7e708231d4478c39/html5/thumbnails/27.jpg)
1. CLEARTEXT PASSWORD SNIFFING
The attacker owns the legitimate user’s credentials
Image source: http://alsoalso.net/criminal-crab/
![Page 28: NETWORK SNIFFING - Eman Alashwali · WHAT IS NETWORK SNIFFING ? Network analysis = Packet Analysis = Eavesdropping Capturing network traffic and inspecting it closely to determine](https://reader034.fdocuments.in/reader034/viewer/2022052519/5f101edd7e708231d4478c39/html5/thumbnails/28.jpg)
2. SESSION HIJACKING
The User’s Side
1
2
3
![Page 29: NETWORK SNIFFING - Eman Alashwali · WHAT IS NETWORK SNIFFING ? Network analysis = Packet Analysis = Eavesdropping Capturing network traffic and inspecting it closely to determine](https://reader034.fdocuments.in/reader034/viewer/2022052519/5f101edd7e708231d4478c39/html5/thumbnails/29.jpg)
2. SESSION HIJACKING
Bob is not Happy !!
I want it ‘A’
Image source: http://alsoalso.net/criminal-crab/
![Page 30: NETWORK SNIFFING - Eman Alashwali · WHAT IS NETWORK SNIFFING ? Network analysis = Packet Analysis = Eavesdropping Capturing network traffic and inspecting it closely to determine](https://reader034.fdocuments.in/reader034/viewer/2022052519/5f101edd7e708231d4478c39/html5/thumbnails/30.jpg)
2. SESSION HIJACKING
The Attacker’s Side
Sniff cookies Running Wireshark
![Page 31: NETWORK SNIFFING - Eman Alashwali · WHAT IS NETWORK SNIFFING ? Network analysis = Packet Analysis = Eavesdropping Capturing network traffic and inspecting it closely to determine](https://reader034.fdocuments.in/reader034/viewer/2022052519/5f101edd7e708231d4478c39/html5/thumbnails/31.jpg)
2. SESSION HIJACKING
Inject cookies values in his browser
Some free tools: Cookies Manager+ for Firefox
![Page 32: NETWORK SNIFFING - Eman Alashwali · WHAT IS NETWORK SNIFFING ? Network analysis = Packet Analysis = Eavesdropping Capturing network traffic and inspecting it closely to determine](https://reader034.fdocuments.in/reader034/viewer/2022052519/5f101edd7e708231d4478c39/html5/thumbnails/32.jpg)
2. SESSION HIJACKING
Copy the full request URL and he has the legitimate user’s session
![Page 33: NETWORK SNIFFING - Eman Alashwali · WHAT IS NETWORK SNIFFING ? Network analysis = Packet Analysis = Eavesdropping Capturing network traffic and inspecting it closely to determine](https://reader034.fdocuments.in/reader034/viewer/2022052519/5f101edd7e708231d4478c39/html5/thumbnails/33.jpg)
2. SESSION HIJACKING
What’s next ??
![Page 34: NETWORK SNIFFING - Eman Alashwali · WHAT IS NETWORK SNIFFING ? Network analysis = Packet Analysis = Eavesdropping Capturing network traffic and inspecting it closely to determine](https://reader034.fdocuments.in/reader034/viewer/2022052519/5f101edd7e708231d4478c39/html5/thumbnails/34.jpg)
2. SESSION HIJACKING
What’s next ??
![Page 35: NETWORK SNIFFING - Eman Alashwali · WHAT IS NETWORK SNIFFING ? Network analysis = Packet Analysis = Eavesdropping Capturing network traffic and inspecting it closely to determine](https://reader034.fdocuments.in/reader034/viewer/2022052519/5f101edd7e708231d4478c39/html5/thumbnails/35.jpg)
IN REALITY ?
Yes. Many universities websites around the world are vulnerable to such attacks.
![Page 36: NETWORK SNIFFING - Eman Alashwali · WHAT IS NETWORK SNIFFING ? Network analysis = Packet Analysis = Eavesdropping Capturing network traffic and inspecting it closely to determine](https://reader034.fdocuments.in/reader034/viewer/2022052519/5f101edd7e708231d4478c39/html5/thumbnails/36.jpg)
IN REALITY ?
![Page 37: NETWORK SNIFFING - Eman Alashwali · WHAT IS NETWORK SNIFFING ? Network analysis = Packet Analysis = Eavesdropping Capturing network traffic and inspecting it closely to determine](https://reader034.fdocuments.in/reader034/viewer/2022052519/5f101edd7e708231d4478c39/html5/thumbnails/37.jpg)
OUTLINE
What? Why? How? Who?
Sniffing Tools
Risks
The Goal
Illustration Examples
Real World Example
Defences
Conclusion
![Page 38: NETWORK SNIFFING - Eman Alashwali · WHAT IS NETWORK SNIFFING ? Network analysis = Packet Analysis = Eavesdropping Capturing network traffic and inspecting it closely to determine](https://reader034.fdocuments.in/reader034/viewer/2022052519/5f101edd7e708231d4478c39/html5/thumbnails/38.jpg)
IN REALITY
ABC University online exam system in Egypt
![Page 39: NETWORK SNIFFING - Eman Alashwali · WHAT IS NETWORK SNIFFING ? Network analysis = Packet Analysis = Eavesdropping Capturing network traffic and inspecting it closely to determine](https://reader034.fdocuments.in/reader034/viewer/2022052519/5f101edd7e708231d4478c39/html5/thumbnails/39.jpg)
Add exams *
Faculty member *
Students *
Postgraduates *
Text followed by ‘*’ is translated by me
![Page 40: NETWORK SNIFFING - Eman Alashwali · WHAT IS NETWORK SNIFFING ? Network analysis = Packet Analysis = Eavesdropping Capturing network traffic and inspecting it closely to determine](https://reader034.fdocuments.in/reader034/viewer/2022052519/5f101edd7e708231d4478c39/html5/thumbnails/40.jpg)
OUTLINE
What? Why? How? Who?
Sniffing Tools
Risks
The Goal
Illustration Examples
Real World Example
Defences
Conclusion
![Page 41: NETWORK SNIFFING - Eman Alashwali · WHAT IS NETWORK SNIFFING ? Network analysis = Packet Analysis = Eavesdropping Capturing network traffic and inspecting it closely to determine](https://reader034.fdocuments.in/reader034/viewer/2022052519/5f101edd7e708231d4478c39/html5/thumbnails/41.jpg)
DEFENCES
Switched network
Encryption
Secure Sockets Layer (SSL)/Transport Layer Security (TLS)
SSH
One Time Password (OTP)
![Page 42: NETWORK SNIFFING - Eman Alashwali · WHAT IS NETWORK SNIFFING ? Network analysis = Packet Analysis = Eavesdropping Capturing network traffic and inspecting it closely to determine](https://reader034.fdocuments.in/reader034/viewer/2022052519/5f101edd7e708231d4478c39/html5/thumbnails/42.jpg)
OUTLINE
What? Why? How? Who?
Sniffing Tools
Risks
The Goal
Illustration Examples
Real World Example
Defences
Conclusion
![Page 43: NETWORK SNIFFING - Eman Alashwali · WHAT IS NETWORK SNIFFING ? Network analysis = Packet Analysis = Eavesdropping Capturing network traffic and inspecting it closely to determine](https://reader034.fdocuments.in/reader034/viewer/2022052519/5f101edd7e708231d4478c39/html5/thumbnails/43.jpg)
CONCLUSION
“ Your data isn’t safe on public networks. You may not even realize the extent to which that statement is true” (Adrian Hannah, 2011)
Sensitive data must be encrypted
Universities must ensure Confidentiality, Integrity and Availability for their systems users.
![Page 44: NETWORK SNIFFING - Eman Alashwali · WHAT IS NETWORK SNIFFING ? Network analysis = Packet Analysis = Eavesdropping Capturing network traffic and inspecting it closely to determine](https://reader034.fdocuments.in/reader034/viewer/2022052519/5f101edd7e708231d4478c39/html5/thumbnails/44.jpg)
FUTURE WORK
Test Wireless sniffing
Preliminary observation: It was not possible to capture http packets in UCL wireless network
Need more testing
I could not perform it due to lack of time
Awareness about such risks
![Page 45: NETWORK SNIFFING - Eman Alashwali · WHAT IS NETWORK SNIFFING ? Network analysis = Packet Analysis = Eavesdropping Capturing network traffic and inspecting it closely to determine](https://reader034.fdocuments.in/reader034/viewer/2022052519/5f101edd7e708231d4478c39/html5/thumbnails/45.jpg)
THANK YOU
![Page 46: NETWORK SNIFFING - Eman Alashwali · WHAT IS NETWORK SNIFFING ? Network analysis = Packet Analysis = Eavesdropping Capturing network traffic and inspecting it closely to determine](https://reader034.fdocuments.in/reader034/viewer/2022052519/5f101edd7e708231d4478c39/html5/thumbnails/46.jpg)
QUESTIONS ?
![Page 47: NETWORK SNIFFING - Eman Alashwali · WHAT IS NETWORK SNIFFING ? Network analysis = Packet Analysis = Eavesdropping Capturing network traffic and inspecting it closely to determine](https://reader034.fdocuments.in/reader034/viewer/2022052519/5f101edd7e708231d4478c39/html5/thumbnails/47.jpg)
REFERENCES
[1] S. Ansari, R. S.G., and C. H.S., “Packet Sniffing: A Brief Introduction,” Potentials, IEEE, vol. 21, no. 5, pp. 17-19.
[2] A. Orebaugh, R. Gilbert, J. Burke, J. Wright, and G. Morris, Wireshark & Ethereal Network Protocol Analyzer Toolkit. Rockland, MA: Syngress, 2007, pp. 1-554.
[3] A. Hannah, “Packet Sniffig Basics,” Linux Journal, vol. 2011, no. 210, 2011.
[4] T. King (2006), Packet Sniffing in a Switched Environment. SANS Institute. Retrieved March 21, 2012, from http://www.sans.org/reading_room/whitepapers/networkdevs/packet-sniffing-switched-environment_244
[5] M. Montoro (2009). Cain & Abel - User Manual. [Online]. Available: http://www.oxid.it
[6] U. Lamping , R. Sharpe , E. Warnicke (2011). Wireshark User's Guide. [Online]. Available: http://www.wireshark.org/docs/wsug_html_chunked/
Images: Image source: http://alsoalso.net/criminal-crab/