0 valutazioniIl 0% ha trovato utile questo documento (0 voti)
25 visualizzazioni5 pagine
'Ireshark works much the same as a physical wiretap as would be placed on a phone line, e$cept it uses software to sniff the interface device. #fter configuration, each vpn, along with telnet and ssh, was tested and sniffed with wireshark ethereal+.
'Ireshark works much the same as a physical wiretap as would be placed on a phone line, e$cept it uses software to sniff the interface device. #fter configuration, each vpn, along with telnet and ssh, was tested and sniffed with wireshark ethereal+.
'Ireshark works much the same as a physical wiretap as would be placed on a phone line, e$cept it uses software to sniff the interface device. #fter configuration, each vpn, along with telnet and ssh, was tested and sniffed with wireshark ethereal+.
Partner: Shilkumar Patel Ubuntu 14.04 was installed inside of a virtual machine. Originally, the virtual machine was hosted on a computer with an internet connection in order to install the many packages required to complete this proect. !uch packages included tinc, openvpn, openssh"server, wireshark, telnet, and telnet"server. #fter installing all of the necessary packages, the virtual machine was e$ported to an appliance and moved to a machine in the lab without an internet connection. On the machine, % configured openvpn according to the quick"setup, static key &O'(O guide. )y partner configured tinc on his virtual machine. #fter configuration, each vpn, along with telnet and ssh, was tested and sniffed with wireshark*ethereal+. 'ireshark works much the same as a physical wiretap as would be placed on a phone line, e$cept it uses software to sniff the interface device. 'hile 'ireshark is sniffing and interface, it is able to display, based on the protocols of the packets collected, the contents of said packages. %t is able to display the type of packet, the source and destination for the packet, and packet data. 'ith this information, 'ireshark can be used to monitor traffic, both encrypted and non"encrypted, over the interface. %t is especially strong against non"encrypted mediums of computing communication as it can be used to find login information, which can be used for the remote access and manipulation of data. (his can be seen in %llustration 1 which shows the login information packets over telnet. One of the protocols that were used in this lab is telnet. (elnet is a non"encrypted remote access protocol which is very similar to ssh. !sh and telnet are two separate protocols which are utili,ed for remote access. (he primary difference between the two is that ssh is much more secure. (elnet was Illustration 1: Non-encrypted Telnet login traffic. originally designed to work within a secured private network and does not provide a secure authentication method or any encryption of the data transmitted. !sh however, utili,es public key authentication in order to ensure that the client computer has not changed. !sh also encrypts the data transmitted from client"to"host and host"to"client. (oday, ssh has superseded telnet in almost every desired use. (he encrypted !!& traffic can be seen in %llustration -, below. (elnet.s insecurities can quickly be e$ploited by using a wireshark filter. (he filter that % decided to use was /telnet 00 telnet.data 00 ip.dst 11 12-.134.10.141.5 (he 12-.134.10.141 being the %6 address that was currently released to my machine. (he telnet part of the filter only shows telnet traffic. (he telnet.data part of the filter only shows packets that contain useful information. (he ip.dst only shows traffic to my machine. #ll of these together show the keypresses that are input over telnet to my machine, which means that the username and password is the first packets that are detected and shown in the filtered window. (his is also demonstrated in %llustration 1. #s stated previously, % decided upon implementing a 768 based on the Open768 packages. )y partner created his 768 using the (%89 server configuration. % used the Open768 single client"to"host configuration &O'(O and was able to use a static secret key that was shared between the client and the host. 'ith this configuration, the host is started with its private %6 address configuration and the static secret key. (hen, the client is initiated with its private %6 configuration and the same static secret key. (his static secret key is used in handshaking to ensure that a trusted computer is being connected to the 768. Once the machines have connected via the 768 tunnel, all traffic transmitted is sent through the Open768 protocol encrypted connection. 'ith this 768, sniffing the virtual tunnel interface reveals the non"encrypted data, but from outside the 768 interface, unsecured telnet traffic appears encrypted and secured. (his can be seen in %llustrations : and 4. Illustration 2: Encrypted SSH traffic. )y partner decided install the (%89 768 server software. (%89 and Open768 are very much alike, but they differ slightly. Open768 utili,es its own Open768 encrypted protocol for communications whereas (%89 uses encrypted (96;U<6 communication. Open768 can be seen as having the Illustration 3: Telnet traffic inside OpenVN Illustration !: Telnet traffic fro" outside OpenVN. advantage because (%89 has acknowledgments sent over the non"encrypted (96 protocol. #ll of the Open768 communications are encrypted using the Open768 protocol. =ecause of its more comple$ protocol, Open768 does not have a speed advantage over (%89. #s shown by the logs below, (%89 has a lower average and ma$imum ping time. PING while using TINC: shil@shil:~$ ping 10.0.0.2 PING 10.0.0.2 (10.0.0.2) 56(84) bytes o !"t". 64 bytes #o$ 10.0.0.2: i%$p&se'(1 ttl(64 ti$e(1.)6 $s 64 bytes #o$ 10.0.0.2: i%$p&se'(2 ttl(64 ti$e(2.01 $s 64 bytes #o$ 10.0.0.2: i%$p&se'(* ttl(64 ti$e(1.61 $s 64 bytes #o$ 10.0.0.2: i%$p&se'(4 ttl(64 ti$e(1.14 $s 64 bytes #o$ 10.0.0.2: i%$p&se'(5 ttl(64 ti$e(1.18 $s 64 bytes #o$ 10.0.0.2: i%$p&se'(6 ttl(64 ti$e(0.+0+ $s 64 bytes #o$ 10.0.0.2: i%$p&se'() ttl(64 ti$e(1.56 $s 64 bytes #o$ 10.0.0.2: i%$p&se'(8 ttl(64 ti$e(0.+++ $s 64 bytes #o$ 10.0.0.2: i%$p&se'(+ ttl(64 ti$e(1.06 $s 64 bytes #o$ 10.0.0.2: i%$p&se'(10 ttl(64 ti$e(1.18 $s 64 bytes #o$ 10.0.0.2: i%$p&se'(11 ttl(64 ti$e(1.44 $s ,- ... 10.0.0.2 ping st"tisti%s ... 11 p"%/ets t#"ns$itte!0 11 #e%ei1e!0 02 p"%/et loss0 ti$e 10016$s #tt $in3"1g3$"43$!e1 ( 0.+0+31.*5*32.01830.**6 $s