UNIVERSIDAD AUTÓNOMA DE NUEVO LEÓN

FACULTAD DE CIENCIAS FISICO MATEMATICAS

Practicas Avanzadas de Seguridad en Informatica

Week 9 - Sniffing

Maestro: Eleazar Fuentes Oaxaca

INTEGRANTE

Gilberto Alejandro Contreras Silva – 1683471

GRUPO: 006 AULA: 103

FECHA: Monterrey, N.L., 01 de octubre de 2019

Content
Process of sniffing and counter measures to mitigate risks associated to sniffing as a
hacking tool. ........................................................................................................................... 3
Wireshark disectors and tcpdump libpcap files. .................................................................... 4
Describes a spoofing attack.? ................................................................................................. 4
Process of sniffing and counter measures to mitigate risks associated
to sniffing as a hacking tool.
Packet sniffers work by blocking and logging system traffic that they can 'see' through the
wired or remote system interface that the parcel sniffing programming approaches on its
host PC.
On a wired system, what can be caught relies upon the structure of the system. A parcel
sniffer may have the option to see traffic on a whole system or just a specific fragment of
it, contingent upon how the system switches are arranged, set, and so on. On remote
systems, parcel sniffers can generally just catch each direct in turn except if the host PC has
different remote interfaces that take into consideration multichannel catch.
When the crude parcel information is caught, the bundle sniffing programming must
examine it and present it in intelligible structure with the goal that the individual utilizing
the bundle sniffing programming can understand it. The individual examining the
information can view subtleties of the 'discussion' occurring between at least two hubs on
the system. System experts can utilize this data to figure out where a shortcoming lies, for
example, figuring out which gadget neglected to react to a system demand.
Programmers can utilize sniffers to spy on decoded information in the parcels to perceive
what data is being traded between two gatherings. They can likewise catch data, for
example, passwords and confirmation tokens (on the off chance that they are sent free).
Programmers can likewise catch parcels for later playback in replay, man-in-the-center, and
bundle infusion assaults that a few frameworks might be powerless against.
Antisniff can recognize if a system interface on your system has been placed into
'indiscriminate mode' (don't giggle that is the genuine name for it), which is the necessary
mode for bundle catch undertakings.

Another approach to shield your system traffic from being sniffed is to utilize encryption,
for example, Secure Sockets Layer (SSL) or Transport Layer Security (TLS). Encryption
doesn't keep parcel sniffers from seeing source and goal data, however it encrypts the
information bundle's payload with the goal that all the sniffer sees is scrambled babble. Any
endeavor to alter or infuse information into the bundles would probably fizzle since
upsetting the scrambled information would cause mistakes that would be clear when the
encoded data was unscrambled at the opposite end.

Sniffers are extraordinary devices for diagnosing down-in-the-weeds organize issues.

Lamentably, they are helpful for hacking purposes too. It's significant for security experts to
acquaint themselves with these devices so they can perceive how a programmer may utilize
them on their system.

Wireshark disectors and tcpdump libpcap files.

Each dissector translates its piece of the convention, and after that hands off unraveling to
ensuing dissectors for an embodied convention.
Each dismemberment begins with the Frame dissector which analyzes the parcel subtleties
of the catch record itself (for example timestamps). From that point it passes the
information on to the most minimal level information dissector, for example the Ethernet
dissector for the Ethernet header. The payload is then passed on to the following dissector
(for example IP, etc. At each stage, subtleties of the parcel will be decoded and showed.
Analyzation can be executed in two potential manners. One is to have a dissector module
ordered into the primary program, which means it's constantly accessible. Another route is
to make a module (a mutual library or DLL) that registers itself to deal with dismemberment.
tcpdump is an outstanding order line parcel analyzer apparatus. Utilizing tcpdump order we
can catch the live TCP/IP parcels and these bundles can likewise be spared to a document.
Later on these caught parcels can be broke down by means of tcpdump direction. tcpdump
direction turns out to be convenient with regards to investigating on system level.

Describes a spoofing attack.?

Ridiculing is a pantomime of a client, gadget or customer on the Internet. It's regularly
utilized during a cyberattack to mask the wellspring of assault traffic.
The most widely recognized types of parodying are:

 DNS server caricaturing: Modifies a DNS server so as to divert a space name to an

alternate IP address. It's normally used to spread infections.
 ARP ridiculing: Links a culprit's MAC address to a real IP address through caricature
ARP messages. It's normally utilized willfully ignorant of administration (DoS) and
man-in-the-center strikes.
 IP address satirizing: Disguises an aggressor's starting point IP. It's normally utilized
in DoS strikes.