Network Based Attacks

⚡ Prerequisites
Basic Cybersecurity & Network Concepts
📕 Learning Objectives
Describe service related Network Attacks
Identify network traffic and perform packet analysis
Perform MITM (Man in the Middle) attacks
🔬 Training list - PentesterAcademy/INE Labs
subscription required
Tshark Traffic Analysis
Traffic Analysis: TSHARK Unleashed - Course
WIFI Traffic Analysis
Wi-Fi Security and Pentesting - Course

🗒️ Network based attacks are attacks targeted towards specific network traffic and services.

ARP
DHCP
SMB
FTP
Telnet
SSH

🗒️ MITM (Man In The Middle) is a type of cybersecurity attack that allows the attacker to eavesdrop/listen on the legitimate communication between two targets.

e.g.

ARP Poisoning - intercept communication through broadcasting ARP packets and waiting for answers from other machines.
Promiscuous mode - listen to all the traffic on a network

Tools

Wireshark

🔬 Check some Wireshark traffic sniffing in this lab

e.g. Capture a nmap scan traffic with Wireshark
- Check the interface before beginning the capture
- Protocol Hierarchy Statistics
- Identify all layers looking at captured packets
- Default time display setting is relative time in seconds
- Follow > TCP Stream to check an entire stream

Tshark

tshark - a network protocol analyzer that captures packet data from a live network or from a saved capture file. It is the CLI component of Wireshark.
Native capture file format is pcapng (Wireshark compatible)

arpspoof

arpspoof - a (old) tool to send out unrequested (and possibly forged) ARP replies and intercept packets on a switched LAN

🔬 Check some hands-on labs in the Tshark, ARP, WiFi Lab section

Previous🔬Hashes Dumping Next🔬Tshark, ARP, WiFi

Last updated 1 year ago