SlideShare a Scribd company logo

Packet sniffing & ARP Poisoning

Viren Rao, profile picture
Viren Rao

The document discusses packet sniffing and its implications on network security, specifically focusing on ARP spoofing vulnerabilities in the SICS network. It highlights the use of Wireshark for capturing packets, the risk assessment process, and the need for effective mitigation strategies, including the configuration of switches for better security. Various methods for addressing ARP poisoning are evaluated, with recommendations for actions to enhance security and reduce risks.

Technology
1 of 31
Downloaded 148 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
Packet sniffing & ARP Poisoning
Packet sniffing is a term used to describe Capturing of packets that are transmitted over a network
Wireshark is a free and open-source packet analyser. It is used for network troubleshooting, analysis, software and communications protocol development, and education.
The SICSR network is susceptible to ARP spoofing which is a technique whereby an attacker sends fake (“spoofed”)Address resolution protocol(ARP) messages onto a LAN. Generally, the aim is to associate the attacker's Mac address with the IP of another host (such as the default gateway), causing any traffic meant for that IP address to be sent to the attacker instead.
Packet sniffing & ARP Poisoning
After downloading and installing Wireshark, you can launch it and click the name of an interface under Interface List to start capturing packets on that interface. For example, if you want to capture traffic on the wireless network, click your wireless interface. You can configure advanced features by clicking Capture Options, but this isn’t necessary for now.
Packet sniffing & ARP Poisoning
As soon as you click the interface’s name, you’ll see the packets start to appear in real time. Wireshark captures each packet sent to or from your system. If you’re capturing on a wireless interface and have promiscuous mode enabled in your capture options, you’ll also see other the other packets on the network.
Packet sniffing & ARP Poisoning
The captured packets can be filtered according to protocol , IP, method and various other parameters.
Wireshark was a tool used to analyze the network and identify that ARP poisoning is possible on the network. The sniffer would not give any result if the poisoning failed.
Audit Plan Auditor Name: Viren Rao Date of Auditing :24/8/2014 Scope Plan Audit Selection area Selection criteria for auditors Training plan for auditors Audit goal Audit status Reporting Audit archival location To evaluate whether ARP poisoning is possible Check for new needs for improvement, Start Date: 24/8/2014 , Closure Date: 7/9/2014. Last audit results: ARP poisining is still possible hence enabling packet sniffing Selection of auditors: risk analyst, project manager and system admin The system admins will be needed to trained to take appropriate actions Is packet sniffing possible ? Level of risk is HIGH SICSR network
FMEA is a disciplined procedure, which allows anticipating failures and preventing their occurrence in implementation/development. FMEA Process in Packet sniffing :  Select the design for FMEA team.  Identify critical areas Analyse network  Identified associated failure mode and effects. Are the Analysis tools giving any output ? Just avoid that risk.  Assign severity, occurrence and detection rating to each cause. Severity :High Occurrence: 1/10  Calculate Risk Priority Number (PRN) for each cause RPN : 8/10  Determine recommended action to reduce all RPN  Take appropriate actions.  Recalculate all RPN;’s with actual results.
RISK mitigation PLAN TITLE:Packet sniffing analyst:Viren Rao Date:10/8/2014 Risk id Date identified risk Source Catgory Severity probability index impact in $ Exposure to risk identified Response Mitigation plan Contengency plan Threshold trigger for contengency plan ownership Risk status Progress 1 10-08- 2014 Packet sniffing SICSR Technical Risk High least likely No $ harm less Accepted Risk Avoidance Configure and purchace appropriate firewalls SICSR Yet to be mitigated Packet sniffing is still possible
Security is something that most organizations try to work upon . However it is observed that most organizations seldom look into an untouched area which is the Layer 2 of the OSI which can open the network to a variety of attacks and compromises.
Currently this vulnerability has not been exploited. If at all this vulnerability is exploited this could be a major security breach as all packets moving around a single subnet on the network can be intercepted .
ď‚žTo allocate resources and implement cost-effective controls, ď‚žorganizations, after identifying all possible controls and ď‚ževaluating their feasibility and effectiveness, should conduct a ď‚žcost-benefit analysis for each proposed control to determine ď‚žwhich controls are required and appropriate for their ď‚žcircumstances. ď‚žBenefits could be: ď‚ž Tangible: Quantitative ď‚ž Intangible: Qualitative
Cost factor New in Rs. Enhancements in Rs. Hardware 90,000 30,000 Software -- -- Policies and procedures 50,000 20,000 Efforts 100000 50000 Training 50000 10000 Maintenance 50000
Man In The Middle attacks(MITM) which are done using ARP poisoning can be prevented in numerous ways. However all methods are not suitable in all scenarios .
To prevent ARP spoofing you need to add a static ARP on the LAN. This method become troublesome if your router changed frequently, so if you use this prevention method you need to delete the old one and add the new one if it change.
Configuration of existing switches to use Private VLANS where one port can only speak with the gateway. Even things on the same subnet must go through the gateway to talk.
According to a white paper ,Cisco Catalyst 6500 Series Switches have an mechanism to prevent such attacks .It provides a feature called Dynamic ARP Inspection (DAI) which helps prevent ARP poisoning and other ARP- based attacks by intercepting all ARP requests and responses, and by verifying their authenticity before updating the switch's local ARP cache or forwarding the packets to the intended destinations
The first method is This method is strictly not suitable for the SICSR network as it is a temporary solution for small networks. Considering the fact that we have Webservers running on our network, the second method will significantly hamper the performance of the network ,and therefore is not suitable for the network infrastructure. The third method is the best solution for this vulnerability and should be implemented on priority basis.
Packet sniffing & ARP Poisoning
• Purpose: To assess the risk involved in packet sniffing. • Scope of this risk assessment: Components are SICSR network.
Briefly describe the approach used to conduct the risk assessment, such as—  Risk Assessment Team Members  Check whether PR poisoning is possible
ď‚žServer, Network, Interface. ď‚ž The mission is to avoid sniffing.
ď‚žPackets on network can be intercepted.
List the observations: ď‚ž Identification of existing mitigating security controls: Implementing use of tools to detect poisoning. ď‚ž Likelihood and evaluation: low likelihood ď‚ž Impact analysis and evaluation: High impact ď‚ž Risk rating based on the risk-level matrix: Medium
ď‚žPacket sniffing is a technical risk, Risk level is high, we can use features in new switches or configure existing switches for patching the risk
Packet sniffing & ARP Poisoning

More Related Content

PPTX
Packet sniffers
Kunal Thakur
 
PPTX
Packet sniffing
Shyama Bhuvanendran
 
PPTX
Packet Sniffer
vilss
 
PPTX
Introduction to penetration testing
Nezar Alazzabi
 
PPTX
Packet sniffers
Ravi Teja Reddy
 
PPT
Packet Sniffing
guestfa1226
 
PPTX
Firewall ( Cyber Security)
Jainam Shah
 
PDF
penetration test using Kali linux ppt
AbhayNaik8
 
Packet sniffers
Kunal Thakur
 
Packet sniffing
Shyama Bhuvanendran
 
Packet Sniffer
vilss
 
Introduction to penetration testing
Nezar Alazzabi
 
Packet sniffers
Ravi Teja Reddy
 
Packet Sniffing
guestfa1226
 
Firewall ( Cyber Security)
Jainam Shah
 
penetration test using Kali linux ppt
AbhayNaik8
 

What's hot (20)

PPTX
Wireshark
Kasun Madusanke
 
PPTX
MITRE ATT&CK framework
Bhushan Gurav
 
PPTX
Wireshark
Alanoud Alqoufi
 
PDF
Intrusion Detection System Project Report
Raghav Bisht
 
PPTX
Intrusion detection
CAS
 
PPT
Wireshark - presentation
Kateryna Haskova
 
PPTX
NMAP
PrateekAryan1
 
PDF
Hacking With Nmap - Scanning Techniques
amiable_indian
 
PPTX
Understanding NMAP
Phannarith Ou, G-CISO
 
PDF
Nmap Basics
amiable_indian
 
PPTX
Introduction to Malware Analysis
Andrew McNicol
 
PPT
DDoS Attacks
Jignesh Patel
 
PPT
Networking and penetration testing
Mohit Belwal
 
PPT
Network Intrusion Detection System Using Snort
Disha Bedi
 
PDF
Nmap basics
itmind4u
 
PDF
Network security - OSI Security Architecture
BharathiKrishna6
 
PDF
Hacking SIP Like a Boss!
Fatih Ozavci
 
PPTX
What is Penetration Testing?
btpsec
 
PPTX
Mobile Application Security
Ishan Girdhar
 
DOCX
Packet sniffer repot
Kunal Thakur
 
Wireshark
Kasun Madusanke
 
MITRE ATT&CK framework
Bhushan Gurav
 
Wireshark
Alanoud Alqoufi
 
Intrusion Detection System Project Report
Raghav Bisht
 
Intrusion detection
CAS
 
Wireshark - presentation
Kateryna Haskova
 
NMAP
PrateekAryan1
 
Hacking With Nmap - Scanning Techniques
amiable_indian
 
Understanding NMAP
Phannarith Ou, G-CISO
 
Nmap Basics
amiable_indian
 
Introduction to Malware Analysis
Andrew McNicol
 
DDoS Attacks
Jignesh Patel
 
Networking and penetration testing
Mohit Belwal
 
Network Intrusion Detection System Using Snort
Disha Bedi
 
Nmap basics
itmind4u
 
Network security - OSI Security Architecture
BharathiKrishna6
 
Hacking SIP Like a Boss!
Fatih Ozavci
 
What is Penetration Testing?
btpsec
 
Mobile Application Security
Ishan Girdhar
 
Packet sniffer repot
Kunal Thakur
 
Ad

Similar to Packet sniffing & ARP Poisoning (20)

PDF
A REVIEW ON NMAP AND ITS FEATURES
IRJET Journal
 
PDF
Common Tools Used in Penetration Testing.pptx (1).pdf
Rosy G
 
PDF
IRJET- Secure Data Transmission from Malicious Attacks: A Review
IRJET Journal
 
PDF
Passive monitoring to build Situational Awareness
David Sweigert
 
DOCX
For your final step, you will synthesize the previous steps and la
ShainaBoling829
 
PDF
Pre-filters in-transit malware packets detection in the network
TELKOMNIKA JOURNAL
 
PDF
Deploying Network Taps for Improved Security
Datacomsystemsinc
 
PDF
AN ACTIVE HOST-BASED INTRUSION DETECTION SYSTEM FOR ARP-RELATED ATTACKS AND I...
IJNSA Journal
 
PDF
Internet Worm Classification and Detection using Data Mining Techniques
iosrjce
 
PDF
L017317681
IOSR Journals
 
PDF
Address Resolution Protocol (ARP) Spoofing Attack And Proposed Defense
Joe Andelija
 
PDF
A network behavior analysis method to detect this writes about a method to ...
Thang Nguyen
 
DOC
A wireless intrusion detection system and a new attack model (synopsis)
Mumbai Academisc
 
PDF
A Deeper Look into Network Traffic Analysis using Wireshark.pdf
Jessica Thompson
 
PDF
Networking for java and dotnet 2016 - 17
redpel dot com
 
DOC
Agent based intrusion detection, response and blocking using signature method...
Mumbai Academisc
 
PDF
IRJET - Netreconner: An Innovative Method to Intrusion Detection using Regula...
IRJET Journal
 
PDF
IRJET- Netreconner: An Innovative Method to Intrusion Detection using Regular...
IRJET Journal
 
PPT
Network monotoring
Programmer
 
PPTX
Advance Technology
Export Promotion Bureau
 
A REVIEW ON NMAP AND ITS FEATURES
IRJET Journal
 
Common Tools Used in Penetration Testing.pptx (1).pdf
Rosy G
 
IRJET- Secure Data Transmission from Malicious Attacks: A Review
IRJET Journal
 
Passive monitoring to build Situational Awareness
David Sweigert
 
For your final step, you will synthesize the previous steps and la
ShainaBoling829
 
Pre-filters in-transit malware packets detection in the network
TELKOMNIKA JOURNAL
 
Deploying Network Taps for Improved Security
Datacomsystemsinc
 
AN ACTIVE HOST-BASED INTRUSION DETECTION SYSTEM FOR ARP-RELATED ATTACKS AND I...
IJNSA Journal
 
Internet Worm Classification and Detection using Data Mining Techniques
iosrjce
 
L017317681
IOSR Journals
 
Address Resolution Protocol (ARP) Spoofing Attack And Proposed Defense
Joe Andelija
 
A network behavior analysis method to detect this writes about a method to ...
Thang Nguyen
 
A wireless intrusion detection system and a new attack model (synopsis)
Mumbai Academisc
 
A Deeper Look into Network Traffic Analysis using Wireshark.pdf
Jessica Thompson
 
Networking for java and dotnet 2016 - 17
redpel dot com
 
Agent based intrusion detection, response and blocking using signature method...
Mumbai Academisc
 
IRJET - Netreconner: An Innovative Method to Intrusion Detection using Regula...
IRJET Journal
 
IRJET- Netreconner: An Innovative Method to Intrusion Detection using Regular...
IRJET Journal
 
Network monotoring
Programmer
 
Advance Technology
Export Promotion Bureau
 
Ad

Recently uploaded (20)

PDF
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
PDF
KodekX | Application Modernization Development
KodekX
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
PPTX
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
PPT
Teaching material agriculture food technology
LiaRayya
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
PDF
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PDF
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
PDF
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
PDF
Bridging biosciences and deep learning for revolutionary discoveries: a compr...
IAESIJAI
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
KodekX | Application Modernization Development
KodekX
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
Encapsulation theory and applications.pdf
gurumoop
 
Teaching material agriculture food technology
LiaRayya
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
MYSQL Presentation for SQL database connectivity
Swati270511
 
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
Bridging biosciences and deep learning for revolutionary discoveries: a compr...
IAESIJAI
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 

Packet sniffing & ARP Poisoning

  • 2. Packet sniffing is a term used to describe Capturing of packets that are transmitted over a network
  • 3. Wireshark is a free and open-source packet analyser. It is used for network troubleshooting, analysis, software and communications protocol development, and education.
  • 4. The SICSR network is susceptible to ARP spoofing which is a technique whereby an attacker sends fake (“spoofed”)Address resolution protocol(ARP) messages onto a LAN. Generally, the aim is to associate the attacker's Mac address with the IP of another host (such as the default gateway), causing any traffic meant for that IP address to be sent to the attacker instead.
  • 6. After downloading and installing Wireshark, you can launch it and click the name of an interface under Interface List to start capturing packets on that interface. For example, if you want to capture traffic on the wireless network, click your wireless interface. You can configure advanced features by clicking Capture Options, but this isn’t necessary for now.
  • 8. ď‚žAs soon as you click the interface’s name, you’ll see the packets start to appear in real time. Wireshark captures each packet sent to or from your system. If you’re capturing on a wireless interface and have promiscuous mode enabled in your capture options, you’ll also see other the other packets on the network.
  • 10. The captured packets can be filtered according to protocol , IP, method and various other parameters.
  • 11. Wireshark was a tool used to analyze the network and identify that ARP poisoning is possible on the network. The sniffer would not give any result if the poisoning failed.
  • 12. Audit Plan Auditor Name: Viren Rao Date of Auditing :24/8/2014 Scope Plan Audit Selection area Selection criteria for auditors Training plan for auditors Audit goal Audit status Reporting Audit archival location To evaluate whether ARP poisoning is possible Check for new needs for improvement, Start Date: 24/8/2014 , Closure Date: 7/9/2014. Last audit results: ARP poisining is still possible hence enabling packet sniffing Selection of auditors: risk analyst, project manager and system admin The system admins will be needed to trained to take appropriate actions Is packet sniffing possible ? Level of risk is HIGH SICSR network
  • 13. ď‚žFMEA is a disciplined procedure, which allows anticipating failures ď‚žand preventing their occurrence in implementation/development. ď‚žFMEA Process in Packet sniffing : ď‚ž Select the design for FMEA team. ď‚ž Identify critical areas ď‚žAnalyse network ď‚ž Identified associated failure mode and effects. ď‚žAre the Analysis tools giving any output ? ď‚žJust avoid that risk. ď‚ž Assign severity, occurrence and detection rating to each ď‚žcause. ď‚žSeverity :High ď‚žOccurrence: 1/10 ď‚ž Calculate Risk Priority Number (PRN) for each cause ď‚žRPN : 8/10 ď‚ž Determine recommended action to reduce all RPN ď‚ž Take appropriate actions. ď‚ž Recalculate all RPN;’s with actual results.
  • 14. RISK mitigation PLAN TITLE:Packet sniffing analyst:Viren Rao Date:10/8/2014 Risk id Date identified risk Source Catgory Severity probability index impact in $ Exposure to risk identified Response Mitigation plan Contengency plan Threshold trigger for contengency plan ownership Risk status Progress 1 10-08- 2014 Packet sniffing SICSR Technical Risk High least likely No $ harm less Accepted Risk Avoidance Configure and purchace appropriate firewalls SICSR Yet to be mitigated Packet sniffing is still possible
  • 15. Security is something that most organizations try to work upon . However it is observed that most organizations seldom look into an untouched area which is the Layer 2 of the OSI which can open the network to a variety of attacks and compromises.
  • 16. Currently this vulnerability has not been exploited. If at all this vulnerability is exploited this could be a major security breach as all packets moving around a single subnet on the network can be intercepted .
  • 17. ď‚žTo allocate resources and implement cost-effective controls, ď‚žorganizations, after identifying all possible controls and ď‚ževaluating their feasibility and effectiveness, should conduct a ď‚žcost-benefit analysis for each proposed control to determine ď‚žwhich controls are required and appropriate for their ď‚žcircumstances. ď‚žBenefits could be: ď‚ž Tangible: Quantitative ď‚ž Intangible: Qualitative
  • 18. Cost factor New in Rs. Enhancements in Rs. Hardware 90,000 30,000 Software -- -- Policies and procedures 50,000 20,000 Efforts 100000 50000 Training 50000 10000 Maintenance 50000
  • 19. Man In The Middle attacks(MITM) which are done using ARP poisoning can be prevented in numerous ways. However all methods are not suitable in all scenarios .
  • 20. To prevent ARP spoofing you need to add a static ARP on the LAN. This method become troublesome if your router changed frequently, so if you use this prevention method you need to delete the old one and add the new one if it change.
  • 21. Configuration of existing switches to use Private VLANS where one port can only speak with the gateway. Even things on the same subnet must go through the gateway to talk.
  • 22. According to a white paper ,Cisco Catalyst 6500 Series Switches have an mechanism to prevent such attacks .It provides a feature called Dynamic ARP Inspection (DAI) which helps prevent ARP poisoning and other ARP- based attacks by intercepting all ARP requests and responses, and by verifying their authenticity before updating the switch's local ARP cache or forwarding the packets to the intended destinations
  • 23. The first method is This method is strictly not suitable for the SICSR network as it is a temporary solution for small networks. Considering the fact that we have Webservers running on our network, the second method will significantly hamper the performance of the network ,and therefore is not suitable for the network infrastructure. The third method is the best solution for this vulnerability and should be implemented on priority basis.
  • 25. • Purpose: To assess the risk involved in packet sniffing. • Scope of this risk assessment: Components are SICSR network.
  • 26. Briefly describe the approach used to conduct the risk assessment, such as— ď‚ž Risk Assessment Team Members ď‚ž Check whether PR poisoning is possible
  • 27. ď‚žServer, Network, Interface. ď‚ž The mission is to avoid sniffing.
  • 28. ď‚žPackets on network can be intercepted.
  • 29. List the observations: ď‚ž Identification of existing mitigating security controls: Implementing use of tools to detect poisoning. ď‚ž Likelihood and evaluation: low likelihood ď‚ž Impact analysis and evaluation: High impact ď‚ž Risk rating based on the risk-level matrix: Medium
  • 30. ď‚žPacket sniffing is a technical risk, Risk level is high, we can use features in new switches or configure existing switches for patching the risk