This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.
This chapter gives an overview of packet sniffing of wireless LAN and contains different types as packet sniffing in switched environment and non-switched environment and uses of the packet sniffing. It contains how packet can capture in wireless LAN network.
1.2 Packet sniffing:
According to Tony Bradley (n.d), packet sniffer is a simply a capture of all packets of data that passes to the network interface. It also captures all packets to traversing the network to the destination. By placing promiscuous mode on the network capture to analysis the traffic of the network. Packet sniffer is a piece of software or hardware to monitors all the traffic of the network. Packet sniffing is a tool in the computer network and then monitors the traffic of all the network and run in both non-switched and switched network.
According to Natarajan Meghanathan, Sumanth Reddy Allam and Loretta A. Moore (2009), sniffing is software to gather the traffic that runs into and out of the computer that connect to the network. Sniffers are used main in source for data collection in Intrusion Detection Systems (IDS) to match packets to design. Law enforcement agencies can use the sniffer to collect the exact traffic in the network and use the data for research analysis. Ethereal is the basis software and it is used broadly in the network packet and detain the packets from the network. It shows the information in headers of all the protocols that are used to transmit the packets with some requirement and filters the packet that depends on the user requirements. The stage supports the ethereal that contains Microsoft Windows, UNIX and Linux. Ethereal grant to select the border which one needs to detain the packets. It runs in promiscuous mode to detain the packets that do not contain the address of the device running.
1.3 Packet sniffing on Local Area Network:
According to Ryan Spangler (2003), it is a technique for network traffic where both switched and non switched network are effective. Packet sniffing is easy thing in the environment of non-switched network because the network traffic sends to hub which everyone to broadcast it. Switching network operates completely in different way. It sends the traffic only to destination host and switches have CAM tables where the tables stores the information as MAC address, Switch ports, VLAN information.
In this first check the host of ARP cache before sending traffic from one host to another in local area network. The table of ARP cache stores both IP address and MAC address of host in local network. The traffic of the packet sniffing goes to the source host and then to the destination host directly. Packet sniffing has several method of network. ARP cache is a protocol as Address Resolution Protocol (ARP) to sniff the traffic between the hosts. The ARP reply sends without receiving the ARP request.
1.3.1 Packet sniffing in Switched Environment:
According to Tom King (n.d), the packet sniffing is a large internal threat. The internet can not use packet sniffing software easily to traffic in LAN. Business has many reasons to update the network infrastructure that replace the hubs with new switches. The drivers started frequently for moving the switch environment as "it increases security". Packet s sniffing in a switched environment can able to communicate between the machines on switched network. By computing network environment the packet sniffing has provide the tools and the tools are powerful, which trouble shooting can facilitate the network administrator. The packet sniffer regards the tools that require certain technical to operate as dangerous utilities to perhaps but easy to operate, by detecting sniffing, it becomes widely obtainable. Packet sniffing of non-switched environment can understands the technology. It enables commercial and non-commercial tools to network traffic. The computer network card puts special "promiscuous" mode that has an idea to eavesdrop the network traffic. All the network traffic reaches the network card to access by the application in this mode. The more challenges of switched environment is to eavesdrop on network traffic and many techniques can enable the functionality. The existing tools can be combines to sniff on the switched network of filter to highlight the sensitive information. By large extent of packet sniffing, it replaces the hubs by switches to mitigate. Switches can send the network traffic to the machine. If suppose there are three machines as machine A, machine B and machine C. If machine A communicate with machine B then machine C cannot be able to eavesdrop of their conversation. Machine C cannot see the network traffic of the telnet that passes between the machines A and B. The switch ensures the traffic that does not travel over unnecessary ports and flows only the port machines of A and B to connect
1.3.2 Packet sniffing in non-switched environment:
The generation of packet sniffing tools is highly effective by reaping passwords and other information that is sensitive from the network. This is commonly used protocol to transmit data which is easily be sniffed. Improvement of NTLM can still susceptible to sniffing and cracking. Kerberos are widely used as
authentication protocol to choice the window environment modern as Windows XP clients and Windows 2003 server.
1.3.3 How to sniff the switched environment:
Sniffing traffic of switched environment can achieve by setting "man-in-the-middle". The attacker use various techniques that force to the network traffic to and from by the machine. Many techniques can be permit to sniff in switched environment where common techniques are ARP spoofing, MAC flooding, MAC duplicating, DHCP spoofing and port stealing. The tools can cover by using ARP spoofing technique of all.
1.4 How packet can capture:
Packet sniffer is a protocol to capture the packets that are by machine network interface. If the sniffer runs in the system, all the packets grabs to come into and goes out of Network Interface Card (NIC) machine that sniffer can installed. If NIC set to promiscuous mode to receive all the packets that sent to networks where, the network is connected to hub. In switched network, switches can not broadcast the packets that sniffer can unable to see the packets that do not have the destination address of the machine to install. The most common packet sniffer is Ethereal where it is knows as Wireshark. The old functionality of sniffer can still maintain by adding new features. Capture is one of the menu and we choose in that menu. Capture menu provides the user that to perform the packet capture and provides many options for situations and conditions.
1.5 How to sniff wireless packets:
Wireless sniffing can use the Wiresharks for the packets. Wireshark is a sophisticated wireless protocol to support the trouble shoot administrators in wireless network. The appropriate driver can support Wireshark to capture the traffic "from the air". Wireshark is a powerful wireless security tool. We can perform the detection analysis to indentify the wireless network to perform the single strength analysis to identify the location of the access point (AP).
1.5.1 Wireless sniffing Challenges:
In this shared environment can be analysis to run the workstation that wireshark to start the new packet to capture. In switched environment need to configure the span port to send the traffic to other stations before the packet capture is initiated. If the static channel is selected in wired network, it offer a single
mechanism to packet capture where the wireless network can operate multiple channels of wireless by using different frequencies in same location. Channel hopping technique is used to scan rapidly that are available in wireless channels were the appropriate channel numbers are identified. The other characteristics of wireshark are to range the wireless network between the capture station and transmitting device. The range between the capture station and transmitter is significant when wireless traffic is capture. The capture station is very far from the transmitters that unable to "hear" the wireless traffic.
1.6 Packet sniffer Simulator:
According to Xiaohong Yuan, Percy Vega, Jinsheng Xu, Huiming Yu and Stephen Providence (n.d), it demonstrates that how packet sniffer work in Local area network and how data packets are encapsulated through the stack protocol. Simulation is based on network with two subnets and two subnets are connected with router and each subnet has hub. In this first subnet had star topology and second subnet has bus topology. Packet sniffer explains difference between the hub, switch and a router and explains the topologies of star and bus. In this packet sniffer how data packet is transmitted in local area network and also explains the purpose of the "promiscuous mode" in network interface. Packet sniffer simulates the encapsulation and de-encapsulation process of the data packet through the stack protocol.
1.7 Uses of packet sniffer:
According to Ryan Spangler (2003), programs of sniffing can found in two forms. It uses to help to maintain the network and use to attacker to gain the unauthorized access of remote host. Packet sniffer commonly uses for searching the clear-text of username and password from the network and network traffic can convert into human readable form.
1.7.1 How Packet sniffer work:
It works to look at every packet that sent in network which includes packets that are not intended. Sniffer can also have different types of network that are depending. In this there are two types of Ethernet environments as shared Ethernet and Switched Ethernet. In shared Ethernet, all hosts can connected to same bus and compete with another for bandwidth. In such a way the packet meant for one machine that received by all other machine and any machine is placed in promiscuous mode that is able to capture packet for other machine .In Switched Ethernet hosts are connected to switch instead of hub that is called Switched Ethernet. Switch can maintain the table to keep track of every computers of MAC address and delivers the packet from the particular machine to the port where the machine is connected.
The intelligent device of switch can send the packets to the computer and do not broadcast to all machines in the network. Ethernet can intend for better performance of network but a machine in promiscuous mode can not work here. Most of the network administrators can assume that sniffer cannot work in switched environment.
1.7.2 Methods of sniffing:
Sniffing has three types of methods. Some methods can work in non-switched network and some can work in switched network. The methods are IP-based sniffing, MAC-based sniffing and ARP-based sniffing.
22.214.171.124 IP-based sniffing method:
It is the original for sniffing method. This works by keeping the network card into promiscuous mode and sniff the entire packets that matches to IP address filter. IP address filter is not a set in which it can capture all the packets. IP-based sniffing method can work in non-switched networks.
126.96.36.199 MAC-based sniffing method:
MAC-based sniffing method works by keeping the card of network into promiscuous mode and sniff all the packets that are matched to the MAC address filter.
188.8.131.52 ARP-based sniffing method:
It is some what different to work. In this method don't keep the network card into promiscuous mode. It is not necessary that ARP packets will sent us and ARP protocol is stateless. In this sniffing can not do in switched network. If ARP caches are poisoned then the two hosts can be connected and send the traffic directly to other hosts.
1.8 Wireless Network Sniffing:
According to prabhaker Mateti (n.d), sniffing is an attic falling on the network. The packet sniffing is a series to cooperate and translate the network traffic to transmit the average. It is not the TCP/IP problem, although it allow to pick the transmit media, Ethernet and 802.11 as the objective layer and data link layer. Sniffing is one of the techniques that are used in wired network. It is the fundamental technique that uses in the tackle to check the health of the system. It is simple to sniff the wireless network than wired network. In wired network, assailant has to find the way to fit the sniffer in one or more hosts in the targeted subnet.
1.8.1 Passive Scanning:
The scanning takes the action of sniffing by changing the different radio channel devices. It scans to train the wireless card to snoop all the channels for the few mails. Passive scanning has the mode called RF monitor that allows all border to show on the channels and is copied as radio to all the place tunes in different channels. The position in observe mode can capture the packets without connecting an ad-hoc network. The other mode called promiscuous mode that permit to detain all the wireless packets of the connected network.
1.9 Sniffing traffic:
According to Michael Sutton (2002), in this the key WAP has cracked. The procedure of sniffing to crack the traffic is not different than the wired LAN were all the sniffer cannot effort with the 802.11 network cards. If the network card is correctly configured, launch the traffic and relax.
1.10 Challenges of sniffing wireless:
Traditional network sniffing is quite simple to set up on an Ethernet network. In this it has two environments as shared environment and switched environment. These both describe about pocket capturing. In this it is simple to initiate a packet capture and begin gathering traffic for analysis. The process of traffic sniffing becomes more difficult and need extra decision when switch to wireless analysis. The assailant in large on the internet has the other techniques to build it possible and to fit the sniffer on the injured party equipment.
1.10.1 Selecting a Static Channel:
For a pocket capture a wireless network can operate on multiple wireless channels by different channels, where a wired network presents a single medium mechanism in the similar location. To study about the traffic for specific wireless station have to identify the frequency used by the aim device and arrange wireless card to use the same frequency before initiating packet capture. Why because wireless cards can operate on a single channel at any specified time. To capture traffic from multiple channels at the same time, require an extra wireless card for each channel to monitor.
1.10.2 Using Channel Hopping:
This is a technique to scan quickly through out all the obtainable wireless channels until it finds an appropriate channel number. Still the wireless card is operating on a single frequent at any known time
With channel hopping, the wireless card is still only operating on a single frequency at any given time, but is rapidly switching between different channels, thus allowing Wire shark to capture any traffic that is present on the current channel. Fortunately, Wire shark operates independently of the current channel selection; therefore, it is not necessary to stop and restart the packet capture before each
This chapter covered the packet sniffing on wireless LAN and contain types of packet sniffing, how to capture and work. It also contains the methods of packet sniffing, sniffing in wireless network traffic and selecting the static channel of the traffic and uses of the channel.