Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Community
Ask the community for help and clear up your study doubts
Discover the best universities in your country according to Docsity users
Free resources
Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors
Material Type: Lab; Class: Computer Network Security; Subject: Electrcl & Computer Engr; University: University of the Pacific; Term: Unknown 2007;
Typology: Lab Reports
1 / 13
This page cannot be seen from the preview
Don't miss anything!
12/20/
If any of your force be killed or captured, thesecretary will disavowany knowledge of youractions...this tape willself destruct in 5seconds...Good Luck, Jim LAB 3
Scenario
You are logged onto a computer that is connected toa LAN that is not switched. (The computers areinterconnected using hubs.)You know that the target is about to log onto hiscomputer and use the network. You want to monitor (sniff) the target’s activities.
12/20/
LAB 3
(sniff) the target’s activities. Your target is:
You
Note:
In a later demonstration, we will see how a switched LAN can be exploited in order to stillmonitor any target on the LAN.
Potential Show Stoppers
None, all Wireshark does is put the NIC inpromiscuous mode and then watch what comes itsway.
12/20/
LAB 3
How You Do It •^
Run Wireshark. –^
Click on the desktop icon or…
-^
Click on Start/AllPrograms/Wireshark/Wireshark.
-^
Select Capture/Interfaces (
see next slide
You can download thelatest Wireshark at:http://www.wireshark. org ).
12/20/
LAB 3
This windowThis window
appears:appears:
“Capture“Capturepackets inpackets inpromiscuouspromiscuousmode” is setmode” is set by defaultby default 12/20/ by defaultby default
Check theseCheck these
Click onClick on
StartStart
The Wireshark Capture window appears
12/20/ window appears
-^
Visit
the website:
-^
www.jkandtc.com
-^
Close
the website (click the
x )
Then click on
Capture/Stop
The Wireshark resultswindow will appear….^ –^
See next slide…
12/20/
MS IE7.
equivalentof data
Select the SYN packet. •^
In the middle frame, you will see:^ –^
A “Frame” section
-^
An “Ethernet” section^ • Here, you will find the source (your) MAC address
Maximum Segment Size(MSS) = the largestpacket you can send me
LAB 3
-^
An “Internet Protocol” section^ • Here, you find the value of the “Time to live” (TTL) flag
(much more on this later) – what is the value?
-^
A “Transmission Control Protocol” section^ • Here, you find the Header Length (it’s
not
20 bytes – there
must something added in the Options field - what? Hint:You client is telling the server something.)
-^
Repeat the above, looking at the SYN-ACK packet sent bythe server
“Expand All” displays the entirecontents of each header (MAC,IP, & TCP). Scroll down to the“Internet Protocol” section – theTTL setting is right below theFragment offset setting.
