Network Based Attacks

⚡ Prerequisites

• Basic Cybersecurity & Network Concepts

📕 Learning Objectives

• Describe service related Network Attacks

• Identify network traffic and perform packet analysis

• Perform MITM (Man in the Middle) attacks

🔬 Training list - PentesterAcademy/INE Labs

subscription required

• Tshark Traffic Analysis

  • Traffic Analysis: TSHARK Unleashed - Course

• WIFI Traffic Analysis

  • Wi-Fi Security and Pentesting - Course

🗒️ Network based attacks are attacks targeted towards specific network traffic and services.

• ARP

• DHCP

• SMB

• FTP

• Telnet

• SSH

🗒️ MITM (Man In The Middle) is a type of cybersecurity attack that allows the attacker to eavesdrop/listen on the legitimate communication between two targets.

e.g.

• ARP Poisoning - intercept communication through broadcasting ARP packets and waiting for answers from other machines.

• Promiscuous mode - listen to all the traffic on a network

Tools

Wireshark

🔬 Check some Wireshark traffic sniffing in this lab

• e.g. Capture a nmap scan traffic with Wireshark

  • Check the interface before beginning the capture

  • Protocol Hierarchy Statistics

  • Identify all layers looking at captured packets

  • Default time display setting is relative time in seconds

  • Follow > TCP Stream to check an entire stream

Tshark

tshark - a network protocol analyzer that captures packet data from a live network or from a saved capture file. It is the CLI component of Wireshark.

• Native capture file format is pcapng (Wireshark compatible)

arpspoof

arpspoof - a (old) tool to send out unrequested (and possibly forged) ARP replies and intercept packets on a switched LAN

🔬 Check some hands-on labs in the Tshark, ARP, WiFi Lab section