support@essaywritingexpert.org
Experiment 1: Network attack experiment
Student ID:
Name:
Experiment 1.1 Using Wireshark to capture data packets
1. Purpose of the experiment
1. Be familiar with the principles and techniques of network monitoring;
2. Be familiar with the use of Wireshark (Windows platform) and deepen your understanding of TCP/IP protocol;
3. Strengthen network security awareness.
2. Experimental Content
1. Start Wireshark (Windows platform) and set filters to capture the data packets between the host and the mail server.
2. Log in to the www server through the browser;
3. Analyze the data packets captured by Wireshark (Windows platform). Since some email services do not encrypt the user name, password and email content, this information can be obtained from the data packets.
3. Experimental environment and equipment
1. Experimental equipment: PC;
2. Software system: Wireshark (Windows system).
4. Experimental Principle
TCP protocol is the most widely used protocol in computer networks. Many application services such as FTP, HTTP, SMTP, etc. use TCP protocol at the transport layer. Therefore, if you want to capture TCP protocol data packets, you can analyze TCP protocol data packets after capturing the corresponding network service data packets to deeply understand the protocol encapsulation, protocol control process and data carrying process.
5. Experimental steps
HTTP uses TCP protocol at the transport layer, so FTP service is selected in this experiment. The packet capture process will use the display filter method to filter data packets.
1. Determine the target address: select our school’s academic affairs system as the target, and select the TCP protocol package in the application service http for analysis
2. Start packet capture: No need to set filters, just start packet capture
6. Experimental Results
1. Please provide the IP address of the academic affairs system
2. Please give the analysis results of the three-way handshake in the table, and provide the corresponding screenshots showing the fields below the three-way handshake.
| Source Address | Destination Address | SYN | Seq relative value | Seq relative value | |
| First Handshake | |||||
| Second handshake | |||||
| The third handshake |
3. Please provide the following results and corresponding screenshots (if the password can be intercepted, please provide the username). You can also try to use your own email login page.
| http client port | http server port | username | password |
7. Experimental summary (including experience, answers to questions and suggestions for experimental improvement)
Experiment 1.2 Hub and sniffing attack experiment
1. Purpose of the experiment
1. Verify the process of implementing a sniffing attack using a hub.
2. Verify that the sniffing attack will not affect the normal transmission process of MAC frames.
3. Verify that the sniffing attack is transparent to the source and destination terminals.
2. Experimental Content
To sniff the MAC frames sent by A and B to the router, you can insert a hub between the router and the switch and connect C to the hub. C can sniff all the MAC frames transmitted between A and B and the router.
3. Experimental Environment
1 Ethernet switch, 1 Hub, 2 PCs, 5 standard network cables
4. Experimental Principle
The hub is a broadcast device. After receiving a MAC frame from a certain port, it outputs the MAC frame from all other ports except the port that receives the MAC frame. When the hub receives a MAC frame from the port connected to the switch, it will output the MAC frame from the port connected to the router and the hacker. The MAC frame reaches the router and the hacker terminal at the same time.
5. Experimental steps
1. Start eNSP, place and connect devices according to the following network topology, and start all devices
Figure 2.1 Network topology connection diagram
2. Configure the IP addresses of PC1, PC2, and router AR:
| equipment | IP address | Subnet Mask | Gateway |
| A | |||
| B | |||
| Router (Gateway) |
3. After completing the terminal and router interface configuration process, test connectivity.
A ping router:
B pings the router:
4. Check the packets received by the LSW1 interface of the switch connected to AR1. Right-click AR (router), select Data Capture-Port, start Wireshark, and enter the displayed packet type ICMP in the display filter box to display only ICMP packets. Perform a ping operation in the PC1 command line window interface to view the ICMP packet transmission process (ICMP ECHO request and response packets) between the terminal and the router. Please provide the Wireshark interface and the captured packet sequence.
5. Insert hub HUB1 between router AR1 and switch LSW1, connect hacker terminal hack to hub HUB1, and complete the HUB1 connection process. Give the configuration of the IP address of the hacker terminal.
| equipment | IP address | Subnet Mask | Gateway |
| Hack Terminal |
6. To verify that the hacker terminal hack can sniff the packets exchanged between PC1 and router AR1. Right-click the port where the hacker terminal is connected to the switch, select Start packet capture, and start the capture function. Perform the ping operation again in the PC1 command line window interface to see the ICMP packet transmission process (ICMP ECHO request and response packets) between the terminal and the router. Please provide the Wireshark interface and the captured packet sequence.
7. Please compare the ICMP message sequences intercepted twice to see if they are the same. What if the port of PC2 host is intercepted?
8. Please give the IP address configuration process of router AR
Experiment 1.3 ARP spoofing attack experiment
1. Purpose of the experiment
1. Understand the address resolution process;
2. Understand the ARP message structure
3. Understand the implementation process of ARP spoofing attack.
2. Experimental Content
The network structure is shown in Figure 3.1. When terminal A, terminal B, and terminal C have completed the communication process with router R, there are three ARP table entries in the Address Resolution Protocol (ARP) buffer of router R for establishing the association between the IP addresses of the three terminals and the MAC addresses of the three terminals. In order to implement the ARP spoofing attack, terminal C sends an ARP request message to router R that associates the MAC address of terminal C with the IP address of terminal A, resulting in the existence of an ARP table entry in the ARP buffer of router R that associates the MAC address of terminal C with the IP address of terminal A. In this case, when terminal D sends an IP packet to terminal A, router R encapsulates the IP packet into a MAC frame with the MAC address of terminal C as the destination MAC address, resulting in the MAC frame being erroneously transmitted to terminal C.
Figure 3.1 Network structure
3. Experimental Principle
The implementation process of ARP spoofing attack is shown in Figure 3.2. In order to intercept the IP packet sent by router R to terminal A, terminal C sends an ARP request message to router R. The ARP request message binds terminal A’s IP address 192.1.1.1 and terminal C’s MAC address MAC C together. After receiving the ARP request message, router R creates an ARP table entry in the ARP buffer that binds terminal A’s IP address 192.1.1.1 and terminal C’s MAC address MACC together. The whole process is shown in Figure 3.2 (b).
(a) Create the correct ARP entry
(b) Creating an incorrect ARP entry
Figure 3.2 ARP attack implementation process
After router R establishes the erroneous ARP table entry as shown in Figure 3.2(b), when router R receives an IP packet sent by terminal D with terminal D’s IP address 192.1.2.1 as the source IP address and terminal A’s IP address 192.1.1.1 as the destination IP address, it encapsulates the IP packet into a MAC frame with the MAC address MACC bound to terminal A’s IP address 192.1.1.1 in the ARP buffer as the destination MAC address. The MAC frame is erroneously forwarded to terminal C by switches S2 and S3.
IV. Experimental Procedure
5. Experimental steps
1. Start eNSP, place and connect devices according to the following network topology, and start all devices
2. Give the IP address configuration of router AR:
| Device AR | IP address | Subnet Mask |
| GE0/0/0 | ||
| GE0/0/1 |
3. Please provide a diagram of the interface status displayed on router AR.
4. Complete the configuration of IP addresses, subnet masks and default gateways for the four PCs.
| equipment | IP address | Subnet Mask | Gateway |
| PC1 | |||
| PC1 | |||
| PC3 | |||
| PC4 |
5. In order to establish the ARP table entries corresponding to PC1, PC2 and PC3 in the ARP buffer of router AR1, PC1, PC2 and PC3 need to send ARP request packets to router AR1. When the ARP buffer of PC1, PC2 and PC3 is empty, the ARP address resolution process for the default gateway address is started by pinging the default gateway address. After PC1, PC2 and PC3 complete the ping operation on the default gateway address, please provide a screenshot of the ARP table entries in the ARP buffer of router AR1 (display arp).
6. In the PC4 command line window, execute the ping operation on PC1. Please provide a screenshot of the result.
7. ARP spoofing process: In order to establish an ARP entry in the ARP buffer of router AR1 that binds PC1’s IP address to PC3’s MAC address, change PC3’s IP address to PC1’s IP address, clear PC3’s ARP buffer, and complete the communication process between PC3 and router AR1. Check the ARP entry in the ARP buffer of router AR1 again. Please provide a screenshot of the ARP entry.
8. Reset the address of PC3 to the original address. Start the communication between PC4 and PC1. Please provide a screenshot of the interface showing the result of the ping operation on PC4.