Understanding Sniffing Techniques and Network Security in Ethernet LANs, Study Guides, Projects, Research of Applications of Computer Sciences

An introduction to sniffing techniques in ethernet lans, explaining how they are performed, their purposes, and methods for detection and blocking. It also covers the vulnerabilities of ethernet networks to sniffers and the use of anti-sniffer tools.

Typology: Study Guides, Projects, Research

2011/2012

Uploaded on 07/16/2012

sameer
sameer 🇮🇳

4.4

(60)

85 documents

1 / 12

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
----------------------------------------------------[ ]------------------------------------------------
1
Section-1
Introduction
This document contains the introduction and other information about the research related to
the study of sniffing techniques and the techniques about detection and blocking of sniffing
activities in Ethernet LANs.
First section of the document contains introduction, purpose, definitions and abbreviations
used in the document.
Second section of the document introduces some security issues, what is sniffing? Its
types, how sniffing is done, what are the purposes of sniffing activities and detection of
sniffing activities in Ethernet LANs.
Third section of the document states the proposed research work, its scope, benefits, and
project generic information.
Fourth Section of the document contains the references of the various documents used as
source of information for this document.
1.1 Purpose
This document serves as a control tool for the progress of the project. The objective of this
project is to study and understand sniffing techniques the techniques to block them and
design an effective Anti Sniffer for the Ethernet either hub based or switched. The intended
audience of this document is developer(s), supervisor(s) and the panel of examiners. This
document can be later on used for traceability and for monitoring the progress in research.
This document also serves as a starting point for documentation of the research.
1.2 Definitions and Abbreviations
Terms Definitions
Anti Sniffer Anti Sniffer is a software tool that detects and pinpoints the network sniffers
and help making communication secure over the network.
Broadcasting Sending a packet (data) to all destinations simultaneously is called
broadcasting. [3]
docsity.com
pf3
pf4
pf5
pf8
pf9
pfa

Partial preview of the text

Download Understanding Sniffing Techniques and Network Security in Ethernet LANs and more Study Guides, Projects, Research Applications of Computer Sciences in PDF only on Docsity!

Section-

Introduction

This document contains the introduction and other information about the research related to the study of sniffing techniques and the techniques about detection and blocking of sniffing activities in Ethernet LANs. First section of the document contains introduction, purpose, definitions and abbreviations used in the document. Second section of the document introduces some security issues, what is sniffing? Its types, how sniffing is done, what are the purposes of sniffing activities and detection of sniffing activities in Ethernet LANs. Third section of the document states the proposed research work, its scope, benefits, and project generic information. Fourth Section of the document contains the references of the various documents used as source of information for this document.

1.1 Purpose

This document serves as a control tool for the progress of the project. The objective of this project is to study and understand sniffing techniques the techniques to block them and design an effective Anti Sniffer for the Ethernet either hub based or switched. The intended audience of this document is developer(s), supervisor(s) and the panel of examiners. This document can be later on used for traceability and for monitoring the progress in research. This document also serves as a starting point for documentation of the research.

1.2 Definitions and Abbreviations

Terms Definitions Anti Sniffer Anti Sniffer is a software tool that detects and pinpoints the network sniffers and help making communication secure over the network. Broadcasting Sending a packet (data) to all destinations simultaneously is called broadcasting. [3]

Ethernet IEEE Standard 802.3 LAN Architecture which is widely used to make local area network. Hacker Hacker is a term often applied to computer software or computer hardware programmers, designers and administrators, especially those who are perceived as experts or highly accomplished in this field. [2] Hub A device that splits one network cable into a set of separate cables, each connecting to a different computer; used in a local area network to create a small-scale network by connecting several computers together. [13] Normal Mode In Normal Mode of communication network interface card reads all addresses of the packets coming on its terminal and accepts only packets that are destined for it. Packet A chunk or a block of data sent over the network transmitting the identities of the sending and receiving stations, error-control information, and message. [12] Promiscuous Mode

Normally an Ethernet interface reads all address information and accepts follow-on packets only destined for it, but when the interface is in promiscuous mode, it reads all information (sniffer), regardless of its destination. [12] Sniffer A sniffer is a program or a device that eavesdrops on the network traffic by grabbing information traveling over a network. [1] Switch (^) A network traffic monitoring device that controls the flow of traffic between multiple network nodes. [13] ARP Address Resolution Protocol. [7] DNS Domain Name System. [7] LAN Local Area Network. [7] MAC Medium Access Control. [7] TCP Transfer Control Protocol. [7] IP Internet Protocol. [7] RTT Round Trip Time. [11] NIC Network Interface Card. [10] DECNet Digital Equipment Corporation network : A networking protocol for DEC computers and network devices. [7] IPX Internetwork Packet Exchange - Networking Protocol used by the Novell NetWare OS. [8] Table 1 Deffinitions and Abbreviations

data, a computer running sniffer breaks this rule and accepts all packets, such machines are said to be put in promiscuous mod. See Fig-

Figure 1 Sniffing in Shared Ethernet

In case of Switched Ethernet environment the situation is quite different. Switch maintains a table of MAC address and physical port to which that MAC address is attached, data is not broadcasted and the communication between computers is point to point. A computer cannot listen to all the data passing through the Ethernet however there are methods of sniffing for Switched Ethernet. For example ARP Spoofing, MAC flooding etc. These techniques by using false MAC addresses steal the data and make communication insecure. See Fig-

Figure 2 Sniffing In Switched Ethernet

2.2.1 Sniffing

In normal flow data is transferred in both directions to and from a source Fig-2. Sniffers can be used both for legitimate network management functions and for stealing information off a network. Unauthorized sniffers can be extremely dangerous to a network's security because they are not easily detectable and can be inserted almost anywhere. This makes them a favorite weapon in the hacker's arsenal.

Figure 3 Normal Data Flow

2.2.3 How Sniffing works?

Sniffing is done by many methods right now we are considering its three types. Some of them work in shared networks while others work in switched networks. The methods that are mainly used are:  IP-based sniffing  MAC-based sniffing  ARP-based sniffing. [9]

2.2.3.1 IP-based sniffing It is called as the original way of sniffing. It works by changing the network card’s mode promiscuous and sniffing all packets matching the IP address filter. If the IP address of the filter is not set then it can capture all the packets running on the network. But it only works in shared networks. [9]

2.2.3.2 MAC-based sniffing MAC based sniffing works by putting the network card into promiscuous mode and sniffing all the data packets that contains matching MAC address. [9]

Computer B

Computer A

Direction ofdata flow

Physical Connection

Different sniffing tools perform different tasks, some can analyze hundreds of protocols while others can only deal with one or two. The most common protocols that are analyzed are TCP/IP, IPX, DECNet. Ordinarily, sniffer is used as an assistant for network management due to its monitoring and analyzing features that can help for troubleshooting, intrusion detection, and traffic control or supervise network contents. [5]

2.2.2 Threats of sniffers

Possible threats of sniffers that occur are listed below:  Stealing of usernames and passwords.  Getting documents that contain critical information.  Getting sensitive information.  Grabbing other information traveling over the internet.  Negative uses Negative uses of sniffers are well known due to network security issues given as following; a. Stealing passwords, which is the main reason for most illegal uses of sniffing tool. b.Capturing special and private information of transactions, like username, credit ID, account, and password. Fig-

Figure 5 Attacks on Authentication

c.Recording email or instant message and resuming its content. d.Some Sniffers even can modify target computer's information and damage the system. See figure 4.

Terminal A Normal

Terminal B Normal

Terminal C with Sniffer

Private Conversation

Figure 6 Grabbing of Data and Modification

e. Disserving the security of network places or to gain higher level authority.

Due to the issues stated above sniffers are becoming a bigger obstacle for network security. [5]

2.3 Methods for Detecting Sniffers

Sniffer detection is not an easy task due to their hiding properties. Detection task become more difficult when there is no trace of their presence in the network. However, there are some ways to detect them that are stated below,

  1. Run a sniffer and monitor the DNS traffic of nominated host.
  2. Judge from some status, for example, if the rate of lost packets on the network is abnormally high, or one machine on network occupies a big part of bandwidth for a long time, it may imply that a sniffer has been existed on your network.
  3. Check whether the system is in promiscuous mode, if so, a sniffer may be running at the same time.
  4. Use anti-sniffer software to search sniffer in network. [5]

Also there are some specific techniques that are used to detect sniffers these can be called as detection tests that are useful for the detection of ongoing sniffing activities. Some of these are given below.

Section-

Research

This section contains information about the purpose of research, its scope, benefits, project planning and other additional information.

3.1 Purpose

The sole purpose of this research is to make PIEAS Network secure against the different types of sniffing attacks. Other objectives include study of Ethernet architecture, protocols, sniffing techniques, techniques to detect the sniffers and the techniques to block the sniffers.

3.2 Scope

The scope of the project includes study of PIEAS Ethernet LAN, its vulnerability to sniffers. The project is limited to identify the vulnerabilities of PIEAS LAN to sniffers and developing a tool for prevention and avoidance against sniffing, the results may be used to improve the over all Ethernet LAN architecture against sniffing, however this should not be considered as one of the objective of the project.

3.4 Project Generic Information:

3.4.1 Project Team:

 Student Name

Adeel Iqbal

 Project Supervisor

Mr. Nauman Shamim

 Project Coordinator

Mr. S.M.Haroon

3.4.2 Project Plan

6 th^ Semester

  1. Project proposal
  2. Preparation of SRS.

7 th^ Semester

  1. Literature survey a. Study of existing sniffers for Ethernet (both hub and switched) b. Study of existing network sniffing techniques c. Study of network sniffing/eavesdropping detection techniques for Ethernet (both hub and switched) d. Study of blocking techniques
  2. Selection of techniques for simulation
  3. Study and selection of tools for simulation
  4. Design of simulations
  5. Design of sniffer blocking application

8th Semester

  1. Implementation of Selected sniffing techniques
  2. Implementation of Selected blocking techniques
  3. Simulation of attacks
  4. Integration of results (Application)
  5. Final Testing and Debugging
  6. Executive Summary
  7. Thesis

3.4.3 Project Duration

Estimated duration for Project completion is three semesters under total of 13 credit hours.