Experiment 2

People's Public Security University of China

Chinese people’ public security university

Student ID 201521440043

cyber countermeasures

experimental report

Experiment 2

Network Sniffing and Spoofing

student name	Ma Zichen
grade	Class of 2015
District team	4
mentor	Takami

School of Information Technology and Cyber Security

March 31 , 2018

General outline of experimental tasks

The second semester of the 2017-2018 school year

1. The purpose of the experiment

1 . Deepen and digest the teaching content of this course, and review the Internet search skills, methods and techniques learned;

2 . Understand and be familiar with common network sniffing methods, master the use of common packet capture software and filtering skills, and be able to analyze basic network behaviors for a given data packet; master the basic principles of ARP spoofing and DNS attack methods based on ARP spoofing ;

3 . To achieve the purpose of consolidating course knowledge and practical application.

2. Experimental requirements

1 . Carefully read the content of each experiment. For topics that require screenshots, clear screenshots should be taken and the screenshots should be marked and explained.

2 . The document requires a clear structure, accurate graphic and textual expression, and standardized labeling. The reasoning content is objective, reasonable and logical.

3 . Software tools can use office2003 or 2007 , CAIN , Wireshark , etc.

4 . After the experiment is over, keep the electronic documentation.

3. Experimental steps

1 . Prepare

Prepare for the experiment in advance. Before the experiment, you should have a detailed understanding of the experimental purpose, experimental requirements and experimental content, be familiar with and prepare the software tools for the experiment, and prepare the experimental content in advance according to the experimental content and requirements.

2 . lab environment

Describe the hardware and software environment (including various software tools) used in the experiment;

Boot and start the software office2003 or 2007 , browser, Wireshark , CAIN .

3 . experiment procedure

1 ) Start the system and start the tool software environment.

2 ) Use software tools to realize the experimental content.

4 . experimental report

Write the experimental report according to the unified required experimental report format. Embed the document written according to the template format into the experimental report document, the document should be written according to the prescribed writing format, and the tables should have tables and graphs and pictures.

Part 1 ARP Spoofing

1. Two students are in a group, and the experimental topology environment is shown in the figure below.

2. Before and after the spoofing attack, use the Arp-a command to verify whether the spoofing is successful (screenshot attached)

3. During the spoofing process, start Wireshark on host A to capture packets, and analyze the characteristics of the data packets during the APR spoofing attack. (with screenshot)

4. During the deception process, start Wireshark on host C to capture packets and analyze the login process of the FTP protocol (with a flowchart)

5. After the deception is completed, host C successfully obtains the FTP username and password (screenshot attached)

ARP spoofing attack process display (for reference only)

Query the status of the victim host before being spoofed

Run cain on machine 192.168.31.123 and select the network card to sniff

Click the network card icon in the toolbar, then select the sniffer page, then select hosts in the lower left corner, right-click and select "scan MAC address" to scan the active host IP and MAC address in the LAN

Except for the gateway, the attack target 192.168.31.122 was scanned

Select the ARP page - "click the blank space of the list bar, the big plus sign becomes optional - "click the big plus sign, select the target host to be sniffed in the pop-up window (note that the selection here and clicking spoof sniffing do not In the same way, click the gateway directly on the left, and other machines will automatically appear in the list on the right. At this time, you need to hold down the ctrl key to select the host you need to sniff on the right, as shown in the figure)

After the spoofing starts, use the arp -a command to query the local arp cache table on the 192.168.31.122 machine. The MAC address corresponding to the gateway in the cache table becomes the IP address of the 192.168.31.123 machine .

Second DNS

1. A group of two students, A and B.

2. Student A normally visits the website www.ppsuc.edu.cn

3. Student B acts as an attacker, designs an attack method, uses CAIN , and uses DNS spoofing to let classmate A visit the website www.ppsuc.edu.cn and access the fake website on another machine