SlideShare uma empresa Scribd logo

Packet capturing

Transferir como PPTX, PDF
P
PankajSingh1035

Computer Networking

Engenharia
1 de 13
Packet Capturing 1
Packet Capturing  Computer software that can intercept and log traffic passing over a digital network or part of a network is better known as packet sniffer.  The sniffer captures these packets by setting the NIC card in the promiscuous mode and eventually decodes them.  In a network, promiscuous mode allows a network device to intercept and read each network packet that arrives in its entirety.  It is a ultimate troubleshooting tool. 2
Content  PACKET SNIFFER  METHODS  USES  CAPABILITIES  IMPLEMENTATION  DETECTION  CONCLUSION 3
Packet Sniffer  Packet sniffer is a program running in a network attached device that passively receives all data link layer frames passing through the device's network adapter. It is also known as Network or Protocol Analyzer or Ethernet Sniffer.  The packet sniffer captures the data that is addressed to other machines, saving it for later analysis.  Packet sniffing is a passive technique, no one is attacking your computer and investigating through files, most of the time, system administrator uses packet sniffer to troubleshoot network problems. 4
Sniffing Methods  Sniffing method works in switched and non switched network.  Switched Networks  Non-Switched Networks  Sniffing Methods  IP Based Sniffing  MAC Based Sniffing  ARP Based Sniffing 5
Sniffing Methods (Cont.)  IP Based Sniffing It works by putting the network card into promiscuous mode and sniffing all packets matching the IP address filter. Normally, the IP address filter isn’t set so it can capture all the packets. This method only works in non-switched networks.  MAC Based Sniffing This method works by putting the network card into promiscuous mode and sniffing all packets matching the MAC address filter.  ARP Based Sniffing This method works a little different. It doesn’t put the network card into promiscuous mode. This isn’t necessary because ARP packets will be sent to us. This happens because the ARP protocol is stateless. Because of this, sniffing can be done on a switched network. 6
Why we use sniffers ?  Detection of clear-text username and passwords from the network.  Network instruction detection in order to discover hackers.  Used to debug communication between a client and a server.  Used to make network more secure- In order to come through to your network, it must pass through the packet sniffer..  Use to troubleshooting the network issues. 7
Capabilities of Sniffers  A sniffer program allows a user to watch all network traffic over any network interfaces connected to the host machine.  A sniffer program can watch TCP, IP, UDP, ICMP, ARP, RARP.  A sniffer also lets you watch port specific traffic for monitoring http, ftp, telnet, etc. traffic 8
Implementation  Create a raw socket.  Put it in a “recvfrom” loop and receive data on it. A raw socket when put in “recvfrom” loop receives all incoming packets. This is because it is not bound to a particular address or port. sock_raw = socket(AF_INET , SOCK_RAW , IPPROTO_TCP); while(1) { data_size = recvfrom(sock_raw , buffer , 65536 , 0 , &saddr , &saddr_size); } That's all. The buffer will hold the data sniffed or picked up. The sniffing part is actually complete over here. The next task is to actually read the captured packet, analyze it and present it to the user in a readable format. 9
Detection Of Sniffers  The DNS Test In this method, the detection tool itself is in promiscuous mode. We create numerous fake TCP connections on our network segment, expecting a poorly written sniffer to pick up on those connections and resolve the IP addresses of the nonexistent hosts.  The ARP Test • When a sniffer is suspected on a switched network a utility called “arpwatch” is available. Using this utility allows one to monitor the ARP cache of a machine to look for duplication for a machine. • If this is so, alarms may be triggered which can lead to the detection of sniffers. 10
Detection Of Sniffers (Cont.)  The Ping Test • Uses the fact that if a ping request is sent with an IP address rather than a MAC address it should not be seen by anyone on the network since the MAC address will not find a match. • Each Ethernet Adapter will reject the request. • If there is a sniffer on the machine of the IP used there will be a response because this machine doesn’t reject packets with a MAC address of other destinations. • An old method, no longer considered reliable. 11
Conclusion  Packet sniffers are a serious matter for network security.  A packet sniffer is not just a hacker’s tool. It can be used for network troubleshooting and other useful purposes.  However, in the wrong hands, a packet sniffer can capture sensitive personal information that can lead to invasion of privacy. 12
13

Recomendados

Network packet analysis -capture and Analysis
Network packet analysis -capture and AnalysisNetwork packet analysis -capture and Analysis
Network packet analysis -capture and Analysis
Manjushree Mashal
 
Using Tiny OS in Wireless Sensor Network
Using Tiny OS in Wireless Sensor NetworkUsing Tiny OS in Wireless Sensor Network
Using Tiny OS in Wireless Sensor Network
Deeptiman Mallick
 
Honeypot Basics
Honeypot BasicsHoneypot Basics
Honeypot Basics
Manoj kumawat
 
AODV Protocol
AODV ProtocolAODV Protocol
AODV Protocol
Darshan Rathi
 
Virtual private networks (vpn)
Virtual private networks (vpn)Virtual private networks (vpn)
Virtual private networks (vpn)
Avinash Nath
 
middleware
middlewaremiddleware
middleware
rajeswarimca
 
TinyOS 2.1 Tutorial: TOSSIM
TinyOS 2.1 Tutorial: TOSSIMTinyOS 2.1 Tutorial: TOSSIM
TinyOS 2.1 Tutorial: TOSSIM
Razvan Musaloiu-E.
 
Tor the onion router
Tor the onion routerTor the onion router
Tor the onion router
n|u - The Open Security Community
 

Recomendados

Network packet analysis -capture and Analysis
Network packet analysis -capture and AnalysisNetwork packet analysis -capture and Analysis
Network packet analysis -capture and Analysis
Manjushree Mashal
 
Using Tiny OS in Wireless Sensor Network
Using Tiny OS in Wireless Sensor NetworkUsing Tiny OS in Wireless Sensor Network
Using Tiny OS in Wireless Sensor Network
Deeptiman Mallick
 
Honeypot Basics
Honeypot BasicsHoneypot Basics
Honeypot Basics
Manoj kumawat
 
AODV Protocol
AODV ProtocolAODV Protocol
AODV Protocol
Darshan Rathi
 
Virtual private networks (vpn)
Virtual private networks (vpn)Virtual private networks (vpn)
Virtual private networks (vpn)
Avinash Nath
 
middleware
middlewaremiddleware
middleware
rajeswarimca
 
TinyOS 2.1 Tutorial: TOSSIM
TinyOS 2.1 Tutorial: TOSSIMTinyOS 2.1 Tutorial: TOSSIM
TinyOS 2.1 Tutorial: TOSSIM
Razvan Musaloiu-E.
 
Tor the onion router
Tor the onion routerTor the onion router
Tor the onion router
n|u - The Open Security Community
 
Computer Networks: Quality of service
Computer Networks: Quality of serviceComputer Networks: Quality of service
Computer Networks: Quality of service
Kongu Engineering College, Perundurai, Erode
 
IoT Physical Servers and Cloud Offerings.pdf
IoT Physical Servers and Cloud Offerings.pdfIoT Physical Servers and Cloud Offerings.pdf
IoT Physical Servers and Cloud Offerings.pdf
GVNSK Sravya
 
Firewalls
FirewallsFirewalls
Firewalls
Kalluri Madhuri
 
Packet Sniffing
Packet SniffingPacket Sniffing
Packet Sniffing
guestfa1226
 
Snmp
SnmpSnmp
Snmp
jignash
 
Port scanning
Port scanningPort scanning
Port scanning
Hemanth Pasumarthi
 
Wireshark Basics
Wireshark BasicsWireshark Basics
Wireshark Basics
Yoram Orzach
 
Packet sniffers
Packet sniffers Packet sniffers
Packet sniffers
Ravi Teja Reddy
 
IDS and IPS
IDS and IPSIDS and IPS
IDS and IPS
Santosh Khadsare
 
Tcpdump
TcpdumpTcpdump
Tcpdump
Sourav Roy
 
Honeypot2
Honeypot2Honeypot2
Honeypot2
KirtiGoyal25
 
M2M systems layers and designs standardizations
M2M systems layers and designs standardizationsM2M systems layers and designs standardizations
M2M systems layers and designs standardizations
FabMinds
 
Tcp
TcpTcp
Tcp
Varsha Kumar
 
Network traffic analysis with cyber security
Network traffic analysis with cyber securityNetwork traffic analysis with cyber security
Network traffic analysis with cyber security
KAMALI PRIYA P
 
Packet capture in network security
Packet capture in network securityPacket capture in network security
Packet capture in network security
Chippy Thomas
 
TCP/IP and UDP protocols
TCP/IP and UDP protocolsTCP/IP and UDP protocols
TCP/IP and UDP protocols
Dawood Faheem Abbasi
 
CS6003 AD HOC AND SENSOR NETWORKS
CS6003 AD HOC AND SENSOR NETWORKSCS6003 AD HOC AND SENSOR NETWORKS
CS6003 AD HOC AND SENSOR NETWORKS
Kathirvel Ayyaswamy
 
Wireless LAN security
Wireless LAN securityWireless LAN security
Wireless LAN security
Rajan Kumar
 
VLAN and its implementation
VLAN and its implementation VLAN and its implementation
VLAN and its implementation
Mohit Kumar
 
Distributed document based system
Distributed document based systemDistributed document based system
Distributed document based system
Chetan Selukar
 
Packet sniffers
Packet sniffersPacket sniffers
Packet sniffers
Kunal Thakur
 
Ethical Hacking - sniffing
Ethical Hacking - sniffingEthical Hacking - sniffing
Ethical Hacking - sniffing
Bhavya Chawla
 

Mais conteúdo relacionado

Mais procurados

Honeypot2
Honeypot2Honeypot2
Honeypot2
KirtiGoyal25
 
Wireless LAN security
Wireless LAN securityWireless LAN security
Wireless LAN security
Rajan Kumar
 
Distributed document based system
Distributed document based systemDistributed document based system
Distributed document based system
Chetan Selukar
 

Mais procurados (20)

Computer Networks: Quality of service
Computer Networks: Quality of serviceComputer Networks: Quality of service
Computer Networks: Quality of service
 
IoT Physical Servers and Cloud Offerings.pdf
IoT Physical Servers and Cloud Offerings.pdfIoT Physical Servers and Cloud Offerings.pdf
IoT Physical Servers and Cloud Offerings.pdf
 
Firewalls
FirewallsFirewalls
Firewalls
 
Packet Sniffing
Packet SniffingPacket Sniffing
Packet Sniffing
 
Snmp
SnmpSnmp
Snmp
 
Port scanning
Port scanningPort scanning
Port scanning
 
Wireshark Basics
Wireshark BasicsWireshark Basics
Wireshark Basics
 
Packet sniffers
Packet sniffers Packet sniffers
Packet sniffers
 
IDS and IPS
IDS and IPSIDS and IPS
IDS and IPS
 
Tcpdump
TcpdumpTcpdump
Tcpdump
 
Honeypot2
Honeypot2Honeypot2
Honeypot2
 
M2M systems layers and designs standardizations
M2M systems layers and designs standardizationsM2M systems layers and designs standardizations
M2M systems layers and designs standardizations
 
Tcp
TcpTcp
Tcp
 
Network traffic analysis with cyber security
Network traffic analysis with cyber securityNetwork traffic analysis with cyber security
Network traffic analysis with cyber security
 
Packet capture in network security
Packet capture in network securityPacket capture in network security
Packet capture in network security
 
TCP/IP and UDP protocols
TCP/IP and UDP protocolsTCP/IP and UDP protocols
TCP/IP and UDP protocols
 
CS6003 AD HOC AND SENSOR NETWORKS
CS6003 AD HOC AND SENSOR NETWORKSCS6003 AD HOC AND SENSOR NETWORKS
CS6003 AD HOC AND SENSOR NETWORKS
 
Wireless LAN security
Wireless LAN securityWireless LAN security
Wireless LAN security
 
VLAN and its implementation
VLAN and its implementation VLAN and its implementation
VLAN and its implementation
 
Distributed document based system
Distributed document based systemDistributed document based system
Distributed document based system
 

Semelhante a Packet capturing

For your final step, you will synthesize the previous steps and la
For your final step, you will synthesize the previous steps and laFor your final step, you will synthesize the previous steps and la
For your final step, you will synthesize the previous steps and la
ShainaBoling829
 
AN ACTIVE HOST-BASED INTRUSION DETECTION SYSTEM FOR ARP-RELATED ATTACKS AND I...
AN ACTIVE HOST-BASED INTRUSION DETECTION SYSTEM FOR ARP-RELATED ATTACKS AND I...AN ACTIVE HOST-BASED INTRUSION DETECTION SYSTEM FOR ARP-RELATED ATTACKS AND I...
AN ACTIVE HOST-BASED INTRUSION DETECTION SYSTEM FOR ARP-RELATED ATTACKS AND I...
IJNSA Journal
 
Chapter 12
Chapter 12Chapter 12
Chapter 12
cclay3
 
Network Protocol Analyzer
Network Protocol AnalyzerNetwork Protocol Analyzer
Network Protocol Analyzer
Sourav Roy
 
NON-INTRUSIVE REMOTE MONITORING OF SERVICES IN A DATA CENTRE
NON-INTRUSIVE REMOTE MONITORING OF SERVICES IN A DATA CENTRENON-INTRUSIVE REMOTE MONITORING OF SERVICES IN A DATA CENTRE
NON-INTRUSIVE REMOTE MONITORING OF SERVICES IN A DATA CENTRE
cscpconf
 
Cyber_Threat_Intelligent_Cyber_Operation_Contest
Cyber_Threat_Intelligent_Cyber_Operation_ContestCyber_Threat_Intelligent_Cyber_Operation_Contest
Cyber_Threat_Intelligent_Cyber_Operation_Contest
nkrafacyberclub
 

Semelhante a Packet capturing (20)

Packet sniffers
Packet sniffersPacket sniffers
Packet sniffers
 
Ethical Hacking - sniffing
Ethical Hacking - sniffingEthical Hacking - sniffing
Ethical Hacking - sniffing
 
Packet sniffing in LAN
Packet sniffing in LANPacket sniffing in LAN
Packet sniffing in LAN
 
Network monotoring
Network monotoringNetwork monotoring
Network monotoring
 
A REVIEW ON NMAP AND ITS FEATURES
A REVIEW ON NMAP AND ITS FEATURESA REVIEW ON NMAP AND ITS FEATURES
A REVIEW ON NMAP AND ITS FEATURES
 
An Approach to Detect Packets Using Packet Sniffing
An Approach to Detect Packets Using Packet SniffingAn Approach to Detect Packets Using Packet Sniffing
An Approach to Detect Packets Using Packet Sniffing
 
For your final step, you will synthesize the previous steps and la
For your final step, you will synthesize the previous steps and laFor your final step, you will synthesize the previous steps and la
For your final step, you will synthesize the previous steps and la
 
Scanning and Enumeration in Cyber Security.pptx
Scanning and Enumeration in Cyber Security.pptxScanning and Enumeration in Cyber Security.pptx
Scanning and Enumeration in Cyber Security.pptx
 
AN ACTIVE HOST-BASED INTRUSION DETECTION SYSTEM FOR ARP-RELATED ATTACKS AND I...
AN ACTIVE HOST-BASED INTRUSION DETECTION SYSTEM FOR ARP-RELATED ATTACKS AND I...AN ACTIVE HOST-BASED INTRUSION DETECTION SYSTEM FOR ARP-RELATED ATTACKS AND I...
AN ACTIVE HOST-BASED INTRUSION DETECTION SYSTEM FOR ARP-RELATED ATTACKS AND I...
 
A Survey on different Port Scanning Methods and the Tools used to perform the...
A Survey on different Port Scanning Methods and the Tools used to perform the...A Survey on different Port Scanning Methods and the Tools used to perform the...
A Survey on different Port Scanning Methods and the Tools used to perform the...
 
Wiretapping
WiretappingWiretapping
Wiretapping
 
04-post-connection-attacks.pdf
04-post-connection-attacks.pdf04-post-connection-attacks.pdf
04-post-connection-attacks.pdf
 
Chapter 12
Chapter 12Chapter 12
Chapter 12
 
Nmap
NmapNmap
Nmap
 
Contents namp
Contents nampContents namp
Contents namp
 
Contents namp
Contents nampContents namp
Contents namp
 
Network Protocol Analyzer
Network Protocol AnalyzerNetwork Protocol Analyzer
Network Protocol Analyzer
 
NON-INTRUSIVE REMOTE MONITORING OF SERVICES IN A DATA CENTRE
NON-INTRUSIVE REMOTE MONITORING OF SERVICES IN A DATA CENTRENON-INTRUSIVE REMOTE MONITORING OF SERVICES IN A DATA CENTRE
NON-INTRUSIVE REMOTE MONITORING OF SERVICES IN A DATA CENTRE
 
Cyber_Threat_Intelligent_Cyber_Operation_Contest
Cyber_Threat_Intelligent_Cyber_Operation_ContestCyber_Threat_Intelligent_Cyber_Operation_Contest
Cyber_Threat_Intelligent_Cyber_Operation_Contest
 
Scanning.pptx
Scanning.pptxScanning.pptx
Scanning.pptx
 

Último

Call Girls Wakad Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Wakad Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Wakad Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Wakad Call Me 7737669865 Budget Friendly No Advance Booking
roncy bisnoi
 
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Arindam Chakraborty, Ph.D., P.E. (CA, TX)
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
dollysharma2066
 
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak HamilCara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Kandungan 087776558899
 
AKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdfAKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdf
ankushspencer015
 
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Call Girls in Nagpur High Profile
 
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
dharasingh5698
 

Último (20)

Intze Overhead Water Tank Design by Working Stress - IS Method.pdf
Intze Overhead Water Tank Design by Working Stress - IS Method.pdfIntze Overhead Water Tank Design by Working Stress - IS Method.pdf
Intze Overhead Water Tank Design by Working Stress - IS Method.pdf
 
NFPA 5000 2024 standard .
NFPA 5000 2024 standard .NFPA 5000 2024 standard .
NFPA 5000 2024 standard .
 
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdfONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
 
Design For Accessibility: Getting it right from the start
Design For Accessibility: Getting it right from the startDesign For Accessibility: Getting it right from the start
Design For Accessibility: Getting it right from the start
 
Block diagram reduction techniques in control systems.ppt
Block diagram reduction techniques in control systems.pptBlock diagram reduction techniques in control systems.ppt
Block diagram reduction techniques in control systems.ppt
 
Call Girls Wakad Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Wakad Call Me 7737669865 Budget Friendly No Advance BookingCall Girls Wakad Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Wakad Call Me 7737669865 Budget Friendly No Advance Booking
 
Water Industry Process Automation & Control Monthly - April 2024
Water Industry Process Automation & Control Monthly - April 2024Water Industry Process Automation & Control Monthly - April 2024
Water Industry Process Automation & Control Monthly - April 2024
 
UNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its PerformanceUNIT - IV - Air Compressors and its Performance
UNIT - IV - Air Compressors and its Performance
 
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
 
Unit 2- Effective stress & Permeability.pdf
Unit 2- Effective stress & Permeability.pdfUnit 2- Effective stress & Permeability.pdf
Unit 2- Effective stress & Permeability.pdf
 
Thermal Engineering-R & A / C - unit - V
Thermal Engineering-R & A / C - unit - VThermal Engineering-R & A / C - unit - V
Thermal Engineering-R & A / C - unit - V
 
Thermal Engineering Unit - I & II . ppt
Thermal Engineering Unit - I & II . pptThermal Engineering Unit - I & II . ppt
Thermal Engineering Unit - I & II . ppt
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
 
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak HamilCara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
 
Unit 1 - Soil Classification and Compaction.pdf
Unit 1 - Soil Classification and Compaction.pdfUnit 1 - Soil Classification and Compaction.pdf
Unit 1 - Soil Classification and Compaction.pdf
 
Generative AI or GenAI technology based PPT
Generative AI or GenAI technology based PPTGenerative AI or GenAI technology based PPT
Generative AI or GenAI technology based PPT
 
AKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdfAKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdf
 
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
 
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
 
chapter 5.pptx: drainage and irrigation engineering
chapter 5.pptx: drainage and irrigation engineeringchapter 5.pptx: drainage and irrigation engineering
chapter 5.pptx: drainage and irrigation engineering
 

Packet capturing

  • 2. Packet Capturing  Computer software that can intercept and log traffic passing over a digital network or part of a network is better known as packet sniffer.  The sniffer captures these packets by setting the NIC card in the promiscuous mode and eventually decodes them.  In a network, promiscuous mode allows a network device to intercept and read each network packet that arrives in its entirety.  It is a ultimate troubleshooting tool. 2
  • 3. Content  PACKET SNIFFER  METHODS  USES  CAPABILITIES  IMPLEMENTATION  DETECTION  CONCLUSION 3
  • 4. Packet Sniffer  Packet sniffer is a program running in a network attached device that passively receives all data link layer frames passing through the device's network adapter. It is also known as Network or Protocol Analyzer or Ethernet Sniffer.  The packet sniffer captures the data that is addressed to other machines, saving it for later analysis.  Packet sniffing is a passive technique, no one is attacking your computer and investigating through files, most of the time, system administrator uses packet sniffer to troubleshoot network problems. 4
  • 5. Sniffing Methods  Sniffing method works in switched and non switched network.  Switched Networks  Non-Switched Networks  Sniffing Methods  IP Based Sniffing  MAC Based Sniffing  ARP Based Sniffing 5
  • 6. Sniffing Methods (Cont.)  IP Based Sniffing It works by putting the network card into promiscuous mode and sniffing all packets matching the IP address filter. Normally, the IP address filter isn’t set so it can capture all the packets. This method only works in non-switched networks.  MAC Based Sniffing This method works by putting the network card into promiscuous mode and sniffing all packets matching the MAC address filter.  ARP Based Sniffing This method works a little different. It doesn’t put the network card into promiscuous mode. This isn’t necessary because ARP packets will be sent to us. This happens because the ARP protocol is stateless. Because of this, sniffing can be done on a switched network. 6
  • 7. Why we use sniffers ?  Detection of clear-text username and passwords from the network.  Network instruction detection in order to discover hackers.  Used to debug communication between a client and a server.  Used to make network more secure- In order to come through to your network, it must pass through the packet sniffer..  Use to troubleshooting the network issues. 7
  • 8. Capabilities of Sniffers  A sniffer program allows a user to watch all network traffic over any network interfaces connected to the host machine.  A sniffer program can watch TCP, IP, UDP, ICMP, ARP, RARP.  A sniffer also lets you watch port specific traffic for monitoring http, ftp, telnet, etc. traffic 8
  • 9. Implementation  Create a raw socket.  Put it in a “recvfrom” loop and receive data on it. A raw socket when put in “recvfrom” loop receives all incoming packets. This is because it is not bound to a particular address or port. sock_raw = socket(AF_INET , SOCK_RAW , IPPROTO_TCP); while(1) { data_size = recvfrom(sock_raw , buffer , 65536 , 0 , &saddr , &saddr_size); } That's all. The buffer will hold the data sniffed or picked up. The sniffing part is actually complete over here. The next task is to actually read the captured packet, analyze it and present it to the user in a readable format. 9
  • 10. Detection Of Sniffers  The DNS Test In this method, the detection tool itself is in promiscuous mode. We create numerous fake TCP connections on our network segment, expecting a poorly written sniffer to pick up on those connections and resolve the IP addresses of the nonexistent hosts.  The ARP Test • When a sniffer is suspected on a switched network a utility called “arpwatch” is available. Using this utility allows one to monitor the ARP cache of a machine to look for duplication for a machine. • If this is so, alarms may be triggered which can lead to the detection of sniffers. 10
  • 11. Detection Of Sniffers (Cont.)  The Ping Test • Uses the fact that if a ping request is sent with an IP address rather than a MAC address it should not be seen by anyone on the network since the MAC address will not find a match. • Each Ethernet Adapter will reject the request. • If there is a sniffer on the machine of the IP used there will be a response because this machine doesn’t reject packets with a MAC address of other destinations. • An old method, no longer considered reliable. 11
  • 12. Conclusion  Packet sniffers are a serious matter for network security.  A packet sniffer is not just a hacker’s tool. It can be used for network troubleshooting and other useful purposes.  However, in the wrong hands, a packet sniffer can capture sensitive personal information that can lead to invasion of privacy. 12
  • 13. 13