Download - Wiretapping
![Page 1: Wiretapping](https://reader034.vdocument.in/reader034/viewer/2022051017/55cecbe0bb61eba56c8b476a/html5/thumbnails/1.jpg)
Mustajar Ahmad Shah
Wiretapping
![Page 2: Wiretapping](https://reader034.vdocument.in/reader034/viewer/2022051017/55cecbe0bb61eba56c8b476a/html5/thumbnails/2.jpg)
![Page 3: Wiretapping](https://reader034.vdocument.in/reader034/viewer/2022051017/55cecbe0bb61eba56c8b476a/html5/thumbnails/3.jpg)
Out Line• Introduction• What is sniffer• Sniffing Threats• How a sniffer Work• Type of Sniffing• Protocol vulnerable to sniffing• Tools to Sniff Network Traffic• How to setup a Sniffing Attack• How to protect your self from Sniffing• Tools to detect sniffer on a network
![Page 4: Wiretapping](https://reader034.vdocument.in/reader034/viewer/2022051017/55cecbe0bb61eba56c8b476a/html5/thumbnails/4.jpg)
Wire tapping is process of monitoring the Telephone and Internet conversation by third party.
What is Wiretapping
Type of Wiretapping
Active Wiretapping
It only Monitors and Records the traffic
Passive Wiretapping
It Monitors ,Records and also Alter the Traffic
![Page 5: Wiretapping](https://reader034.vdocument.in/reader034/viewer/2022051017/55cecbe0bb61eba56c8b476a/html5/thumbnails/5.jpg)
A Sniffer is a packet-capturing or frame-capturing tool.
It basically captures and displays the data as it is being transmitted from host to host on the network.
What is a Sniffer
![Page 6: Wiretapping](https://reader034.vdocument.in/reader034/viewer/2022051017/55cecbe0bb61eba56c8b476a/html5/thumbnails/6.jpg)
Sniffing Threats
![Page 7: Wiretapping](https://reader034.vdocument.in/reader034/viewer/2022051017/55cecbe0bb61eba56c8b476a/html5/thumbnails/7.jpg)
A Sniffer turns the NIC of a system into Promiscuous(pro-mis-cu-os) mode so that it listen all the data transmitted on its segment.
Sniffer can constantly Read all the information entering to the computer through NIC by Decoding the Information encapsulated in Data Packet.
How a Sniffer Works
![Page 8: Wiretapping](https://reader034.vdocument.in/reader034/viewer/2022051017/55cecbe0bb61eba56c8b476a/html5/thumbnails/8.jpg)
There are Two types of Sniffing Attack
Type of Sniffing
Active Sniffing
Passive Sniffing
![Page 9: Wiretapping](https://reader034.vdocument.in/reader034/viewer/2022051017/55cecbe0bb61eba56c8b476a/html5/thumbnails/9.jpg)
Passive Sniffing
“Passive Sniffing “mean sniffing trough a Hub.
Passive Sniffing Involves sending no packets, and Monitoring the Packets sent by others.
But Hub Usage is Outdated today.
![Page 10: Wiretapping](https://reader034.vdocument.in/reader034/viewer/2022051017/55cecbe0bb61eba56c8b476a/html5/thumbnails/10.jpg)
Active Sniffing
When Sniffing is performed on a Switched network, is known as “Active Sniffing”.
Active Sniffing Relies on Injecting Packets (ARP) into the Network, that Cause traffic.
![Page 11: Wiretapping](https://reader034.vdocument.in/reader034/viewer/2022051017/55cecbe0bb61eba56c8b476a/html5/thumbnails/11.jpg)
Telnet and
RloginHTTP SMTP NNTP POP FTP IMAP
Keystrokes including User Name & Passwords
Data sent in clear text
Password and data sent in clear text
Password and data sent in clear text
Protocol Vulnerable to Sniffing
![Page 12: Wiretapping](https://reader034.vdocument.in/reader034/viewer/2022051017/55cecbe0bb61eba56c8b476a/html5/thumbnails/12.jpg)
SPAN Port
SPAN Port is Port which is configure to Receive a Copy of Every Packet that passes
through a Switch
![Page 13: Wiretapping](https://reader034.vdocument.in/reader034/viewer/2022051017/55cecbe0bb61eba56c8b476a/html5/thumbnails/13.jpg)
Sniffing Tools
Sniffing Tools
WireShark
TCP Dump
Cain & Able
Capsa
![Page 14: Wiretapping](https://reader034.vdocument.in/reader034/viewer/2022051017/55cecbe0bb61eba56c8b476a/html5/thumbnails/14.jpg)
WireShark
![Page 15: Wiretapping](https://reader034.vdocument.in/reader034/viewer/2022051017/55cecbe0bb61eba56c8b476a/html5/thumbnails/15.jpg)
Cain and Abel
![Page 16: Wiretapping](https://reader034.vdocument.in/reader034/viewer/2022051017/55cecbe0bb61eba56c8b476a/html5/thumbnails/16.jpg)
Capsa
![Page 17: Wiretapping](https://reader034.vdocument.in/reader034/viewer/2022051017/55cecbe0bb61eba56c8b476a/html5/thumbnails/17.jpg)
How to Attack
![Page 18: Wiretapping](https://reader034.vdocument.in/reader034/viewer/2022051017/55cecbe0bb61eba56c8b476a/html5/thumbnails/18.jpg)
How to Attack
![Page 19: Wiretapping](https://reader034.vdocument.in/reader034/viewer/2022051017/55cecbe0bb61eba56c8b476a/html5/thumbnails/19.jpg)
Sniffing Password
![Page 20: Wiretapping](https://reader034.vdocument.in/reader034/viewer/2022051017/55cecbe0bb61eba56c8b476a/html5/thumbnails/20.jpg)
Step # 1: Run Wireshark
![Page 21: Wiretapping](https://reader034.vdocument.in/reader034/viewer/2022051017/55cecbe0bb61eba56c8b476a/html5/thumbnails/21.jpg)
Step # 2: Select you NIC
![Page 22: Wiretapping](https://reader034.vdocument.in/reader034/viewer/2022051017/55cecbe0bb61eba56c8b476a/html5/thumbnails/22.jpg)
Step # 3: Start Capturing
![Page 23: Wiretapping](https://reader034.vdocument.in/reader034/viewer/2022051017/55cecbe0bb61eba56c8b476a/html5/thumbnails/23.jpg)
Step # 4: my target login to a HTTP site
![Page 24: Wiretapping](https://reader034.vdocument.in/reader034/viewer/2022051017/55cecbe0bb61eba56c8b476a/html5/thumbnails/24.jpg)
Step # 5: Stop Capturing & find Word “Password”
in your capture.
![Page 25: Wiretapping](https://reader034.vdocument.in/reader034/viewer/2022051017/55cecbe0bb61eba56c8b476a/html5/thumbnails/25.jpg)
Step # 6: Here I got the MD5 hash of password
![Page 26: Wiretapping](https://reader034.vdocument.in/reader034/viewer/2022051017/55cecbe0bb61eba56c8b476a/html5/thumbnails/26.jpg)
Step # 7:Decrypt MD5 Hash to get Password
![Page 27: Wiretapping](https://reader034.vdocument.in/reader034/viewer/2022051017/55cecbe0bb61eba56c8b476a/html5/thumbnails/27.jpg)
How to Defend against Sniffing
Restrict the physical access to the network media to ensure that a packet sniffer cannot be installed
Use Encryption to protect confidential information
Permanently Add MAC address of the Gateway to ARP cache
Use static IP Address and Static ARP tables to prevent attacker from adding the spoofed ARP entries for machines in the network
![Page 28: Wiretapping](https://reader034.vdocument.in/reader034/viewer/2022051017/55cecbe0bb61eba56c8b476a/html5/thumbnails/28.jpg)
Turn off network identification broadcasts and if possible restrict the network to authorized users in order to protect network form being with sniffing tools
Use UPv6 instead of IPv4 protocol
Use encrypted session such as SSJ instead of Telnet, Secure Copy (SCP) instead of FTP, SSL for E-mail connection, etc. to protect wireless network users against sniffing attack.
How to Defend against Sniffing
![Page 29: Wiretapping](https://reader034.vdocument.in/reader034/viewer/2022051017/55cecbe0bb61eba56c8b476a/html5/thumbnails/29.jpg)
How to Detect Sniffing ?
Use Network ToolsSuch as HP
Performance insight to monitor the
network for strange Packets
Use IDS
Detect Promiscuous
Mode
![Page 30: Wiretapping](https://reader034.vdocument.in/reader034/viewer/2022051017/55cecbe0bb61eba56c8b476a/html5/thumbnails/30.jpg)
Tools to Detect Promiscuous Mode
![Page 31: Wiretapping](https://reader034.vdocument.in/reader034/viewer/2022051017/55cecbe0bb61eba56c8b476a/html5/thumbnails/31.jpg)
PromQry UI By Microsoft
![Page 32: Wiretapping](https://reader034.vdocument.in/reader034/viewer/2022051017/55cecbe0bb61eba56c8b476a/html5/thumbnails/32.jpg)
PromiScan
![Page 33: Wiretapping](https://reader034.vdocument.in/reader034/viewer/2022051017/55cecbe0bb61eba56c8b476a/html5/thumbnails/33.jpg)
Thank You