.c
om
cu
u
du
o
ng
th
an
co
ng
Capturing Traffic
CuuDuongThanCong.com
/>
.c
om
Contents
ng
Networking for Capturing traffic
co
ARP Cache Poisoning
cu
u
du
o
ng
th
an
SSL Man-in-the-Middle Attacks
CuuDuongThanCong.com
/>
.c
om
1. Networking for Capturing traffic
co
Layer one device of the OSI model.
ng
Hubs Device:
an
Send frames out on all ports including the port in
Switches Device:
cu
u
MAC address table
du
o
ng
th
which the frame was received on
Switches provide separate collision domains on
each port
CuuDuongThanCong.com
/>
.c
om
Using Wireshark
Wireshark is a graphical network protocol analyzer that lets us take a deep
co
ng
dive into the individual packets moving around the network.
th
an
Wireshark can be used to capture Ethernet, wireless, Bluetooth, and many
cu
u
du
o
ng
other kinds of traffic
CuuDuongThanCong.com
/>
.c
om
2. ARP Cache Poisoning
To capture traffic not intended for the Kali system, we need to find some
co
ng
way to have the relevant data sent to our Kali system.
th
an
Perform a man-in-the-middle attack: redirect and intercept traffic between
cu
u
du
o
ng
two systems
CuuDuongThanCong.com
/>
.c
om
ng
co
an
th
ng
du
o
u
cu
CuuDuongThanCong.com
/>
.c
om
ng
co
an
th
ng
du
o
u
cu
CuuDuongThanCong.com
/>
.c
om
DNS Cache Poisoning
We can poison Domain Name Service (DNS) cache entries (mappings
co
ng
from domain names to IP addresses) to route traffic intended for another
th
an
website to one we control.
ng
We send a bunch of bogus DNS resolution replies pointing to the wrong IP
cu
u
du
o
address for a domain name
CuuDuongThanCong.com
/>
.c
om
ng
co
an
th
ng
du
o
u
cu
CuuDuongThanCong.com
/>
.c
om
3. SSL Man-in-the-Middle Attacks
The goal of SSL is to provide reasonable assurance that any sensitive
co
ng
information transmitted between a user’s browser and a server is secure -
cu
u
du
o
ng
th
an
unable to be read by a malicious entity along the way.
CuuDuongThanCong.com
/>
cu
u
du
o
ng
th
an
co
ng
.c
om
How SSL work
CuuDuongThanCong.com
/>
cu
u
du
o
ng
th
an
co
ng
.c
om
How SSL work
CuuDuongThanCong.com
/>
cu
u
du
o
ng
th
an
co
ng
.c
om
SSL Man-in-the-Middle Attacks
CuuDuongThanCong.com
/>