• Poisoning Attacks
  • 68 | Chapter 2: Network Security Testing Basics
    		•

    Learning Kali Linux




    Download 22,59 Mb.
    Pdf ko'rish
    bet70/225
    Sana14.05.2024
    Hajmi22,59 Mb.
    #232856
    1   ...   66   67   68   69   70   71   72   73   ...   225
    Bog'liq
    learningkalilinux

    Packet Captures | 67

    the data you have captured. One such view is the protocol hierarchy, as you can see in
    Figure 2-7
    .
    Figure 2-7. Protocol hierarchy in Wireshark
    The protocol hierarchy view is good for, among other things, quickly identifying pro‐
    tocols that you don’t recognize. It also helps you to determine which protocols are the
    most used. If you believe, for instance, that you are using a lot of UDP-based attacks,
    but UDP is a small fraction of the total number of messages sent, you may want to do
    some further investigation.
    Wireshark comes installed out of the box, so to speak, with Kali Linux. However, it
    can also be installed on other operating systems such as Windows and macOS as well
    as other Linux distributions. I can’t emphasize enough the value of this particular tool
    and the amount of work it can save after you get the hang of using it. Being able to
    completely decode application layer protocols so it can give you a little summary of
    what is happening with the application can be invaluable.
    Poisoning Attacks
    One of the challenges we have is that most networks are switched. The device you are
    connecting to sends messages only to the network port where your recipient is loca‐
    ted. In the old days, we used hubs. Whereas a switch is a unicast device, a hub is a
    broadcast device. Any message that came into a hub was sent out to all other ports in
    68 | Chapter 2: Network Security Testing Basics

    the hub, letting the endpoints figure out who the frame belonged to, based on the
    MAC address. There was no intelligence in the hub at all. It was simply a repeater.
    A switch changes all that. The switch reads the layer 2 header to determine the desti‐
    nation MAC address. It knows the port where the system that owns that MAC
    address is. It determines this by watching traffic coming into each port. The source
    MAC address gets attached to the port. The switch will commonly store these map‐
    pings in content addressable memory (CAM). Rather than having to scan through an
    entire table, the switch looks up the details by referring directly to the MAC address.
    This is the content that becomes the address the switch refers to in order to get the
    port information.
    Why is this relevant here? Because you will sometimes want to collect information
    from a system that you don’t have access to. If you owned the network and had access
    to the switch, you may be able to configure the switch to forward traffic from one or
    more ports to another port. This would be a mirror, rather than a redirection. The
    recipient gets the traffic, but also a monitoring device or someone capturing traffic
    for analysis would get the packets.
    To obtain the messages you need if you can’t get legitimate access to them, you can
    use a spoofing attack. In a 
    spoofing attack
    , you pretend to be someone you are not in
    order to get traffic. There are a couple of ways to do that, and we’ll take a look at these
    different attacks.

    Download 22,59 Mb.
    1   ...   66   67   68   69   70   71   72   73   ...   225




    Download 22,59 Mb.
    Pdf ko'rish