Network Security
- Project 3
Using
ARP spoofing attack to sniff the network traffic
a)
Learning Objectives:
As we have noticed in projects 1 and 2, an issue we have is
the need to enable the Ethereal in one of the communicating computers, in order
to sniff the network traffic. That is due to the nature of a switched network where
the switching device forwards the data based on its own ARP table. The
objectives of this project include: (1) Understanding how a switch network
operate; (2) Understanding how an ARP spoofing attack works.
b)
Tools utilized:
-
The student will be
provided an external hard disk, on which they may install Windows 2000
professional or windows XP.
-
A WEB/FTP/TELNET
server is setup for students to test the respective connection. The testing account
will be also provided.
·
The server IP address:
192.168.11.50
·
Testing account for
Web server: username: test /password: test
·
Testing account for
Ftp server: username: test /password: test
·
Testing account for
Telnet server: username: test /password: test
-
The student will use a
certain network tool to poison the ARP table of the two communicating
computers.
Recommended utility: WinARPSpoof V.0.5.3: local copy http://www.dcsl-uhcl.net/public/download.html
or download from
-
The student will use a
certain protocol analyzer to sniff network traffic between the two
communicating computers.
Recommended utility: Ethereal local copy http://www.dcsl-uhcl.net/public/download.html
or
URL http://www.openxtra.co.uk/downloads/ethereal-download.php
c)
Requirements:
-
The student will work
in a group of two. They will take turns to play one of the following two roles.
The first role is for one student to connect and use the network services, and
the other role is for a student to try to sniff the communications between the
first student’s workstation and the network server, according to the following
scenarios:
1.
HTTP traffic:
·
One student will use a
browser to connect to the web server and then submit the authentication
information to the web server.
·
The other student is
required to capture the HTTP traffic, and look for the username and the password
which his partner just submitted to the web server.
·
Students will submit
screen shots of running the sniffing tool. The screen shots should show the
username and the password.
2.
Telnet traffic:
·
One student will
connect to the Telnet server and then submit the authentication information to
the server.
·
The other student is
required to capture the telnet traffic, and look for the username and the password
that his partner just submitted to the server.
·
Students will submit
screen shots of the sniffing tool. The screen shots should show the username
and the password.
3.
FTP traffic:
·
One student will
connect to the Ftp server and then submit the authentication information to the
server.
·
The other student is
required to capture telnet traffic and look for the username and password that
his partner just submitted to the server.
·
Students will submit
screen shots of the tool that shows the username and password.
d)
Problem
classification:
This experiment can be classified as a network assignment
and also as a study experiment.
e)
How it may be
implemented in the security lab:
This project requires a LAN environment and a network
server to provide WEB, TELNET and FTP services. The project will be implemented
in the D158 network. Each student will be given an external hard disk in order
to install the OS and the utilities.
f)
Level of difficulty:
Based on the level of difficulty, this experiment can be
classified as an experiment of intermediate difficulty.
g)
Grading criteria and
methods:
The grader checks the screen shots and the files of
captured network traffic to see if the students have really succeeded in sniffing
the network traffic using the sniffing tools.
h)
Bonus point:
The student can discuss the method to protect computers and
local network against ARP spoofing
attack. He/She is required to implement a viable solution in the D158 LAN
(student network).