20,199,301 2019-2020-2 "network attack and defense practice," the fourth week of work

Others 2020-03-26 07:52:19 views: null

20,199,301 2019-2020-2 "network attack and defense practice," the fourth week of work

First, practice content

1, a network sniffer

  • Network sniffing defined: sniffer (Sniff) is a technique used by hackers eavesdropping, and traditional telephone tapping similarly monitor the content of a particular number on the telephone line, a network interface using a destination computer is a network sniffer data packets of other computer user account password in order to monitor the data stream contained or private information.
  • Network sniffing technology and tools category: classified according to the link-layer network monitor, Ethernet (Ethernet) and Wi-Fi is wired LAN (Local Access Network, LAN) and wireless LAN (Wireless Local Access Network, WLAN) the most popular link layer protocol, is currently the main monitor network sniffer object. According to implement into the form of software and hardware sniffer sniffer two kinds.

2, network sniffer principles

  • Ethernet works: a shared communications channel, it uses a carrier sense / collision detection (CSMA / CD) to avoid communication conflicts shared link. Ethernet data is transmitted in the "frame" as a unit, the transmission header contains the source and destination MAC address. Shared channel, upon receiving the card data and the card will only receive data matches own MAC address.
  • Shared Network sniffing: mainly a hub (the Hub) is connected, which is based on a bus topology network manner, physically extensive.
  • Switched Network sniffing: The main switch is set, the data frames through the switch to forward data.
    • MAC address flooding attack; pointing switch sends a data packet containing a large number of fictitious MAC address and IP address, so that the switch "MAC address - port mapping table" can not handle the overflow, so that the switch into the so-called "fail open" mode, i.e. He started a similar hub works, broadcast packets to all ports, which makes network sniffer and will become as easy as in a shared network environment.

3, a network sniffer

  • Network sniffer software on UNIX-based platforms are generally standard interfaces BPF and libcap, the most common include development libraries libcap Ethereal, tcpdump and wireshark sniffer software.
  • On the Windows platform there are a lot of network sniffer software, BPF on UNIX-like platforms / libpcap / tcpdump sniffer standard interface program has a corresponding portable version on the Windows platform, namely NPF / winpcap / windump, the famous open source network sniffer software wireshark also have Windows versions.

4, network sniffing detection and prevention

  • Network sniffer is detected: on the same host, may be in promiscuous mode, by checking whether the card is found to be running orthographic ah listening sniffer. Further characteristics may be based on different operating systems and promiscuous mode protocol stack, sniffer to detect other hosts on the network.
  • Network sniffer precautions:
    • The use of a secure network topology
    • Instead of the dynamic or static ARP mechanism with the port mapping table MAC-
    • Pay attention to safety precautions centralized location point of network data transmission
    • Avoid the use of password transmission network protocol or sensitive information

Second, practice

A practice: tcpdump

  • Practice Requirements: tcpdump use open source software to access the site www.tianya.cn process on this machine sniffing, answer the question: when you visit www.tianya.cn Home, the browser how many Web server access? What are their IP address?

Practice two: Wireshark

  • Practice Task: Use Wireshark open source software on the machine to telnet to log BBS sniffing and protocol analysis, answer the following questions and give the operation:

    • (1) What IP address and port BBS server you are logged each a?
    • (2) telnet protocol is how to transfer the username you entered the server login and password?
    • (3) how to use Wireshark packet sniffer analysis, and obtain your user name and login password?
      First open wireshark XP, type in cmd telnet bbs.fudan.edu.cn


      account: luoqu Password: 1234

  • You can see the IP address is: 202.120.225.9. Port number: 23

Use follow tcp stream to obtain a user name and password as shown:

  • Acquired user name (luoqu) and password (1234) when the same registration.

Practice Three: forensic analysis practice (decoding network scanning)

  • problem:

    • 1. What is the attacking host IP address?
    • 2. What is the IP address of the target network scanning is?
    • 3. This case was initiated by the use of these tools which scan port scan? How did you determine?
    • 4. log file that you analyzed, the attacker uses a scanning method which, what is the destination port scanning, and describe how it works.
    • 5. found on the honeypot which ports are open?
    • 6. Bonus question: What operating system attacks the host is?
      Download class courses in listen.pcap, use Wireshark to open the analysis was:


      we can see a large number of packets sent between 172.31.4.178 and 172.31.4.188

  • So attacking host IP address: 172.31.4.178

  • Destination IP address: 172.31.4.188

  • By nmap port scan tool. Into the shared folder, run the sudo snort -A console -q -u snort -c /etc/snort/snort.conf -r listen.pcapresults:

Do filtered through arp, to find the target IP address: 172.31.4.188 host:

Filtering out icmp, determine the target host in the active state:

Tcp filtered out

Use tcp.flags.syn == 1 and tcp.flags.ack == 1to identify a SYN | ACK packet.

  • Can determine what ports open: 21,22,23,25,53,80,139,445,3306,3632,5432,8009,8180



  • So drone using a Linux system.

Third, the problems encountered in the study and solution:

  • One problem: often not what they do not even have access kali
  • Second problem: kali's ifconfigcommand has been a problem
    • Workaround: Use the Whereis ifconfigfind command in the directory
      found in / sbin
      add the environment variable export PATH=$PATH:/sbin
      (but still restart reduction, need to find ways to slowly repeat it.!)

Fourth, the practice summary

Wireshark to have a preliminary understanding of the principle of sniffer in this chapter are slowly understanding the practice (practice really is very important) point.
We found in the network attack and defense practice do need to have a similar kind of "gossip heart." We will find ways to use various channels to find the answers they wanted.
Not know to ask, on the investigation.

Guess you like

Origin www.cnblogs.com/lsqz/p/12571925.html
Recommended
Face Wall Intelligence releases the Eurux-8x22B open source large model - it can be called the "science champion"
Kaiyuan Daily | Google supports Hongmeng to take over; open source Rabbit R1; Android phones supported by Docker; Microsoft’s anxiety and ambition; Haier Electric shuts down the open platform
Ranking
Jianzhi offer interview questions 68-II. The nearest common ancestor of a binary tree (recursive)
jQuery Mobile development 1-UI components
Summary of Kotlin function knowledge
[ZZ] The Naked Truth About Anisotropic Filtering
Diagnosis: record a recovery of abnormal CRASH storage caused the database to be unable to be opened normally
Redis introduction and Linux installation Redis
Experiment 2 Introduction to switches
glances open source command-line system monitoring tools introduced
Use of selector
vue3 handwriting a carousel picture
Daily
More
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)

Code World

© 2018 codetd.com