3569659661

Lab 12 — Network Snllfing/IDS

Lab 12 — NetWork Sniffing/IDS

Lab Scen ario

Nctwork attacks...it is interesting how our common defenses may not work m our new virtual emrironments. Many companies have implemcntcd port security on the physicał network only to have that not implemented in the server en\/ironment due to so many macs coming through on physicał ports in a virtua/ or cloud environment. MWHA does utilize virtualization so we are going to be performing many network based attacks to test the response of the internat network at the MWHA datacenter.

Lab Duration

Time: 90 Minutes

Lab Sections

1. Capturing FTP password with Wireshark

2. Performing MitM with Cain

3. Performing MitM yyith sslstrip

Lab Resources Windows lO VM Debian VM Kali VM

Section 1 — Sniffing Passwords with Wireshark

1. Start Wireshark on your Kali Linux VM.

2. Now, choose the interface you want to use for capturing packets a. In this case, you will use ethO (might be ethl)\

>■

a

i

ar

Page 1222

Certified Penetration Testing Engineer -

v05.l5

©Milp? — Ali Ricrhtc Dnr''*'

■* K o,

usbcnon2

<S> Random packet generator randpkt

3. Click Capture -> Capture FWters

a. Wireshark has many capture h\ter opt\ons. 1 ake a \ook at them,hut do not changes.

i.    Ethernet Mdress 00 OC .29 AK .aa CC

1. Capture data to or Wom the gwen h/\ftC address.

ii.    \P Address 192.16a.X.X

1. Capture data to or Horn the gwen \P address.

iii.    No ARP

1. Do not capture any ARP trah\c.

iv. TCP On\y

1. On\y capture TCP traft\c.

v.    HTTP TCP Port ^

^{T w} ^»nh«rti    MWkyt*'

Vuiyi*    \    1    .    «...

»*• ^łr»| W«*t»w, IcwK

Wekome toW«t?shark

Capture

_us\ng this f*\er

»Y

Loopbatk: Vo nttog nfqueue usbmonl

1. On\y capture TCP HTTP traftc.

vi.    There are manv morę a\/a\\ab\e and \t \s recommende h\es, we w\W \eave \t b\ank to capture evier^tb\ng\

vV\.

2. Click the Options ® button

rortifipH PpnetrationTestlng tngmeer - vOS.lS