module 08: sniffers...2013/04/15 · sniffing network packets, performing arp poisoning, spoofing...
TRANSCRIPT
Module 08: Sniffers
Objective
The objective of this lab is to make students learn to sniff a network and analyze packets for any
attacks on the network.
The primary objectives of this lab are to:
Sniff the network
Analyze incoming and outgoing packets
Troubleshoot the network for performance
Secure the network from attacks
Scenario
Since you are an expert Ethical Hacker and PenetrationTester, your IT director instructs you to
sniff a network and analyze if there is evidence of any of the following on the network: MAC
attacks, DHCP attacks, ARP poisoning, spoofing, or DNS poisoning.
Virtual Machines
The following virtual machines are required for completion of this lab:
1. 2008 Server (10.10.10.1)
2. Windows 7 (10.10.10.31)
3. 2003 Server (10.10.10.61)
4. NAT
Exercise I: Mapping a Network Topology Using Look@LAN
Lab Scenario
To be an expert Ethical Hacker and Penetration Tester, you must have sound knowledge of sniff
network packets, perform ARP poisoning, spoof the network and DNS poisoning.
Lab Objectives
The objective of this lab is to reinforce concepts of network security policy, policy enforcement
and policy audits.
1. Log on to Windows Server 2003
Switch to Windows Server 2003 (10.10.10.61) machine from Machines tab in the right
pane of the window.
2. Enter Credentials
Go to Machine Commands and click Ctrl+Alt+Del.
In the log on box enter the following credentials and click Enter.
User Name: Administrator
Password: Pa$$w0rd
You can also use the Machine Commands menu to enter the user name and password.
3. Install Look@LAN
To install Look@LAN navigate, to Z:\CEHv7 Module 08 Sniffers\Network
Topology\lookatlan.
Double-click on lalsetup250.exe to install Look@LAN.
Follow the wizard driven installation steps to install Look@LAN.
Z:\ drive is mapped network drive containing the CEH tools.
4. Launch Look@LAN
To launch Look@LAN, navigate to Start --> All Programs --> Look@LAN -->
Look@LAN.
5. Create New Profile
To creata new profile click Create New Profile from Look@LAN wizard
6. New Profile Settings
In New Profile settings select the target machine IP. In this lab, it is Windows Server
2003 (10.10.10.61) and click Next.
7. Starts Sniffing
The tool will start sniffing details on the machine
A window will open with a list of IP addresses. Click Hide button at the bottom of the
window
8. View Statistics
Go to View menu from menu bar and select Statistics. The Statistics will list down the
number of Online and Offline machines in the right pane.
9. View Network settings
Go to Settings and click Network Settings from the menu bar it displays the network
confirguration.
10. Trapping Configuration
Go to Settings and select Trapping Configuration from the menu bar. The Trapping
configuration window will list down the General and Mail option available for trapping.
11. Quick Host Scan
Go to Tools and select Quick Host Scan.
12. Input the Host IP
Input the Host IP as 10.10.10.61 (Windows Server 2003) and click Analyze.
13. Proof Scan
After scanning is completed it displays Proof Scan wizard. Close the Proof Scan wizard.
14. View Graphs
To view graphical statistics go to Tools menu and select Show graphs.
Lab Analysis
In this lab you have reinforced concepts of network security policy, policy enforcement and
policy audits.
Exercise II: Sniffing the Network Using the Colasoft Packet
Builder
Lab Scenario
To be an expert Ethical Hacker and Penetration Tester, you must have sound knowledge of
sniffing network packets, performing ARP poisoning, spoofing the network, and DNS poisoning.
Lab Objectives
The objective of this lab is to reinforce concepts of network security policy, policy enforcement
and policy audits.
1. Logon to Windows Server 2003
Switch to Windows Server 2003 (10.10.10.61) machine from Machines tab in the right
pane of the window.
2. Enter Credentials
Go to Machine Commands and click Ctrl+Alt+Del.
In the log on box enter the following credentials and press Enter.
User Name: Administrator
Password: Pa$$w0rd
You can also use the Machine Commands menu to enter your user name and password.
3. Install Colasoft Packet Builder
To install Colasoft Packet Builder, navigate to Z:\CEHv7 Module 08 Sniffers\Sniffing
Tools\TCP-IP Packet Crafter\Packet Builder.
Double-click on pkbuilder10_build166.exe file.
Follow the wizard driven installation steps to install Colasoft Packet Builder.
Z:\ drive is mapped network drive containig the CEH tools.
4. Launch Colasoft Packer Builder
To launch Colasoft Packer Builder, navigate to Start --> All Programs --> Colasoft
Packet Builder 1.0 --> Colasoft Packet Builder 1.0.
5. Check the Adapter settings
Before starting of your task, check the Adapter settings from Send option and click
Select default adapter to set it to the default from the menu bar.
6. Select Adapter
Select the approriate adapter from the drop down list and click OK button.
7. Create Packet
To add or create the packet, click Add in the menu section.
8. Adding Packet
When an Add Packet dialog box pops up, you need to select the template and click OK.
9. Added Packets
You can view the added packets list on your right-hand side of your window.
10. Decode Editor
Colasoft Packet Builder allows you to edit decoding information in the two editors:
Decode Editor and Hex Editor left hand side of the window.
11. Send All Packets
To send all packets at one time, click Send All from the menu bar.
Check the Burst Mode option in Send All Packets dialog window, and then click Start.
12. Export All Packets
To export the packets sent from the file menu, click File --> Export --> All Packets.
13. Save Packets
Save the packets at your desired location click on Save button to save.
Lan Analysis
In this lab you have performed network sniffing using the Colasoft Packet Builder.
Exercise III: Sniffing the Network Using the OmniPeek
Network Analyzer
Lab Scenario
To be an expert Ethical Hacker and Penetration Tester, you must have sound knowledge of
sniffing network packets, performing ARP poisoning, spoofing the network, and DNS poisoning.
Lab Objectives
The objective of this lab is to reinforce concepts of network security policy, policy enforcement,
and policy audits.
1. Logon to Windows Server 2003
Switch to Windows Server 2003 (10.10.10.61) machine from Machines tab in the right
pane of the window.
2. Enter Credentials
Go to Machine Commands and click Ctrl+Alt+Del.
In the log on box enter the following credentials and press Enter.
User Name: Administrator
Password: Pa$$w0rd
You can also use the Machine Commands menu to enter the user name and password.
3. Install OmniPeekNetwork Analyzer
To install OmniPeekNetwork Analyzer, navigate to Z:\CEHv7 Module 08
Sniffers\Sniffing Tools\Packet Sniffing Tool\OmniPeek Network Analyzer.
Double-click on OmniPeek607demo.exe to install.
Follow the wizard driven installation steps to install OmniPeekNetwork Analyzer.
Z:\ drive is mapped network drive containing the CEH tools
4. Launch OmniPeekNetwork Analyzer
To launch OmniPeekNetwork Analyzer, navigate to Start --> All Programs -->
WildPackets OmniPeek Demo.
5. OmniPeek Main Window
OmniPeek evaluation version warning window will appear click OK or close to continue.
6. Create an OmniPeek capture
Create an OmniPeek capture window as follows:
o Click New Capture on the main screen of OmniPeek.
o View the general options in the OmniPeek Capture Options dialog box when it
appears.
o Leave the default general settings and click OK.
7. Start Capture
Now, Click Start Capture to begin capturing packets. The Start Capture tab turns to
Stop Capture and traffic statistics begin to populate the Network Dashboard in the
capture window of OmniPeek.
8. View Captured Packets
To view captured packets, click the Capture tab views in the navigation bar, where you
can view expert and statistical analysis of the data, the Peer Map display and more.
9. View Captured Packets
To view the captured packets, select Packets in a Capture section of the Dashboard at
the left hand-side of the window.
Similarly, you can view Log, Filters, Hierarchy, and Peer Map by selecting the respective
options in the same Dashboard.
You can view the Nodes and Protocols from the Statistics section of the Dashboard.
10. Saving Report
To save the result, go to File --> Save Report.
11. Report Type
Select format type of the report and click Save button.
Lab Analysis
In this lab you have performed network sniffing using the OmniPeek Network Analyzer.
Exercise IV: Spoofing MAC Address Using SMAC
Lab Scenario
To be an expert Ethical Hacker and Penetration Tester, you must spoof MAC addresses, sniff
network packets, and perform ARP poisoning, network spoofing and DNS poisoning.
Lab Objectives
The objective of this lab is to reinforce concepts of network security policy, policy enforcement,
and policy audits.
In this lab, you will learn how to spoof the MAC address.
1. Logon to Windows Server 2008
Switch to Windows Server 2008 (10.10.10.1) machine from Machines tab in the right
pane of the window.
2. Enter Credentials
Go to Machine Commands and click Ctrl+Alt+Del.
In the log on box enter the following credentials and press Enter.
User Name: Administrator
Password: Pa$$w0rd
You can also use the Machine Commands menu to enter the user name and password.
3. Install SMAC
To install SMAC, navigate to E:\CEHv7 Module 08 Sniffers\MAC Spoofing
Tools\SMAC.
Double-click smac27beta_setup.exe and follow the wizard-driven installation steps to
install SMAC.
4. Launch SMAC
To launch SMAC, navigate to Start --> All Programs --> KLC --> SMAC 2.7.
5. Accept the SMAC 2.7 License Agreement
Click I Accept button on the License Agreement of SMAC.
6. SMAC 2.0 Registration
Click Proceed button on SMAC 2.0 Registration wizard.
7. Choose a Network Adapter
Choose a network adapter to spoof MAC address. To generate a random MAC address,
click Random, which also inputs into the New Spoofed MAC Address to simplify MAC
Address Spoofing
8. New Spoofed MAC Address
You can able to see new spoofed MAC address left hand side of the window
9. Network Connection or Adapter Section
The network connection or adapter displays the network connection name.
Click << or >> icon. The display changes to show network adapter information. These
buttons toggles between network adapter and network connection information.
10. Hardware ID and Configuration ID
Click << or >>. The display changes to show Configuration ID information. This button
toggles between Hardware ID and Configuration ID.
11. IPConfig
To bring up the ipconfig information, click IPConfig.
12. IPConfig window
The IPConfig window pops up. You can also save the information by clicking on the
File menu at the top of the window.
13. MAC List
You can also import the MAC address list into SMAC by clicking MAC List.
14. Load List
If there is no address in the MAC address field, click Load List to select a MAC address
list file you have created.
15. Sample MAC Address List
From the browse window select Sample_MAC_Address_List.txt file and click Open
button.
16. MAC List
It displays the sample MAC Addresses loaded in MAC List window.
17. Select MAC Address
Select any one the MAC address from the list and click Select button.
18. Restart Adapter
To restart Network Adapter, click Restart Adapter, which restarts the selected Network
Adapter. You cause a temporary disconnection problem for your Network Adapter.
Lab Analysis
In this lab you have performed MAC Address Spoofing using SMAC.
Exercise V: Sniffing a Network Using the WinArpAttacker
Tool
Lab Scenario
To be an expert Ethical Hacker and Penetration Tester, you must have sound knowledge of
Footprinting, network protocols and their topology, TCP and UDP services, routing tables,
remote access (SSH or VPN), and authentication mechanisms.
Lab Objectives
The objectives of this lab are to:
Scan, Detect, Protect, and Attack computers on local area networks (LANs):
Scan and show the active hosts on the LAN within a very short time period of 2-3
seconds
Save and load computer list files, and save the LAN regularly for a new computer list
Update the computer list in passive mode using sniffing technology
Freely provide information regarding the type of operating systems they employ?
Discover the kind of firewall, wireless access point and remote access
Discover any published information on the topology of the network
Discover if the site is seeking help for IT positions that could give information regarding
the network services provided by the organization
Identify actual users and discover if they give out too much personal information, which
could be used for social engineering purposes~
1. Logon to Windows Server 2008
Switch to Windows Server 2008 (10.10.10.1) machine from Machines tab in the right
pane of the window.
2. Enter Credentials
Go to Machine Commands and click Ctrl+Alt+Del.
In the log on box enter the following credentials and press Enter.
User Name: Administrator
Password: Pa$$w0rd
You can also use the Machine Commands menu to enter the user name and password.
3. Install WinPcap
To install WinPcap, navigate to E:\CEHv7 Lab Prerequisites\WinPcap.
Double-click WinPcap_4_1_2.exe and follow the wizard-driven installation steps to
install WinPcap.
4. Launch WinArpAttacker
To launch WinArpAttacker, navigate to E:\CEHv7 Module 08 Sniffers\ARP Poisoning
Tools\WinArpAttacker.
Double-click “WinArpAttacker.exe” to launch WinArpAttacker.
5. Scanning Hosts on the LAN
Click the Scan option from the toolbar menu and select Scan LAN.
The scan shows active hosts on the LAN in a very short period of time (2-3 seconds).
The Scan option has two modes: Normal scan and Antisniff scan.
6. Scanning Saves and Loads
Scanning saves and loads a computer list file and also scans the LAN regularly for new
computer lists.
7. ARP Attack
By performing attack action, scanning can pull and collect all the packets on the LAN.
Select a Host (10.10.10.61 – Windows Server 2003) from the displayed list and select
Attack --> Flood
Make sure that Windows Server 2003 (10.10.10.61) is running before running this lab.
8. Data Sniffed by Spoofing and Forwarded
Scanning acts as another gateway or IP-forwarder without other user recognition on
the LAN, while spoofing ARP tables.
All the data sniffed by spoofing and forwarded by the WinArpAttackerIP-forward
functions are counted, as shown in the main interface.
9. Saving Report
Click Save to save the report.
Lab Analysis
In this lab you have performed network sniffing using the WinArpAttacker Tool.
You have now:
Scanned, Detected, Protected, and Attacked computers on local area networks (LANs):
Scanned and showed the active hosts on the LAN within a very short time period of 2-3
seconds
Saved and loaded computer list files, and saved the LAN regularly for a new computer
list
Updated the computer list in passive mode using sniffing technology
Freely provided information regarding the type of operating systems they employ
Discovered the kind of firewall, wireless access point and remote access
Discovered any published information on the topology of the network
Discovered if the site is seeking help for IT positions that could give information
regarding the network services provided by the organization
Identified actual users and discovered if they give out too much personal information,
which could be used for social engineering purposes
Exercise VI: Analyzing a Network Using the Colasoft Capsa
Network Analyzer
Lab Scenario
To be an expert Ethical Hacker and Penetration Tester, you must have sound knowledge of
sniffing, network protocols and their topology, TCP and UDP services, routing tables, remote
access (SSH or VPN) and authentication mechanisms.
Lab Objectives
The objective of this lab is to obtain information regarding the target organization that includes,
but is not limited to:
Network traffic analysis,
Network communication monitoring
Network problem diagnosis
Network security analysis
Network performance detection
Network protocol analysis~
1. Logon to Windows Server 2008
Switch to Windows Server 2008 (10.10.10.1) machine from Machines tab in the right
pane of the window.
2. Enter Credentials
Go to Machine Commands and click Ctrl+Alt+Del.
In the log on box enter the following credentials and press Enter.
User Name: Administrator
Password: Pa$$w0rd
You can also use the Machine Commands menu to enter the user name and password.
3. Install Colasoft Capsa Network Analyzer
To install Colasoft Capsa Network Analyzer, navigate to E:\CEHv7 Module 08
Sniffers\Sniffing Tools\Packet Sniffing Tool\Capsa Network Analyzer.
Double-click capsa_ent_7.2.1.2299_demo.exe and follow the wizard-driven installation
steps to install Colasoft Capsa Network Analyzer.
4. Launch Colasoft Capsa Network Analyzer
To launch Colasoft Capsa Network Analyzer, navigate to Start --> All Programs -->
Colasoft Capsa 7 Demo --> Colasoft Capsa 7 Demo.
5. Welcome Screen
Click Buy Later or Close button on the Welcome screen to continue.
6. Create New Project
In the Capture tab of the main window, select the Local Area Connection check box in
Adapters and click Play located at the bottom-right of the window, which creates a New
Project
7. Analysis Report
You can view the analysis report in a graphical format in the Dashboard section of Node
Explorer.
8. Summary Tab
The Summary tab shows full analysis and statistics.
9. Diagnosis Tab
View the performance of protocols with the Diagnosis tab.
10. Protocol Tab
You can view an analysis of protocols on the Protocol tab.
11. IP Endpoint
The IP Endpoint tab displays statistics of all IP addresses communicating within the
Network.
On IP Endpoint tab, you can easily find the nodes with the highest traffic volumes, and
check if there is a multicast storm or broadcast storm in your network.
12. IP Conversation
The IP Conversation tab presents IP conversations between pairs of nodes.
The lower pane of the IP Conversation section offers UDP and TCP conversation, which
you can drill down to analyze.
13. TCP Conversation
The TCP Conversation tab dynamically presents the real-time status of TCP
conversations between pairs of nodes.
The lower pane on this tab offers related packets, time sequence charts, and
reconstructed data flow to help you drill down to analyze the conversations.
14. UDP Conversation
The UDP Conversation tab dynamically presents the real-time status of UDP
conversations between two nodes.
The lower pane of this tab gives you related packets and reconstructed data flow to help
you drill down to analyze conversations.
15. Matrix Tab
In the Matrix tab, you can view the nodes communicating in the network by connecting
them in lines graphically.
The weight of the line indicates the volume of traffic between nodes arranged in an
extensive ellipse.
You can easily navigate and shift between global statistics and details of specific network
nodes by switching corresponding nodes in the Node Explorer window.
16. Packet Tab
The Packet tab provides original information for any packet. It consists of three major
parts: Summary Decode, Hex/ASCII/EBCDIC Decode and Field Decode.
17. Log Tab
The Log tab provides an Email Log, FTP Log, DNS Log and HTTP Log.
You can view the logs of TCP conversations, web access, DNS transactions and email
communications.
18. Report Tab
The Report tab provides 27 statistics reports from the global network to a specific
network node.
You can view this display in 2D or 3D style of line charts or area charts. A new feature of
this tab allows you to create reports on demand.
19. Stop
Click Stop on the main window after completing your task.
Lab Analysis
In this lab you have analyzed a network using the Colasoft Capsa Network Analyzer.
You have performed:
Network traffic analysis
Network communication monitoring
Network problem diagnosis
Network security analysis
Network performance detection
Network protocol analysis
Exercise VII: Sniffing Passwords using Wireshark
Lab Scenario
To be an expert Ethical Hacker and Penetration Tester, you must have sound knowledge of
sniffing Network Packets, performing ARP Poisoning, spoofing network and DNS poisoning.
Lab Objectives
The objective of this lab is to demonstrate Sniffing technique to capture from multiple interfaces
and data collection from any network topology.
1. Logon to Windows Server 2008
Switch to Windows Server 2008 (10.10.10.1) machine from Machines tab in the right
pane of the window.
2. Enter Credentials
Go to Machine Commands and click Ctrl+Alt+Del.
In the log on box enter the following credentials and press Enter.
User Name: Administrator
Password: Pa$$w0rd
You can also use the Machine Commands menu to enter the user name and password.
3. Install Wireshark
To install Wireshark, navigate to E:\CEHv7 Module 08 Sniffers\Sniffing
Tools\Wireshark.
Double-click wireshark.exe and follow the wizard-driven installation steps to install
WireShark.
4. Launch Wireshark
Launch Wireshark in Windows Server 2008 (IP address: 10.10.10.1) (Host Machine).
To launch, click Start --> All Programs --> Wireshark --> Wireshark
5. Capture Interfaces
From the Wireshark menu bar, click Capture --> Interfaces...
6. Wireshark: Capture Interfaces
In the Wireshark Capture Interfaces box, find Ethernet Driver Interface that is
connected to the system.
Click Start button in that interface’s line.
7. Traffic Information
The wireshark displays the traffic captured.
8. Analyzing Captured Files
Now, click --> Stop button or you can stop the session from Capture tab and click -->
Stop
9. Analyze the Captured Files
Now, navigate to File option and click --> Open to analyze the captured files
10. Wireshark pop-up
Save Capture file before opening a new one pop-up appears click Contiue without
Saving button
11. Sample Capture File
For this lab, the sample captured file of telnet is located at E:\CEHv7 Module 08
Sniffers\Wireshark Sample Capture Files\telnet-cooked.pcap
Now, select sample captured file of Telnet and click --> Open as shown in below figure
12. Observe the Password
Telnet traffic is generated as shown in below figure
Now, browse to Frame number 29, and right click --> Follow TCP Stream
13. Follow TCP Stream
In Follow TCP Stream wizard, find the Login and Password option that extracted
Lab Analysis
In this lab you have performed Sniffing to capture from multiple interfaces and data collection
from any network topology.
Exercise VIII: Performing Man-In-The-Middle Attack using
Cain & Abel
Lab Scenario
To be an expert Ethical Hacker and Penetration Tester you must have sound knowledge of
sniffing, network protocols and their topology , TCP and UDP services, routing tables, remote
access (SSH or VPN), authentication mechanism and encryption techniques.
Lab Objectives
The objective of this lab to accomplish the following: Sniff network traffic and perform ARP
Poisoning
Launch Man-in-the-Middle attack
Sniff network for password~
1. Logon to Windows 7
Switch to Windows 7 (10.10.10.31) machine from Machines tab of the right pane of your
window.
2. Enter Credentials
In the log on box enter the following credentials and press Enter.
User Name: Administrator
Password: Pa$$w0rd
You can also use the Machine Commands menu to enter the user name and password.
3. Switch to Windows Server 2003
Switch to Windows Server 2003 machine from Machines tab in the right pane of the
window.
4. Enter Credentials
Go to Machine Commands and click Ctrl+Alt+Del.
In the log on box enter the following credentials and press Enter.
User Name: Administrator
Password: Pa$$w0rd
You can also use the Machine Commands menu to enter the user name and password.
5. Logon to Windows Server 2008
Switch to Windows Server 2008 (10.10.10.1) machine from Machines tab in the right
pane of the window.
You can use Machine Commands Ctrl + Alt + Del to login
6. Enter Credentials
In the log on box enter the following Credentials and press Enter
User Name: Administrator
Password: Pa$$w0rd
Once you login to Windows Server 2008 (10.10.10.1) machine server manager window
will pop-up, close server manager window.
You can use the Machine Commands menu to enter your user name and password
7. Install WinPcap
To install WinPcap, navigate to E:\CEHv7 Lab Prerequisites\WinPcap.
Double-click WinPcap_4_1_2.exe and follow the wizard-driven installation steps to
install WinPcap.
8. Install Cain & Abel
To install Cain & Abel, navigate to E:\CEHv7 Module 08 Sniffers\ARP Poisoning
Tools\Cain and Abel.
Double-click ca_setup.exe and follow the wizard-driven installation steps to install Cain
& Abel.
9. Launch Cain & Abel
To launch Cain & Abel navigate to Start --> All Programs --> Cain --> Cain
10. Configure Ethernet Card
When you first open Cain & Abel, you will notice a series of tabs near the top of the
window.
To configure Ethernet Card, click Configure from menu bar.
11. Configuration Dialog Box
Configuration Dialog window consists of several tabs. Click Sniffer tab to select sniffing
adapter.
Select adapter and click Apply and OK.
12. Start Sniffing
To start sniffing click Start/Stop Sniffer icon from the menu bar. And open Sniffer tab
13. Click + (Add to List) icon
Now click + icon to Scan for MAC Addresses from the menu bar
or
Right click on the dashboard and select Scan MAC Addresses from context menu
14. MAC Addresses Scanner
MAC Addresses Scanner wizard opens select All hosts in my subnet option or select
Range option from Target section.
From Promiscuous-Mode Scanner section check All Tests option then click OK button.
If you are selecting a Range option then you must provide the IP range of your network.
In this lab we have selected Range option and we have provided a range of 10.10.10.1 to
10.10.10.90
15. APR Tab
After scanning is complete, a list of detected MAC addresses is displayed.
Now click on APR tab from the bottom of cain & abel window.
+ (Add to List) icon will disabled in this tab.
16. Activate + (Add to List) icon
To activate this + (Add to List) icon click any where in the dashboard it will activate.
17. Click + (Add to List) icon
Click + (Add to List) icon to open New ARP Poison Routing wizard.
18. New ARP Poison Routing
In New ARP Poison Routing wizard select Windows Server 2003 (10.10.10.61) from the
left pane.
After selecting Windows Server 2003 (10.10.10.61) IP Address then in right pane it
displays Windows 7 (10.10.10.31) IP address. Now select Windows 7 IP Address from
the right pane and click OK button
19. Start APR Poisoning
Now click Start/Stop APR button to start APR poisoning as shown in the following
figure.
After clicking on Start/Stop APR button note down the packets generated.
20. Switch to Windows Server 2003
Switch to Windows Server 2003 (10.10.10.61) machine through Machines tab from the
right pane of the window
21. Launch Command Prompt
Launch Command Prompt in Windows Server 2003 (10.10.10.61) and in command
prompt type this command ping 10.10.10.31 and press Enter
10.10.10.31 is represents Windows 7 IP address
22. Switch to Windows Server 2008
Switch to Windows Server 2008 (10.10.10.1) machine through Machines tab from the
right pane of the window.
After switching to Windows Server 2008 you can observe some packets are captured in
Cain & Abel.
23. Switch to Windows Server 2003
Switch to Windows Server 2003 (10.10.10.61) machine through Machines tab from the
right pane of the window.
24. Launch IIS Manager
To launch IIS Manager, navigate to Start --> Administrative Tools --> Internet
Information Services (IIS) Manager.
25. FTP Site Service
In IIS Manager window select FTP Sites from the left pane and check whether the FTP
service is running.
If it is not running right-click on Default FTP Site and select the Start option from the
context menu.
26. Switch to Windows 7
Switch to Windows 7 (10.10.10.31) machine from Machines tab from the right pane of
the window.
27. Launch Firefox
Launch Firefox browser in Windows 7 (10.10.10.31) machine and type ftp://10.10.10.61
in the address bar and press Enter.
10.10.10.61 represents Windows Server 2003 IP address
28. Authentication Required
In Authentication Required pop-up enter the credentials of Windows Server 2003
(10.10.10.61) machine and click OK button.
Enter these Credentials User Name: Administrator
Password: Pa$$w0rd
29. Switch to Windows Server 2008
Switch to Windows Server 2008 (10.10.10.1) machine from Machines tab from the
right pane of the window.
30. Observe the Packets
Now check with the Packets in Cain & Abel.
31. Passwords Tab
Click Passwords tab at bottom
32. Captured Password
Select FTP from the left pane under Passwords.
Now check for the ftp://10.10.10.61 accessed from the Windows 7 machine
(10.10.10.31). It will display the password that you have entered at Authentication
Required pop-up.
Lab Analysis
In this lab you have accomplished the following: Sniffed network traffic and performed ARP
Poisoning.
You have now:
Launched Man-in-the-Middle attack
Sniffed network for password