Merabi Takashvili MC650 Chapter4 Detailed Assignment

Download as docx, pdf, or txt
Download as docx, pdf, or txt
You are on page 1of 3

Reading Assignment - Module 4,

Chapter 4
Name: Merabi Takashvili

Subject: MCY 650 – Ethical Hacking

Instructor: Wei Hao

Module: 4

Chapter: 4

Answers to Questions

1. Library/driver needed for promiscuous mode:


• Windows: To enable promiscuous mode on a NIC in Windows, you need the WinPcap or
Npcap library. These packet capture libraries allow the NIC to capture all network traffic,
not just traffic addressed to the machine. Npcap is the modern replacement of WinPcap and
is required to enable promiscuous mode for sniffing.

• Linux: On Linux, the libpcap library is used for packet capture. It enables tools like
tcpdump and Wireshark to capture network traffic by putting the NIC in promiscuous mode,
capturing all packets in the broadcast domain.

2. Carrier Sense Multiple Access/Collision Detection (CSMA/CD):


Carrier Sense Multiple Access with Collision Detection (CSMA/CD) is a network protocol
used in wired Ethernet networks to manage how devices respond to collisions. Devices
listen to the network to check if it is clear for transmission (Carrier Sense). If multiple
devices attempt to transmit simultaneously (Multiple Access), collisions occur. Devices
detect these collisions (Collision Detection), stop transmission, and retry after waiting for a
random time. It is less used today due to the widespread adoption of network switches that
prevent collisions.

3. Protocols susceptible to sniffing:


• HTTP (Hypertext Transfer Protocol): HTTP transmits data in plaintext, making it easily
intercepted and read by sniffers. Sensitive data like login credentials are vulnerable to being
captured.

• Telnet: Telnet is used for remote command-line access, but it transmits all data, including
passwords, in plaintext, making it highly vulnerable to sniffing attacks.
• FTP (File Transfer Protocol): Like Telnet, FTP sends files and login credentials in plaintext,
allowing attackers to capture and read sensitive data during transmission.

4. Purpose of ARP (Address Resolution Protocol):


ARP resolves an IP address to a MAC address on a local network. When one device wants to
communicate with another, it uses ARP to find the target device's MAC address. The
protocol broadcasts a request to all devices on the network, asking for the MAC address
associated with a specific IP. The device with the matching IP responds, allowing
communication.

5. How to show and delete ARP cache:


• Show ARP Cache:

- Windows: Use "arp -a" to display the ARP cache.

- Linux: Use "ip neigh" or "arp -n" to display the ARP cache.

• Delete ARP Cache:

- Windows: Use "arp -d *" to delete all entries in the ARP cache.

- Linux: Use "ip -s -s neigh flush all" to clear the ARP cache.

6. Gratuitous ARP:
Gratuitous ARP is an ARP message sent without a request. It allows a device to announce its
IP and MAC address mapping to update other devices' ARP caches. It is used to prevent IP
conflicts and in network failover scenarios.

7. Active sniffing and passive sniffing:


• Active Sniffing: Involves manipulating network traffic, such as through ARP poisoning or
MAC flooding, to intercept traffic. It is used in switched networks and is more detectable.

• Passive Sniffing: Involves listening to the network traffic without modifying it. Works in
hubs or non-switched networks where traffic is broadcast to all devices, making it less
detectable.

8. MAC Flooding:
MAC flooding is an attack that overwhelms a switch with fake MAC addresses, causing the
switch to operate as a hub. As a result, all network traffic is sent to all devices, allowing the
attacker to capture and sniff all traffic.

9. DHCP Starvation:
DHCP Starvation is a denial-of-service attack where an attacker floods a DHCP server with
fake requests, exhausting its pool of available IP addresses. This prevents legitimate users
from obtaining IP addresses and connecting to the network. It can be used in conjunction
with a rogue DHCP server for further attacks.
10. Honeypot:
A honeypot is a decoy system designed to attract attackers by simulating vulnerable
systems. It is used for research, detection, and diverting attackers from real systems.
Honeypots provide valuable insights into attack methods and behavior without
compromising actual systems.

You might also like