01 Feb cyber security multi-part question Network Sniffing and Spoofing Please install the VM and solve all tasks This lab will provide hands on experience for students to understand pack

cyber security multi-part question

Network Sniffing and Spoofing
Please install the VM and solve all tasks
This lab will provide hands on experience for students to understand packet sniffing and spoofing, two important concepts in network security. It is essential to understand these attacks to develop mitigation strategies against them, as both are major threats to network communication. Complete the SEED lab found at the link below.
https://seedsecuritylabs.org/Labs_16.04/Networking/Sniffing_Spoofing/
After completing the activity, take a screenshot showing that each step has been completed. Paste these screenshots in a Microsoft Word document and submit as evidence of completion to your instructor using the assignment drop box.
Requirements: All tasks
SEEDLabs?PacketSniffingandSpoofingLab1PacketSniffingandSpoofingLabCopyright?2006-2020WenliangDu,Allrightsreserved.Freetousefornon-commercialeducationalpurposes.Commercialusesofthematerialsareprohibited.TheSEEDprojectwasfundedbymultiplegrantsfromtheUSNationalScienceFoundation.1OverviewPacketsniffingandspoofingaretwoimportantconceptsinnetworksecurity;theyaretwomajorthreatsinnetworkcommunication.Beingabletounderstandthesetwothreatsisessentialforunderstandingse-curitymeasuresinnetworking.Therearemanypacketsniffingandspoofingtools,suchasWireshark,Tcpdump,Netwox,Scapy,etc.Someofthesetoolsarewidelyusedbysecurityexperts,aswellasbyattackers.Beingabletousethesetoolsisimportantforstudents,butwhatismoreimportantforstudentsinanetworksecuritycourseistounderstandhowthesetoolswork,i.e.,howpacketsniffingandspoofingareimplementedinsoftware.Theobjectiveofthislabistwo-fold:learningtousethetoolsandunderstandingthetechnologiesunder-lyingthesetools.Forthesecondobject,studentswillwritesimplesnifferandspoofingprograms,andgainanin-depthunderstandingofthetechnicalaspectsoftheseprograms.Thislabcoversthefollowingtopics:?Howthesniffingandspoofingwork?PacketsniffingusingthepcaplibraryandScapy?PacketspoofingusingrawsocketandScapy?ManipulatingpacketsusingScapyReadingsandVideos.Detailedcoverageofsniffingandspoofingcanbefoundinthefollowing:?Chapter15oftheSEEDBook,Computer&InternetSecurity:AHands-onApproach,2ndEdition,byWenliangDu.Seedetailsathttps://www.handsonsecurity.net.?Section2oftheSEEDLecture,InternetSecurity:AHands-onApproach,byWenliangDu.Seedetailsathttps://www.handsonsecurity.net/video.html.Labenvironment.Thislabhasbeentestedonourpre-builtUbuntu16.04VM,whichcanbedownloadedfromtheSEEDwebsite.NoteforInstructors.Therearetwosetsoftasksinthislab.Thefirstsetfocusesonusingtoolstoconductpacketsniffingandspoofing.ItonlyrequiresalittlebitofPythonprogramming(usuallyafewlinesofcode);studentsdonotneedtohaveapriorPythonprogrammingbackground.Thesetoftaskscanbeusedbystudentswithamuchbroaderbackground.ThesecondsetoftasksisdesignedprimarilyforComputerScience/Engineeringstudents.StudentsneedtowritetheirownCprogramsfromthescratchtodosniffingandspoofing.Thisway,theycangainadeeperunderstandingonhowsniffingandspoofingtoolsactuallywork.Studentsneedtohaveasolidprogrammingbackgroundforthesetasks.Thetwosetsoftasksareindependent;instructorscanchoosetoassignonesetorbothsetstotheirstudents,dependingontheirstudents?programmingbackground.
SEEDLabs?PacketSniffingandSpoofingLab22LabTaskSet1:UsingToolstoSniffandSpoofPacketsManytoolscanbeusedtodosniffingandspoofing,butmostofthemonlyprovidefixedfunctionalities.Scapyisdifferent:itcanbeusednotonlyasatool,butalsoasabuildingblocktoconstructothersniffingandspoofingtools,i.e.,wecanintegratetheScapyfunctionalitiesintoourownprogram.Inthissetoftasks,wewilluseScapyforeachtask.ThecurrentversionoftheSEEDVMmaynothaveScapyinstalledforPython3.WecanusethefollowingcommandtoinstallScapyforPyhon3.$sudopip3installscapyTouseScapy,wecanwriteaPythonprogram,andthenexecutethisprogramusingPython.Seethefollowingexample.WeshouldrunPythonusingtherootprivilegebecausetheprivilegeisrequiredforspoofingpackets.Atthebeginningoftheprogram(Line?),weshouldimportallScapy?smodules.$viewmycode.py#!/usr/bin/python3fromscapy.allimport*?a=IP()a.show()$sudopython3mycode.py###[IP]###version=4ihl=None…//Makemycode.pyexecutable(anotherwaytorunpythonprograms)$chmoda+xmycode.py$sudo./mycode.pyWecanalsogetintotheinteractivemodeofPythonandthenrunourprogramonelineatatimeatthePythonprompt.Thisismoreconvenientifweneedtochangeourcodefrequentlyinanexperiment.$sudopython3>>>fromscapy.allimport*>>>a=IP()>>>a.show()###[IP]###version=4ihl=None…2.1Task1.1:SniffingPacketsWiresharkisthemostpopularsniffingtool,anditiseasytouse.Wewilluseitthroughouttheentirelab.However,itisdifficulttouseWiresharkasabuildingblocktoconstructothertools.WewilluseScapyforthatpurpose.TheobjectiveofthistaskistolearnhowtouseScapytodopacketsniffinginPythonprograms.Asamplecodeisprovidedinthefollowing:
SEEDLabs?PacketSniffingandSpoofingLab3#!/usr/bin/python3fromscapy.allimport*defprint_pkt(pkt):pkt.show()pkt=sniff(filter=?icmp?,prn=print_pkt)Task1.1A.Theaboveprogramsniffspackets.Foreachcapturedpacket,thecallbackfunctionprintpkt()willbeinvoked;thisfunctionwillprintoutsomeoftheinformationaboutthepacket.Runtheprogramwiththerootprivilegeanddemonstratethatyoucanindeedcapturepackets.Afterthat,runtheprogramagain,butwithoutusingtherootprivilege;describeandexplainyourobservations.//Maketheprogramexecutable$chmoda+xsniffer.py//Runtheprogramwiththerootprivilege$sudo./sniffer.py//Runtheprogramwithouttherootprivilege$sniffer.pyTask1.1B.Usually,whenwesniffpackets,weareonlyinterestedcertaintypesofpackets.Wecandothatbysettingfiltersinsniffing.Scapy?sfilterusetheBPF(BerkeleyPacketFilter)syntax;youcanfindtheBPFmanualfromtheInternet.Pleasesetthefollowingfiltersanddemonstrateyoursnifferprogramagain(eachfiltershouldbesetseparately):?CaptureonlytheICMPpacket?CaptureanyTCPpacketthatcomesfromaparticularIPandwithadestinationportnumber23.?Capturepacketscomesfromortogotoaparticularsubnet.Youcanpickanysubnet,suchas128.230.0.0/16;youshouldnotpickthesubnetthatyourVMisattachedto.2.2Task1.2:SpoofingICMPPacketsAsapacketspoofingtool,ScapyallowsustosetthefieldsofIPpacketstoarbitraryvalues.TheobjectiveofthistaskistospoofIPpacketswithanarbitrarysourceIPaddress.WewillspoofICMPechorequestpackets,andsendthemtoanotherVMonthesamenetwork.WewilluseWiresharktoobservewhetherourrequestwillbeacceptedbythereceiver.Ifitisaccepted,anechoreplypacketwillbesenttothespoofedIPaddress.ThefollowingcodeshowsanexampleofhowtospoofanICMPpackets.>>>fromscapy.allimport*>>>a=IP()?>>>a.dst=?10.0.2.3?Á>>>b=ICMP()Â>>>p=a/bÃ>>>send(p)Ä.Sent1packets.
SEEDLabs?PacketSniffingandSpoofingLab4Inthecodeabove,Line?createsanIPobjectfromtheIPclass;aclassattributeisdefinedforeachIPheaderfield.Wecanusels(a)orls(IP)toseealltheattributenames/values.Wecanalsousea.show()andIP.show()todothesame.LineÁshowshowtosetthedestinationIPaddressfield.Ifafieldisnotset,adefaultvaluewillbeused.>>>ls(a)version:BitField(4bits)=4(4)ihl:BitField(4bits)=None(None)tos:XByteField=0(0)len:ShortField=None(None)id:ShortField=1(1)flags:FlagsField(3bits)=()frag:BitField(13bits)=0(0)ttl:ByteField=64(64)proto:ByteEnumField=0(0)chksum:XShortField=None(None)src:SourceIPField=?127.0.0.1?(None)dst:DestIPField=?127.0.0.1?(None)options:PacketListField=[]([])LineÂcreatesanICMPobject.Thedefaulttypeisechorequest.InLineÃ,westackaandbtogethertoformanewobject.The/operatorisoverloadedbytheIPclass,soitnolongerrepresentsdivision;instead,itmeansaddingbasthepayloadfieldofaandmodifyingthefieldsofaaccordingly.Asaresult,wegetanewobjectthatrepresentanICMPpacket.Wecannowsendoutthispacketusingsend()inLineÄ.Pleasemakeanynecessarychangetothesamplecode,andthendemonstratethatyoucanspoofanICMPechorequestpacketwithanarbitrarysourceIPaddress.2.3Task1.3:TracerouteTheobjectiveofthistaskistouseScapytoestimatethedistance,intermsofnumberofrouters,betweenyourVMandaselecteddestination.Thisisbasicallywhatisimplementedbythetraceroutetool.Inthistask,wewillwriteourowntool.Theideaisquitestraightforward:justsendanpacket(anytype)tothedestination,withitsTime-To-Live(TTL)fieldsetto1first.Thispacketwillbedroppedbythefirstrouter,whichwillsendusanICMPerrormessage,tellingusthatthetime-to-livehasexceeded.ThatishowwegettheIPaddressofthefirstrouter.WethenincreaseourTTLfieldto2,sendoutanotherpacket,andgettheIPaddressofthesecondrouter.Wewillrepeatthisprocedureuntilourpacketfinallyreachthedestination.Itshouldbenotedthatthisexperimentonlygetsanestimatedresult,becauseintheory,notallthesepacketstakethesameroute(butinpractice,theymaywithinashortperiodoftime).Thecodeinthefollowingshowsoneroundintheprocedure.a=IP()a.dst=?1.2.3.4?a.ttl=3b=ICMP()send(a/b)IfyouareanexperiencedPythonprogrammer,youcanwriteyourtooltoperformtheentireprocedureautomatically.IfyouarenewtoPythonprogramming,youcandoitbymanuallychangingtheTTLfieldineachround,andrecordtheIPaddressbasedonyourobservationfromWireshark.Eitherwayisacceptable,aslongasyougettheresult.
SEEDLabs?PacketSniffingandSpoofingLab52.4Task1.4:Sniffingand-thenSpoofingInthistask,youwillcombinethesniffingandspoofingtechniquestoimplementthefollowingsniff-and-then-spoofprogram.YouneedtwoVMsonthesameLAN.FromVMA,youpinganIPX.ThiswillgenerateanICMPechorequestpacket.IfXisalive,thepingprogramwillreceiveanechoreply,andprintouttheresponse.Yoursniff-and-then-spoofprogramrunsonVMB,whichmonitorstheLANthroughpacketsniffing.WheneveritseesanICMPechorequest,regardlessofwhatthetargetIPaddressis,yourprogramshouldimmediatelysendoutanechoreplyusingthepacketspoofingtechnique.Therefore,regard-lessofwhethermachineXisaliveornot,thepingprogramwillalwaysreceiveareply,indicatingthatXisalive.YouneedtouseScapytodothistask.Inyourreport,youneedtoprovideevidencetodemonstratethatyourtechniqueworks.3LabTaskSet2:WritingProgramstoSniffandSpoofPackets3.1Task2.1:WritingPacketSniffingProgramSnifferprogramscanbeeasilywrittenusingthepcaplibrary.Withpcap,thetaskofsniffersbecomesinvokingasimplesequenceofproceduresinthepcaplibrary.Attheendofthesequence,packetswillbeputinbufferforfurtherprocessingassoonastheyarecaptured.Allthedetailsofpacketcapturingarehandledbythepcaplibrary.TheSEEDbook?ComputerSecurity:AHands-onApproach?providesasamplecodeinChapter12,showinghowtowriteasimplesnifferprogramusingpcap.Weincludethesamplecodeinthefollowing(seethebookfordetailedexplanation).#include#include/*Thisfunctionwillbeinvokedbypcapforeachcapturedpacket.Wecanprocesseachpacketinsidethefunction.*/voidgot_packet(u_char*args,conststructpcap_pkthdr*header,constu_char*packet){printf(“Gotapacket\n”);}intmain(){pcap_t*handle;charerrbuf[PCAP_ERRBUF_SIZE];structbpf_programfp;charfilter_exp[]=”ipprotoicmp”;bpf_u_int32net;//Step1:OpenlivepcapsessiononNICwithnameeth3//Studentsneedstochange”eth3″tothename//foundontheirownmachines(usingifconfig).handle=pcap_open_live(“eth3″,BUFSIZ,1,1000,errbuf);//Step2:Compilefilter_expintoBPFpsuedo-codepcap_compile(handle,&fp,filter_exp,0,net);
SEEDLabs?PacketSniffingandSpoofingLab6pcap_setfilter(handle,&fp);//Step3:Capturepacketspcap_loop(handle,-1,got_packet,NULL);pcap_close(handle);//Closethehandlereturn0;}//Note:don?tforgettoadd”-lpcap”tothecompilationcommand.//Forexample:gcc-osniffsniff.c-lpcapTimCarstenshasalsowrittenatutorialonhowtousepcaplibrarytowriteasnifferprogram.Thetutorialisavailableathttp://www.tcpdump.org/pcap.htm.Task2.1A:UnderstandingHowaSnifferWorksInthistask,studentsneedtowriteasnifferprogramtoprintoutthesourceanddestinationIPaddressesofeachcapturedpacket.StudentscantypeintheabovecodeordownloadthesamplecodefromtheSEEDbook?swebsite(https://www.handsonsecurity.net/figurecode.html).Studentsshouldprovidescreenshotsasevidencestoshowthattheirsnif-ferprogramcanrunsuccessfullyandproducesexpectedresults.Inaddition,pleaseanswerthefollowingquestions:?Question1.Pleaseuseyourownwordstodescribethesequenceofthelibrarycallsthatareessentialforsnifferprograms.Thisismeanttobeasummary,notdetailedexplanationliketheoneinthetutorialorbook.?Question2.Whydoyouneedtherootprivilegetorunasnifferprogram?Wheredoestheprogramfailifitisexecutedwithouttherootprivilege??Quesiton3.Pleaseturnonandturnoffthepromiscuousmodeinyoursnifferprogram.Canyoudemonstratethedifferencewhenthismodeisonandoff?Pleasedescribehowyoucandemonstratethis.Task2.1B:WritingFilters.Pleasewritefilterexpressionsforyoursnifferprogramtocaptureeachofthefollowings.Youcanfindonlinemanualsforpcapfilters.Inyourlabreports,youneedtoincludescreenshotstoshowtheresultsafterapplyingeachofthesefilters.?CapturetheICMPpacketsbetweentwospecifichosts.?CapturetheTCPpacketswithadestinationportnumberintherangefrom10to100.Task2.1C:SniffingPasswords.Pleaseshowhowyoucanuseyoursnifferprogramtocapturethepass-wordwhensomebodyisusingtelnetonthenetworkthatyouaremonitoring.YoumayneedtomodifyyoursniffercodetoprintoutthedatapartofacapturedTCPpacket(telnetusesTCP).Itisacceptableifyouprintouttheentiredatapart,andthenmanuallymarkwherethepassword(orpartofit)is.3.2Task2.2:SpoofingWhenanormalusersendsoutapacket,operatingsystemsusuallydonotallowtheusertosetallthefieldsintheprotocolheaders(suchasTCP,UDP,andIPheaders).OSeswillsetmostofthefields,while
SEEDLabs?PacketSniffingandSpoofingLab7onlyallowinguserstosetafewfields,suchasthedestinationIPaddress,thedestinationportnumber,etc.However,ifusershavetherootprivilege,theycansetanyarbitraryfieldinthepacketheaders.Thisiscalledpacketspoofing,anditcanbedonethroughrawsockets.Rawsocketsgiveprogrammerstheabsolutecontroloverthepacketconstruction,allowingprogrammerstoconstructanyarbitrarypacket,includingsettingtheheaderfieldsandthepayload.Usingrawsocketsisquitestraightforward;itinvolvesfoursteps:(1)createarawsocket,(2)setsocketoption,(3)constructthepacket,and(4)sendoutthepacketthroughtherawsocket.TherearemanyonlinetutorialsthatcanteachyouhowtouserawsocketsinCprogramming.Wehavelinkedsometutorialstothelab?swebpage.Pleasereadthem,andlearnhowtowriteapacketspoofingprogram.Weshowasimpleskeletonofsuchaprogram.intsd;structsockaddr_insin;charbuffer[1024];//Youcanchangethebuffersize/*CreatearawsocketwithIPprotocol.TheIPPROTO_RAWparameter*tellsthesytemthattheIPheaderisalreadyincluded;*thispreventstheOSfromaddinganotherIPheader.*/sd=socket(AF_INET,SOCK_RAW,IPPROTO_RAW);if(sd<0){perror("socket()error");exit(-1);}/*Thisdatastructureisneededwhensendingthepackets*usingsockets.Normally,weneedtofilloutseveral*fields,butforrawsockets,weonlyneedtofillout*thisonefield*/sin.sin_family=AF_INET;//HereyoucanconstructtheIPpacketusingbuffer[]//-constructtheIPheader…//-constructtheTCP/UDP/ICMPheader…//-fillinthedatapartifneeded…//Note:youshouldpayattentiontothenetwork/hostbyteorder./*SendouttheIPpacket.*ip_lenistheactualsizeofthepacket.*/if(sendto(sd,buffer,ip_len,0,(structsockaddr*)&sin,sizeof(sin))field=…;udp->field=…;4.2Network/HostByteOrderandtheConversionsYouneedtopayattentiontothenetworkandhostbyteorders.Ifyouusex86CPU,yourhostbyteorderusesLittleEndian,whilethenetworkbyteorderusesBigEndian.Whateverthedatayouputintothepacketbufferhastousethenetworkbyteorder;ifyoudonotdothat,yourpacketwillnotbecorrect.YouactuallydonotneedtoworryaboutwhatkindofEndianyourmachineisusing,andyouactuallyshouldnotworryaboutifyouwantyourprogramtobeportable.Whatyouneedtodoistoalwaysremembertoconvertyourdatatothenetworkbyteorderwhenyouplacethedataintothebuffer,andconvertthemtothehostbyteorderwhenyoucopythedatafromthebuffertoadatastructureonyourcomputer.Ifthedataisasinglebyte,youdonotneedtoworryabouttheorder,butifthedataisashort,int,long,oradatatypethatconsistsofmorethanonebyte,youneedtocalloneofthefollowingfunctionstoconvertthedata:htonl():convertunsignedintfromhosttonetworkbyteorder.ntohl():reverseofhtonl().htons():convertunsignedshortintfromhosttonetworkbyteorder.ntohs():reverseofhtons().Youmayalsoneedtouseinetaddr(),inetnetwork(),inetntoa(),inetaton()toconvertIPaddressesfromthedotteddecimalform(astring)toa32-bitintegerofnetwork/hostbyteorder.YoucangettheirmanualsfromtheInternet.5SubmissionYouneedtosubmitadetailedlabreport,withscreenshots,todescribewhatyouhavedoneandwhatyouhaveobserved.Youalsoneedtoprovideexplanationtotheobservationsthatareinterestingorsurprising.Pleasealsolisttheimportantcodesnippetsfollowedbyexplanation.Simplyattachingcodewithoutanyexplanationwillnotreceivecredits.