SEED Labs 2.0: Packet Sniffing and Spoofing Lab

Johnny2023-11-132023-11-13

Packet Sniffing and Spoofing Lab

Lab Task Set 1: Using Scapy to Sniff and Spoof Packets

Task 1.1: Sniffing Packets

Task 1.1A

使用ifconfig查看网卡名

修改sniffer.py

使用root身份运行命令。

当切换为普通用户权限时，发现无法进行操作。

Task 1.1B

Capture only the ICMP packet

Capture any TCP packet that comes from a particular IP and with a destination port number 23.

我们写一个发包脚本：

运行这两个python，发现成功运行。

Capture packets comes from or to go to a particular subnet. You can pick any subnet, such as 128.230.0.0/16; you should not pick the subnet that your VM is attached to.

Task 1.2: Spoofing ICMP Packets

自己设定IP的源地址和目的地址

可以看到正常发送ICMP，以及正常回显ICMP

Task 1.3: Traceroute

Task 1.4: Sniffing and-then Spoofing

在VM中编写如下代码，当嗅探到有icmp-echo的数据包时，返回给发送数据包的主机一个icmp响应

发现无论ping什么地址，都能获得响应：

同时从欺骗工具来看，是VM发送的响应。

完成如下的命令

发现不存在的地址是不会返回响应的

Lab Task Set 2: Writing Programs to Sniff and Spoof Packets

Task 2.1A: Understanding How a Sniffer Works

编写代码

通过PING baidu来测试

Question 1. Please use your own words to describe the sequence of the library calls that are essential for sniffer programs. This is meant to be a summary, not detailed explanation like the one in the tutorial or book.

通过bpf程序来捕获ICMP的数据包，然后通过指针来对数据包的不同位置（IP头，ICMP头）等进行处理

Question 2. Why do you need the root privilege to run a sniffer program? Where does the program fail if it is executed without the root privilege?

因为bpf程序需要挂载到内核中去，属于特权操作

Question 3. Please turn on and turn off the promiscuous mode in your sniffer program. The value 1 of the third parameter in pcap open live() turns on the promiscuous mode (use 0 to turn it off). Can you demonstrate the difference when this mode is on and off? Please describe how you can demonstrate this. You can use the following command to check whether an interface’s promiscuous mode is on or off (look at the promiscuity’s value).

使用混杂模式可以监听所在网段下其他机器的数据包，关闭则不能。