The second experiment
Chinese People's Public Security University
Chinese people’ public security university
Network Warfare Technology
experimental report
| The second experiment |
| Network sniffing and spoofing |
| student name |
On behalf of Yu |
| grade |
2017 |
| District Team |
Five district teams |
| mentor |
Your opinion
|
Information and Network Security Technology College
201 6 Nian 11 Yue 7 Ri
Master experimental task
20 1 6 -20 1 7 grade Dai Ichi semester
First, the purpose of the experiment
1. Deepen and digest this course lectures, review what they have learned through the Internet search techniques, methods and techniques;
2. Become familiar with commonly used network sniffer way to master the common packet capture and filtering techniques to use software can analyze network basic behavior of a given data packet; master the basic principles of ARP spoofing, DNS-based attacks and ARP spoofing;
3. The purpose of the consolidation of curriculum knowledge and practical application.
Second, the experimental requirements
1. Carefully read the contents of each experiment, we need to capture the title, to be clear screenshots and annotate screenshots and descriptions.
2. Documentation Requirements clear structure, graphic expression accurate labeling specifications. Reasoning was objective, reasonable and logical.
3. Software tools can be used office2003 or 2007, CAIN, Wireshark and so on.
4. After the experiment, to retain electronic documents.
Three , experimental procedures
1. ready
Experimental preparation well in advance, should learn more about the purpose of the experiment, test requirements and test content before the experiment, familiar with the software tools and ready with a good experiment, in accordance with the requirements of experimental content and experimental content ready ahead of time.
2. lab environment
Describes the hardware and software environment used in the experiment (including a variety of software tools);
Office2003 boot and start the software or 2007, browser, Wireshark, CAIN.
Tools Download:
CAIN https://pan.baidu.com/s/19qDb7xbj1L_2QnoPm71KzA
Wireshark link: https: //pan.baidu.com/s/1BeXghjVV9Mll_cAmeMCTPg Password: mbpv
Mini FTP https://pan.baidu.com/s/16ms4hXVOmMHhDEe3WraRHQ
NetworkMiner https://pan.baidu.com/s/14e3VluLPjWFKxqNhdpYO9Q
3. experiment procedure
1) Start the system and start-up tool environment.
2) realization of experimental content using software tools.
4. experimental report
Write lab reports in accordance with the standard requirements of the test report format. The document prepared in accordance with the format template embedded test report document, the document written in accordance with the provisions of the written format, the form must be said that the graphics have a table Illustrated.
The first part of the ARP spoofing
1. a set of two students, the following experiment was conducted topology environment shown in FIG.
2. longitudinal spoofing attacks by Arp-a command to verify successful deception (screenshot attached)
(1) Double-click the Start Abel & cain software, click on the sniffer tab
(2) to click the top left button to enable sniffer, then right click and choose "Scan Mac Addresses" in the blank area, host LAN scanning.
(3) Select the default figure below, click "OK".
(4) The following figure shows the case where the host LAN.
(5) Click on the lower left corner "ARP" option, then click on the red box empty area, then the top left corner of the "+" icon becomes dark, click on the "+" icon.
(6) We chose two hosts deception, an IP address of 192.168.31.80 host is responsible for creating FTP, my host (IP is 192.158.31.81) responsible logged in, you can get another host login password capture.
(7) We first ping the host A on the host B, then enter "arp -a" in the cmd window. In this case, the host B opinion, the gateway MAC address is the MAC address of the host A. A Host B will as a gateway. As shown below.
3. The process of deception, the host A is turned Wireshark capture, analyze the characteristics of the data packet spoofing attacks APR process.
4. The process of deception, open Wireshark packet capture host C were analyzed login process FTP protocol.
5. deception complete, the host C successfully obtain FTP username and password.
ARP spoofing attacks procedure shows (for reference only)
Query the status of the victim host before being deceived
ARP spoofing machine before 192.168.1.10 normal cache table (experiment IP and this IP may be different)
ARP spoofing machine before 192.168.1.30 normal cache table (experiment IP and this IP may be different)
2, at 192.168.1.50 (IP experiments and this may be different) No. cain running machine, select the sniffer card (single card, you can default)
3, click on the card icon in the toolbar, then select sniffer page, and then select the lower left corner of the hosts, right click and choose "scan MAC address", active host IP scan LAN and MAC address
In addition to the gateway, to scan the target and 192.168.1.30 192.168.1.10
3, check the ARP page - "Point blank field under the list, plus a large number becomes optional -" big plus point, the pop-up window, select the sniffer target host (note options here and click olfactory deception probe is not the same, the left point gateway directly, other machine automatically appear in the right list, then you need to select the required ctrl-sniffer host on the right, as shown)
OK point button to return to the main software form, as shown (this is cheating two machines)
4, click on the third icon from the toolbar (start ARP) ARP can be deceived
Spoofing chart below shows the machine after the beginning of the query using the arp cache table 192.168.1.10 arp -a command on the machine, find the MAC address cache table the gateway number into a corresponding machine 192.168.1.50 (embodiment ARP spoofing machine) IP address
Spoofing chart below shows the machine after the beginning of the query using the arp cache table 192.168.1.30 arp -a command on the machine, find the MAC address cache table the gateway number into a corresponding machine 192.168.1.50 (embodiment ARP spoofing machine) IP address
Login FTP and mail process does not show.
The second part of the DNS
1. a student two groups, A and B.
2.A students normally visit www.ppsuc.edu.cn
3.B students play the attacker, the design method of attack, the use of CAIN, by way of deceit DNS, allow students to access www.ppsuc.edu.cn A URL when accessing the fake website on another machine
Key steps
Adding DNS spoofing option in CAIN
After the deception, you can check to see if an IP www.ppsuc.edu.cn to be resolved on the victim machine, the specified IP address.
(1) On the basis of ARP spoofing, we enter the dns spoofing.
(2) at the first ping www.baidu.com host B, this time to resolve 119.75.216.20
(3) open www.ppsuc.edu.cn
(4) Access www.ppsuc.edu.cn
(5) and then enter the host A, came ARP spoofing interface.
(6) Right-click in an empty area and select "Add to list". "DNS Name Requested" represents the url the other (host B) input, the following IP column indicates the url you want to parse input into each other's IP. Here we enter is "192.168.31.111".
At this time Abel & cain state following FIG.
The third part of the FTP protocol analysis
1. a student two groups, A and B.
2.A students set up FTP server, and set up a user name and password, for example gao / gao
3.B students installed in the machine Wireshark, and open it; after landing A classmate FTP server with a user name and password, and upload an image.
4.B students stop Wireshark packet capture and analysis, and A classmate FTP login process data packets together, reducing the login user name and password, and upload files.
Track stream
Flow Analysis
Restore FTP file transfer
Chinese People's Public Security University
Chinese people’ public security university
Network Warfare Technology
experimental report
| The second experiment |
| Network sniffing and spoofing |
| student name |
On behalf of Yu |
| grade |
2017 |
| District Team |
Five district teams |
| mentor |
Your opinion
|
Information and Network Security Technology College
201 6 Nian 11 Yue 7 Ri
Master experimental task
20 1 6 -20 1 7 grade Dai Ichi semester
First, the purpose of the experiment
1. Deepen and digest this course lectures, review what they have learned through the Internet search techniques, methods and techniques;
2. Become familiar with commonly used network sniffer way to master the common packet capture and filtering techniques to use software can analyze network basic behavior of a given data packet; master the basic principles of ARP spoofing, DNS-based attacks and ARP spoofing;
3. The purpose of the consolidation of curriculum knowledge and practical application.
Second, the experimental requirements
1. Carefully read the contents of each experiment, we need to capture the title, to be clear screenshots and annotate screenshots and descriptions.
2. Documentation Requirements clear structure, graphic expression accurate labeling specifications. Reasoning was objective, reasonable and logical.
3. Software tools can be used office2003 or 2007, CAIN, Wireshark and so on.
4. After the experiment, to retain electronic documents.
Three , experimental procedures
1. ready
Experimental preparation well in advance, should learn more about the purpose of the experiment, test requirements and test content before the experiment, familiar with the software tools and ready with a good experiment, in accordance with the requirements of experimental content and experimental content ready ahead of time.
2. lab environment
Describes the hardware and software environment used in the experiment (including a variety of software tools);
Office2003 boot and start the software or 2007, browser, Wireshark, CAIN.
Tools Download:
CAIN https://pan.baidu.com/s/19qDb7xbj1L_2QnoPm71KzA
Wireshark link: https: //pan.baidu.com/s/1BeXghjVV9Mll_cAmeMCTPg Password: mbpv
Mini FTP https://pan.baidu.com/s/16ms4hXVOmMHhDEe3WraRHQ
NetworkMiner https://pan.baidu.com/s/14e3VluLPjWFKxqNhdpYO9Q
3. experiment procedure
1) Start the system and start-up tool environment.
2) realization of experimental content using software tools.
4. experimental report
Write lab reports in accordance with the standard requirements of the test report format. The document prepared in accordance with the format template embedded test report document, the document written in accordance with the provisions of the written format, the form must be said that the graphics have a table Illustrated.
The first part of the ARP spoofing
1. a set of two students, the following experiment was conducted topology environment shown in FIG.
2. longitudinal spoofing attacks by Arp-a command to verify successful deception (screenshot attached)
(1) Double-click the Start Abel & cain software, click on the sniffer tab
(2) to click the top left button to enable sniffer, then right click and choose "Scan Mac Addresses" in the blank area, host LAN scanning.
(3) Select the default figure below, click "OK".
(4) The following figure shows the case where the host LAN.
(5) Click on the lower left corner "ARP" option, then click on the red box empty area, then the top left corner of the "+" icon becomes dark, click on the "+" icon.
(6) We chose two hosts deception, an IP address of 192.168.31.80 host is responsible for creating FTP, my host (IP is 192.158.31.81) responsible logged in, you can get another host login password capture.
(7) We first ping the host A on the host B, then enter "arp -a" in the cmd window. In this case, the host B opinion, the gateway MAC address is the MAC address of the host A. A Host B will as a gateway. As shown below.
3. The process of deception, the host A is turned Wireshark capture, analyze the characteristics of the data packet spoofing attacks APR process.
4. The process of deception, open Wireshark packet capture host C were analyzed login process FTP protocol.
5. deception complete, the host C successfully obtain FTP username and password.
ARP spoofing attacks procedure shows (for reference only)
Query the status of the victim host before being deceived
ARP spoofing machine before 192.168.1.10 normal cache table (experiment IP and this IP may be different)
ARP spoofing machine before 192.168.1.30 normal cache table (experiment IP and this IP may be different)
2, at 192.168.1.50 (IP experiments and this may be different) No. cain running machine, select the sniffer card (single card, you can default)
3, click on the card icon in the toolbar, then select sniffer page, and then select the lower left corner of the hosts, right click and choose "scan MAC address", active host IP scan LAN and MAC address
In addition to the gateway, to scan the target and 192.168.1.30 192.168.1.10
3, check the ARP page - "Point blank field under the list, plus a large number becomes optional -" big plus point, the pop-up window, select the sniffer target host (note options here and click olfactory deception probe is not the same, the left point gateway directly, other machine automatically appear in the right list, then you need to select the required ctrl-sniffer host on the right, as shown)
OK point button to return to the main software form, as shown (this is cheating two machines)
4, click on the third icon from the toolbar (start ARP) ARP can be deceived
Spoofing chart below shows the machine after the beginning of the query using the arp cache table 192.168.1.10 arp -a command on the machine, find the MAC address cache table the gateway number into a corresponding machine 192.168.1.50 (embodiment ARP spoofing machine) IP address
Spoofing chart below shows the machine after the beginning of the query using the arp cache table 192.168.1.30 arp -a command on the machine, find the MAC address cache table the gateway number into a corresponding machine 192.168.1.50 (embodiment ARP spoofing machine) IP address
Login FTP and mail process does not show.
The second part of the DNS
1. a student two groups, A and B.
2.A students normally visit www.ppsuc.edu.cn
3.B students play the attacker, the design method of attack, the use of CAIN, by way of deceit DNS, allow students to access www.ppsuc.edu.cn A URL when accessing the fake website on another machine
Key steps
Adding DNS spoofing option in CAIN
After the deception, you can check to see if an IP www.ppsuc.edu.cn to be resolved on the victim machine, the specified IP address.
(1) On the basis of ARP spoofing, we enter the dns spoofing.
(2) at the first ping www.baidu.com host B, this time to resolve 119.75.216.20
(3) open www.ppsuc.edu.cn
(4) Access www.ppsuc.edu.cn
(5) and then enter the host A, came ARP spoofing interface.
(6) Right-click in an empty area and select "Add to list". "DNS Name Requested" represents the url the other (host B) input, the following IP column indicates the url you want to parse input into each other's IP. Here we enter is "192.168.31.111".
At this time Abel & cain state following FIG.
The third part of the FTP protocol analysis
1. a student two groups, A and B.
2.A students set up FTP server, and set up a user name and password, for example gao / gao
3.B students installed in the machine Wireshark, and open it; after landing A classmate FTP server with a user name and password, and upload an image.
4.B students stop Wireshark packet capture and analysis, and A classmate FTP login process data packets together, reducing the login user name and password, and upload files.
Track stream
Flow Analysis
Restore FTP file transfer