SEED Labs 2.0: Packet Sniffing and Spoofing Lab

SEED Labs 2.0: Packet Sniffing and Spoofing Lab
JohnnyPacket Sniffing and Spoofing Lab
Lab Task Set 1: Using Scapy to Sniff and Spoof Packets
Task 1.1: Sniffing Packets
Task 1.1A
使用ifconfig
查看网卡名
修改sniffer.py
使用root
身份运行命令。
当切换为普通用户权限时,发现无法进行操作。
Task 1.1B
- Capture only the ICMP packet
- Capture any TCP packet that comes from a particular IP and with a destination port number 23.
我们写一个发包脚本:
运行这两个python,发现成功运行。
- Capture packets comes from or to go to a particular subnet. You can pick any subnet, such as 128.230.0.0/16; you should not pick the subnet that your VM is attached to.
Task 1.2: Spoofing ICMP Packets
自己设定IP的源地址和目的地址
可以看到正常发送ICMP,以及正常回显ICMP
Task 1.3: Traceroute
Task 1.4: Sniffing and-then Spoofing
在VM中编写如下代码,当嗅探到有icmp-echo的数据包时,返回给发送数据包的主机一个icmp响应
发现无论ping什么地址,都能获得响应:
同时从欺骗工具来看,是VM发送的响应。
完成如下的命令
发现不存在的地址是不会返回响应的
Lab Task Set 2: Writing Programs to Sniff and Spoof Packets
Task 2.1A: Understanding How a Sniffer Works
编写代码
通过PING baidu来测试
Question 1. Please use your own words to describe the sequence of the library calls that are essential for sniffer programs. This is meant to be a summary, not detailed explanation like the one in the tutorial or book.
通过bpf程序来捕获ICMP的数据包,然后通过指针来对数据包的不同位置(IP头,ICMP头)等进行处理
Question 2. Why do you need the root privilege to run a sniffer program? Where does the program fail if it is executed without the root privilege?
因为bpf程序需要挂载到内核中去,属于特权操作
Question 3. Please turn on and turn off the promiscuous mode in your sniffer program. The value 1 of the third parameter in pcap open live() turns on the promiscuous mode (use 0 to turn it off). Can you demonstrate the difference when this mode is on and off? Please describe how you can demonstrate this. You can use the following command to check whether an interface’s promiscuous mode is on or off (look at the promiscuity’s value).
使用混杂模式可以监听所在网段下其他机器的数据包,关闭则不能。
Task 2.1B: Writing Filters
更改规则和网卡名称:
使用10.9.0.6的容器内部去ping 10.9.0.1
能获取
改变过滤规则
Task 2.1C: Sniffing Passwords.
编写嗅探工具嗅探23端口
以此类推可以得到密码
Task 2.2: Spoofing
Task 2.2A: Write a spoofing program.
从源IP地址“1.1.1.1”向目标IP地址“8.8.8.8”的9090端口发送UDP消息
Task 2.2B: Spoof an ICMP Echo Request.
Question 4. Can you set the IP packet length field to an arbitrary value, regardless of how big the actual packet is?
不可以
Question 5. Using the raw socket programming, do you have to calculate the checksum for the IP header?
不用计算IP头部的checksum
Question 6. Why do you need the root privilege to run the programs that use raw sockets? Where does the program fail if executed without the root privilege?
因为能任意读取发送包意味着很大的安全风险,所以需要root权限
Task 2.3: Sniff and then Spoof
代码如下
sudo ./task23运行
使用另一台机器ping 1.1.1.1,此机器运行上面的程序,结果如下: