Exploring Network Security through Tcpdump and Other Tools

Verified

Added on 2020/05/08

AI Summary

The 'Network Security and Forensics' assignment provides a practical approach for students to delve into network security mechanisms. Through the use of command-line tools like Tcpdump, Iptables, Hping3, and ProFTPd, participants explore various tasks including version checking with Tcpdump, listing interfaces, pinging loopback addresses while capturing traffic, FTP server setup and analysis, UDP and ICMP protocol manipulation, IPv4 fragmentation, IP fragment reassembly, sniffing in switched environments via ARP Cache Poisoning, TCP RST attacks on telnet and SSH connections, rate limiting, and iptables trickery. The tasks are designed to enhance understanding of network packet capturing, security vulnerabilities such as ARP spoofing and session disruption, firewall evasion techniques using fragment route tools, IP fragmentation reassembly, and defensive measures like rate limiting with Iptables.

Network Security and
Forensics

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Sample Outputs and the outputs we got in our practical tasks are
shown below.
a) Use the command tcpdump –V
Command: Tcpdump –V
1

b) Use tcpdump -D to list all of your available interfaces.
c) Ping 2130706433 and watch the traffic flow with tcpdump.
user@Ubuntu1:~$ ping 2130706433
PING 2130706433 (127.0.0.1) 56(84) bytes of data.
64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.018 ms
64 bytes from 127.0.0.1: icmp_seq=2 ttl=64 time=0.027 ms
64 bytes from 127.0.0.1: icmp_seq=3 ttl=64 time=0.033 ms
64 bytes from 127.0.0.1: icmp_seq=4 ttl=64 time=0.034 ms
64 bytes from 127.0.0.1: icmp_seq=5 ttl=64 time=0.034 ms
64 bytes from 127.0.0.1: icmp_seq=6 ttl=64 time=0.031 ms
64 bytes from 127.0.0.1: icmp_seq=7 ttl=64 time=0.029 ms
64 bytes from 127.0.0.1: icmp_seq=8 ttl=64 time=0.031 ms
64 bytes from 127.0.0.1: icmp_seq=9 ttl=64 time=0.032 ms
64 bytes from 127.0.0.1: icmp_seq=10 ttl=64 time=0.031 ms
64 bytes from 127.0.0.1: icmp_seq=11 ttl=64 time=0.032 ms
64 bytes from 127.0.0.1: icmp_seq=12 ttl=64 time=0.032 ms
64 bytes from 127.0.0.1: icmp_seq=13 ttl=64 time=0.031 ms
64 bytes from 127.0.0.1: icmp_seq=14 ttl=64 time=0.032 ms
2130706433 is nothing but the self IP / Loop back IP.
user@Ubuntu1:~$ ping -c1 2130706433
PING 2130706433 (127.0.0.1) 56(84) bytes of data.
2

64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.025 ms
--- 2130706433 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.025/0.025/0.025/0.000 ms
Task 2:
Already installed proftpd
Started the proftpd service
3

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Created one user account ftpuser using useradd command
Changed the password of the ftpuser to password
Tried to FTP the new installed FTPServer from another client
Captured the pocket using tcpdump
Stored the pcap file as Activity2.pcap
Got the following screen which clearly shows the password of the
ftpuser
5

Task 3 :
hping3 is already installed in the system
6

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

In the above examples ABCDE data travels using UDP first. Then
uses ICMP protocol which is a TCP protocol. In UDP , The destination
port unavailable message comes. In the ICMP mode the same ping
response comes in return.
Task 5: IPv4 Fragmentation
NETCAT LISTENER installed
10