Scribd Logo
Upload

Welcome to Scribd!

  • Capturing Network Traffic

    Uploaded by

    api-418424782
    194 views17 pages

    Original Title

    capturing network traffic

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    194 views17 pages

    Capturing Network Traffic

    Uploaded by

    api-418424782

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 17

    Stephen Dick

    Lab1

    4/17/18

    CVF1083 system security

    Section 1 Using tcpdump to capture and analyze network traffic

    1.1 using tcpdump to capture ICMP traffic

    1.

    Used the command ifconfig -a to see the list of connections made with the onion.

    2.
    Used the command netstat -a to see the the interface status.

    3.

    Used the command netstat –help to see the list of options for tcpdump

    4.

    Used the command sudo tcpdump -I eth0 icmp to capture any packets flying through the onion

    5.

    Used the command sudo tcpdump icmp -I eth0 -s 0 -w netcapture1.pcap -C 100 to capture the packets
    flying in and saving it.
    6.

    Used the command sudo wireshark netcapture1.pcap to view the file that was created inside of
    wireshark. And clicking ok for the warning message.

    7.

    Switched to kali and stopped the pinging on the machine.

    8.
    Section 1.2 Using tcpdump to capture ARP traffic

    1.

    Used the command arp -n to view a list of connections

    2.

    Used the command ping -c4 192.168.1.6 to ping the machine 4 times.

    3.
    Stopped the tcpdump and viewed the packets that flew in.

    4.

    Used the command arp -n for the ethernet connections and flags.

    5.

    Used the command sudo ip -s -s neigh flush all to look at all ip connections with the onion.

    Section 1.3 Using arpspoof to spoof network traffic

    1.

    Used the command netstat -I to view all the associated connections with the onion.

    2.
    Used the command sudo -I to go to the root of the security onion

    Then I used the command echo ‘1’ > /pro/sys/net/ipv4/ip_forward then I confirmed it.

    3.

    This is the results of the above command

    4.

    Used the command sudo arpspoof -I eth0 -t 192.168.1.1 192.168.1.50 to spoof the arp packets crossing
    the onion.

    5.
    I used the command sudo urlsnarf -I eth0 to sniff out packets crossing the network.

    6.

    Used the command sudo ip -s -s neigh flush all to flush all the connections out of the network.

    7.
    I went to the website example.com in the ubuntu firefox

    8.

    Went to the security onion to view the results of the urlsnarf after going to example.com from the
    ubuntu machine.

    Section 1.4 Using arpwatch to mitigate spoofed network traffic

    1.
    Used the command sudo arpwatch -I eth0 in the ubuntu terminal and nothing seems to have happened
    so far.

    2.

    Used the command tail -f /var/log/syslog to view the other command above.

    Section 2.1 Using wireshark to capture ftp traffic

    1.
    Used the command ifconfig -a to view the current interface conditions and none were down, all in
    working condition.

    2.
    Used the command sudo wireshark and went to capture>interfaces and chose the eth1 interface to sniff
    out DVL.

    3.

    Went to the DVL server and typed proftpd in the command prompt to initiate the FTP server.

    4.
    Used the command ftp 10.1.1.10 in the ubuntu machine to connect to the ftp server of the DVL
    machine.

    5.

    Results of above

    6.
    After logging in on the ftp server, went to the security onion and stopped the capture. Put an ftp filter
    in, and then had this result.

    Section 2.2 Using wireshark to capture SFTP traffic

    1.

    Stopped the last capture, now capturing a new security onion packets.
    2.

    Used the command service ssh status to view the secure shell status. I then type sudo service ssh start
    to start the secure shell in case it didn’t start.

    3.

    Did the command sftp student@192.168.1.50 to attempt to connect to the pc of the student in ubuntu.

    4.
    Went back to the security onion, stopped the scan, and typed ssh in the filter, I found a result of a key
    exchange between 2 machines in encryption.

    Section 3.1 Capturing and analyzing HTTP Traffic

    1.

    Used the command sudo dumpcap -I eth0 -w /tmp/netcapture2.pcap and starting capturing traffic
    across the network.

    2.

    Went to the ubuntu machine, opened firefox, typed the ip of 192.168.1.6 and the security onion screen
    popped up.

    3.
    Results of the capture above. From the security onion

    Section 3.2 Using network miner to capture HTTP traffic

    1.

    Used the command sudo /opt/networkminer/networkminer to open the window on the left.

    2.
    Navigated to open>mycomputer>HDD>tmp>netcapture2.pcap

    3.

    I navigated to files>right clicked 1 file and opened it. This was the result.

    You might also like