Networks, Attacks, and Protocol Structure

<h5><center>The Islamic University of Gaza<br>Engineering Faculty<br>Department of Computer Engineering</center></h5> <h1 style='border: none'><center>Networks, Attacks, and Protocol Structure</center></h1> <h6>Author: Mohammad M. owda</h6> ---- ## Introduction In this lab, we are going to talk about some popular tools for networks security, but don’t expect from me to teach you how we will use these tools, anyone who introduced a tool will put at least a simple documentation on how to use his tool, we will learn about these tools for the purpose of knowing about it, but we will dig deeper to learn how to create these tools, and understand how these tools work. --- ## Sniffing Sniffing a process of monitoring and capturing data through a data transporter. the key point here that the data could be transported using various things, maybe it's a HTTP or HTTPS requests maybe not. ### wireshark Wireshark is a packet analyzing program, mening that it can analyze any type of data, you can see the traffic on yous USB ports using wireshark, bluetooth, ethernet, wifi, etc. so if you know what type of packets you are expecting its more recommended to use a program for that specific type of data, e.g. Burp Suit for HTTP or HTTPS. ***Summary**: Use Wireshark if you want to analyze a protocol that you don’t know what it is.* ### Ettercap According to the Ettercap official website, Ettercap is a comprehensive suite for man in the middle attacks, so this tool implements a lot of man in the middle attacks and comes with a graphical user interface. *You can take a look at Ettercap features [here](https://en.wikipedia.org/wiki/Ettercap_(software)#Features).* While we are talking about Ettercap, we should mention the most used **man in the middle attacks:** #### ARP Poisoning: ARP means Address Resolution Protocol, this protocol is used to let the datalink layer know what is the MAC address of an IP, for example, if the switch received an IP packet with the IP 192.168.1.4, the switch will ask all the users, the user with that IP should send an ARP reply that contains his MAC address, So now the poisoning part, the attacker knows the IP address of a host in the network, he could send an ARP reply that contains the attacker MAC address, so from now the attacker will receive the packets from the switch! To do that in Ettercap: 1. Click Hosts menu -> Scan for hosts 2. Click Hosts menu -> Hosts 3. Add the router IP (e.g. 192.168.1.1) to target 1. 4. Add the victim IP (e.g. 192.168.1.6) to target 2. 5. Click Mitm menu -> ARP poisoning. This will let you poison the switch, and the victim, If you want to understand more, open the manual pages (e.g. man ettercap). #### DHCP Spoofing: As our routers have a DHCP list, which gives each MAC addresses an IP on the network, when your computer connects to the network your computer will ask for an IP address on the network, and the router gives your computer and IP, Now if the attacker reply before the router the victim will think that the attacker is the router, and sends all the packets to the attackers instead of the real (The attacker could be easily faster than the router if you have Switches in the path to the router). ---- ## Protocol Structure when you here about a protocol you need to know that its nothing fancy its just a list of conventions, we have seen the server query protocol at the firs lab: ![](https://i.imgur.com/xtCmNWq.png) it's just a matter of how is the data layed in the packet. today we are going to make our own protocols! ### Task No. 1 *Each student should work by himself, if you nees any thing just ask me.* You have a simple desktop application that allows you to send the students grades to the university server student by student, the application askes the user to enter three inputs for each student: 1. student ID 3. course 4. grade your job at this task is to write a protocol document that shows how to put the data you get from the application into a packet to be sent to the university server. ### Task No. 2 write a code that takes student ID, course , and grade as input and returns a packet that is created using the protocol you created at the first task. ---- ##### This lab text is heavily adapted from **[Mohammed Nafiz ALMadhoun](https://www.facebook.com/moh97)** ❤