Sniffing
Sniffing is the process of monitoring and capturing data packets in a network. It is quite powerful to be able to view network traffic, but it is not always trivial to capture.
Last updated
Sniffing is the process of monitoring and capturing data packets in a network. It is quite powerful to be able to view network traffic, but it is not always trivial to capture.
Last updated
Note that the SPAN port on a switch is a port that is configured to receive a copy of every packet passing through the switch.
MAC Flooding is a network attack technique that forces a network switch to behave like a hub by flooding its Content Addressable Memory (CAM) table with a large number of fake MAC addresses. This can lead to the switch broadcasting data to all devices, potentially compromising network security. It is considered a noisy and less sophisticated approach.
Macof is a Linux tool that is a part of the dsniff collection. It sends random MAC and IP addresses which will flood the CAM tables.
macof -i <interface> -n <packets>
DHCP (Dynamic Host Configuration Protocol) attacks involve the manipulation or disruption of the DHCP service on a network.
DHCP (Dynamic Host Configuration Protocol) Starvation is a network attack where an attacker floods a DHCP server with a large number of DHCP request messages, often using spoofed MAC addresses. The goal is to exhaust the available IP addresses in the DHCP server's pool, leaving no valid IP addresses for legitimate clients. As a result, when legitimate devices attempt to obtain an IP address through DHCP, they are unable to do so, causing network disruption. DHCP Starvation attacks are typically used by malicious actors to disrupt network operations, leading to denial of service (DoS) conditions or facilitating other attacks.
Tools:
is a Python script used to perform DHCP Starvation attacks, where it floods a DHCP server with requests to exhaust available IP addresses, potentially disrupting network operations.
is a network packet generator and testing tool designed for simulating Ethernet, IP, TCP, and UDP traffic. Can also be used for DHCP starvation attacks.
is a network tool that specializes in DHCP Starvation attacks, aiming to deplete available IP addresses from DHCP servers and create network disruptions.
is a tool used for DHCP and ARP-related attacks, allowing attackers to exhaust IP addresses and disrupt network communication by exploiting DHCP and ARP protocols.
Yersinia is a network tool and security tool designed to perform various Layer 2 (Data Link Layer) attacks, including protocol-specific attacks such as ARP spoofing and DHCP attacks, making it a useful tool for testing network security and identifying vulnerabilities at the data link layer.
Open Yersinia in interactive mode by typing yersinia -I and pressing Enter.
To dismiss the Notification window, press any key, and then press 'h' for help.
Exit the help options by pressing 'q'.
Switch to DHCP mode by pressing F2. In DHCP mode, the STP Fields in the lower section of the window will change to DHCP Fields.
To view available attack options, press 'x'.
A window titled "Attack Panel" will appear. Initiate a DHCP starvation attack by pressing '1'.
Yersinia will begin sending DHCP packets to the network adapter and all active machines in the local network, as shown in the screenshot.
In a Rogue DHCP Server Attack, an attacker sets up a rogue or unauthorized DHCP server on a network. This rogue server responds to DHCP (Dynamic Host Configuration Protocol) requests from client devices with counterfeit or malicious IP addresses and configuration information. As a result, unsuspecting client devices obtain IP addresses and network settings from the rogue server instead of the legitimate DHCP server. This can lead to network disruptions, as clients may be misconfigured and unable to access network resources properly.
DNS (Domain Name System) poisoning, also known as DNS spoofing, is a technique used to corrupt the DNS cache with incorrect or malicious IP-to-domain mappings. This can redirect users to fraudulent websites, compromise network integrity, and enable various forms of cyberattacks.
ARP Poisoning is a network attack that involves manipulating the ARP cache of devices on a local network. Attackers send fake ARP messages, associating their own MAC address with the IP address of another device, typically the default gateway. This causes traffic meant for the legitimate device to be rerouted through the attacker's system, allowing them to intercept, modify, or eavesdrop on the traffic.
Tools:
Enter the command arpspoof -i <interface> -t <Access Point IP> <Target IP> to signal to the access point that the host machine's MAC address corresponds to the target system. Essentially, this action informs the access point that the host is the target system.
To achieve the opposite, employ the command arpspoof -i <interface> -t <Target IP> <Access Point IP. This command communicates to the target system that it's the access point.
Spoofing attacks involve impersonating a legitimate entity, device, or service to deceive or exploit other systems or users. There are various types of spoofing attacks, including IP spoofing, email spoofing, DNS spoofing, and MAC spoofing
Telnet
Keystrokes, including usernames and passwords, are transmitted in clear text.
Rlogin
Similar to Telnet, Rlogin sends keystrokes, usernames, and passwords in clear text.
HTTP
All data, including requests and responses, is transmitted in clear text.
POP (Post Office Protocol)
Passwords and data are exchanged in clear text when retrieving email.
IMAP (Internet Message Access Protocol)
Like POP, IMAP also sends passwords and email data in clear text.
SMTP (Simple Mail Transfer Protocol)
SMTP transmits email messages, including passwords and data, in clear text.
NNTP (Network News Transfer Protocol)
NNTP sends newsgroup posts and data in clear text.
FTP (File Transfer Protocol)
FTP transfers files and data, including passwords, in clear text, potentially exposing sensitive information.
is a command-line tool that enables attackers to redirect network traffic by manipulating ARP (Address Resolution Protocol) tables, often used for man-in-the-middle attacks.
is a Python network tool designed for various network tasks, including packet analysis, scanning, and performing network-level attacks, making it useful for security professionals and network administrators.
is a versatile framework and tool used for network analysis and attacks, including man-in-the-middle (MITM) attacks, network scanning, and traffic manipulation, often used in security testing and ethical hacking.
is a framework that simplifies man-in-the-middle attacks on networks, allowing attackers to intercept, manipulate, and control network traffic, posing security risks if used maliciously.