Chinese People's Public Security University
Chinese people’ public security university
Network Warfare Technology
experimental report
| The second experiment |
| Network sniffing and spoofing |
| student name |
Yang Haitao |
| grade |
17 |
| District Team |
Network Security five areas |
| mentor |
Your opinion |
Information and Network Security Technology College
201 6 Nian 11 Yue 7 Ri
Master experimental task
20 1 6 -20 1 7 grade Dai Ichi semester
First, the purpose of the experiment
1. Deepen and digest this course lectures, review what they have learned through the Internet search techniques, methods and techniques;
2. Become familiar with commonly used network sniffer way to master the common packet capture and filtering techniques to use software can analyze network basic behavior of a given data packet; master the basic principles of ARP spoofing, DNS-based attacks and ARP spoofing;
3. The purpose of the consolidation of curriculum knowledge and practical application.
Second, the experimental requirements
1. Carefully read the contents of each experiment, we need to capture the title, to be clear screenshots and annotate screenshots and descriptions.
2. Documentation Requirements clear structure, graphic expression accurate labeling specifications. Reasoning was objective, reasonable and logical.
3. Software tools can be used office2003 or 2007, CAIN, Wireshark and so on.
4. After the experiment, to retain electronic documents.
Three , experimental procedures
1. ready
Experimental preparation well in advance, should learn more about the purpose of the experiment, test requirements and test content before the experiment, familiar with the software tools and ready with a good experiment, in accordance with the requirements of experimental content and experimental content ready ahead of time.
2. lab environment
Describes the hardware and software environment used in the experiment (including a variety of software tools);
Office2003 boot and start the software or 2007, browser, Wireshark, CAIN.
Tools Download:
CAIN https://pan.baidu.com/s/19qDb7xbj1L_2QnoPm71KzA
Wireshark link: https: //pan.baidu.com/s/1BeXghjVV9Mll_cAmeMCTPg Password: mbpv
Mini FTP https://pan.baidu.com/s/16ms4hXVOmMHhDEe3WraRHQ
NetworkMiner https://pan.baidu.com/s/14e3VluLPjWFKxqNhdpYO9Q
3. experiment procedure
1) Start the system and start-up tool environment.
2) realization of experimental content using software tools.
4. experimental report
Write lab reports in accordance with the standard requirements of the test report format. The document prepared in accordance with the format template embedded test report document, the document written in accordance with the provisions of the written format, the form must be said that the graphics have a table Illustrated.
The first part of the ARP spoofing
1. a set of two students, the following experiment was conducted topology environment shown in FIG.
2. longitudinal spoofing attacks by Arp-a command to verify successful deception (screenshot attached)
3. The process of deception, the host A is turned Wireshark capture, analyze the characteristics of the data packet spoofing attacks APR process. (Screenshot attached)
4. The process of deception, open Wireshark capture performed in the host C, analysis of the FTP protocol login procedure (flowchart attached)
5. After the completion of deception, the host C is successfully acquired user name and password FTP (screenshot attached)
ARP spoofing attacks procedure shows (for reference only)
Query the status of the victim host before being deceived
ARP spoofing machine before 192.168.1.10 normal cache table (experiment IP and this IP may be different)
ARP spoofing machine before 192.168.1.30 normal cache table (experiment IP and this IP may be different)
2, at 192.168.1.50 (IP experiments and this may be different) No. cain running machine, select the sniffer card (single card, you can default)
3、点选工具栏中的网卡图标,之后选择sniffer页,再选择左下角的hosts,右键选择“scan MAC address”,扫描局域网中的活动主机IP及MAC地址
除网关外,扫描到了攻击目标192.168.1.10和192.168.1.30
3、选中ARP页-》点下列表栏空白处,大加号变为可选-》点大加号,在弹出的窗口中选择要嗅探的目标主机(注意这里的选择和单击欺骗嗅探不一样,左面直接点网关,其它机器自动出现在右侧列表中,这时需要按住ctrl键在右侧选择你需要嗅探的主机,如图所示)
点oK按钮,回到软件主窗体,如图所示(这是欺骗两台机器)
4、点击工具栏第三个图标(start ARP)就可以ARP欺骗了
下图为欺骗开始后在192.168.1.10机器上用arp –a命令查询本机arp缓存表的情况,会发现缓存表中的网关对应的MAC地址变成了192.168.1.50号机(实施ARP欺骗的机器)的IP地址
下图为欺骗开始后在192.168.1.30机器上用arp –a命令查询本机arp缓存表的情况,会发现缓存表中的网关对应的MAC地址变成了192.168.1.50号机(实施ARP欺骗的机器)的IP地址
登录FTP和邮箱的过程没有展示。
操作过程如下:
1、攻击者的MAC地址为 30-9C-23-4B-DF-A3
2、被攻击者被欺骗前网关的MAC地址为70-f9-6d-f8-59-3d
3、被攻击者被欺骗后网关的MAC地址为30-9C-23-4B-DF-A3
4、用被欺骗主机ping端口ping192.168.31.216并在该主机开启 Wireshark进行抓包
5、数据包分析被攻击端抓到的icmp包
分析可见,目的端的ip地址已经变为攻击端的mac地址了,证明被供给端给服务器端的icmp包已被攻击者劫持:
6、欺骗过程中,攻击者开启Wireshark进行抓包,分析FTP协议的登录过程(附流程图)
7、欺骗完成后,攻击者成功获取FTP用户名和密码
用户名123
密码:123456
第二部分 DNS
1. 两个同学一组,A和B。
2.A同学正常访问网站www.ppsuc.edu.cn
3.B同学扮演攻击者,设计攻击方法,使用CAIN,通过DNS欺骗的方式,让A同学访问www.ppsuc.edu.cn网址的时候,访问到另外一台机器上的伪造网站
重点步骤
在CAIN中添加DNS欺骗选项
欺骗成功后,在被害机器上查看www.ppsuc.edu.cn的IP 查看是否被解析到了,指定的IP地址上。
步骤如下
(1)在ARP欺骗的基础上,我们进入dns欺骗。
(2)首先在被攻击者上ping www.baidu.com,此时解析到119.75.216.20
(3)打开www.ppsuc.edu.cn
(4)访问www.ppsuc.edu.cn
(5)然后进入主机A,来到ARP欺骗界面。
(6)在空白区域右击,选择“Add to list”。“DNS Name Requested”表示对方(主机B)输入的url,下面的IP栏表示要将对方输入的url解析成的IP。这里我们输入的是“192.168.31.247”。
此时Abel&cain的状态如下图。
第三部分 FTP协议分析
1. 两个同学一组,A和B。
2.A同学架设FTP服务器,并设置用户名和密码,例如gao / gao
3.B同学在机器中安装Wireshark,并将其打开;之后用用户名和密码登陆A同学的FTP服务器,并上传一张图片。
4.B同学停止Wireshark抓包,并和A同学一起分析数据包中的FTP登录过程,还原登录用户名和密码,以及上传文件。
操作过程如下:
1、A同学架设FTP服务器,并设置用户名和密码
用户名123
密码123456
2、B同学在机器中安装Wireshark,并将其打开;之后用用户名和密码登陆A同学的FTP服务器,并上传一张图片。
3、 .B同学停止Wireshark抓包,并和A同学一起分析数据包中的FTP登录过程,还原登录用户名和密码,以及上传文件
数据分析
追踪流
流分析
还原FTP传输文件
