Skip to content

Latest commit

 

History

History
77 lines (53 loc) · 2.87 KB

2-network-attack.md

File metadata and controls

77 lines (53 loc) · 2.87 KB

Network Based Attacks

⚡ Prerequisites

  • Basic Cybersecurity & Network Concepts

📕 Learning Objectives

  • Describe service related Network Attacks
  • Identify network traffic and perform packet analysis
  • Perform MITM (Man in the Middle) attacks

🔬 Training list - PentesterAcademy/INE Labs

subscription required

🗒️ Network based attacks are attacks targeted towards specific network traffic and services.

  • ARP
  • DHCP
  • SMB
  • FTP
  • Telnet
  • SSH

🗒️ MITM (Man In The Middle) is a type of cybersecurity attack that allows the attacker to eavesdrop/listen on the legitimate communication between two targets.

https://www.veracode.com/security/man-middle-attack

e.g.

  • ARP Poisoning - intercept communication through broadcasting ARP packets and waiting for answers from other machines.
  • Promiscuous mode - listen to all the traffic on a network

Tools

Wireshark

🔬 Check some Wireshark traffic sniffing in this lab

  • e.g. Capture a nmap scan traffic with Wireshark
    • Check the interface before beginning the capture
    • Protocol Hierarchy Statistics
    • Identify all layers looking at captured packets
    • Default time display setting is relative time in seconds
    • Follow > TCP Stream to check an entire stream

Wireshark ARP traffic

Wireshark Protocol Hierarchy Statistics

Tshark

tshark - a network protocol analyzer that captures packet data from a live network or from a saved capture file. It is the CLI component of Wireshark.

  • Native capture file format is pcapng (Wireshark compatible)

tshark --help

arpspoof

arpspoof - a (old) tool to send out unrequested (and possibly forged) ARP replies and intercept packets on a switched LAN

arpspoof -h

🔬 Check some hands-on labs in the Tshark, ARP, WiFi Lab section