The following example demonstrates how to create a display filter using an endpoint. From IT-laptop, find captured username/password in Ettercap -Open IT-Laptop, in Ettercap find username/password Questions: How many DHCP packets were captured in Wireshark? 5 Which gateway addresses are provided in the ACK packets? 192.168.0.5, 292.168.0.If you don’t know the exact expression to type for your filter, there is a simpler method you can apply in some cases. Open Chrome, type, select Employee Portal, user: bjackson, password: $uper$ecret1, Login 7. On Office 1, view current route/IP address - Select Office1, open Windows Powershell (Admin) - Type tracert /Enter +1st hop is 192.168.0.5 -Type ipconfig /all /Enter + config is as follows: IP(192.168.0.33), Gateway(192.168.0.5), DHCP(192.168.0.14) -Type ipconfig /release /Enter - type ipconfig /renew /Enter +default gateway has changed IP address of 192.168.0.46 -type tracert +1st hop is now 198.168.0.46 6. View current IP - Terminal, type ip addr show + IP is 192.168.0.45 - Type route /Enter + current gateway 192.168.0.46 5. Select 1st DHCP ACK packet, expand Bootstrap Protocol (ACK) -Expand Option: (3) Router -repeat steps for second packet 4. Request a new IP address -open terminal, type ip addr show, Enter + IP for enp2s0 is 192.168.0.45 -Type route +the gateway is 192.168.0.5 -type ip link set enp2s0 down /Enter -type ip link set enp2s0 up /Enter -Open Wireshark, under Info notice 2 DHCP ACK packets - one is real/other fake(spoof). On support capture filter for bootp packets - Select Support, open Wireshark, select enp2s0, start capture, in display filter type bootp. On IT laptop start unified sniffon on the enp2s0 - Open Ettercap, select Sniff, Unified Sniffing, select enp2s0 - Click OK, Mitm, DHCP spoofing, in netmask field enter 255.255.255.0, in DNS server IP enter 192.168.0.11 and click OK 2. What has changed? Log in to the employee portal with the following credentials: Username: bjackson Password: $uper$ecret1 On IT-Laptop, find the captured username and password in Ettercap. What has changed? Use tracert to to find the path again. Check the IP address of the computer again. What is the path? Check the IP address of the computer.Release and renew the IP address assigned by DHCP. What has changed? On Office1, complete the following tasks: Use tracert to to find the path. In Wireshark, how many DHCP packets were exchanged?View the IP address and gateway again. Bring the network interface down and back up to request a new DHCP address. View the IP address and the gateway in Terminal.
10.2.6 Perform a DHCP Spoofing Man-in-the-Middle Attack In this lab, your task is to complete the following: On IT-Laptop, use Ettercap to launch a man-in-the-middle DHCP spoofing attack using the following parameters: Netmask: 255.255.255.0 DNS Server IP: 192.168.0.11 On Support, complete the following tasks:Start a capture in Wireshark and filter the display for DHCP traffic.
0 kommentar(er)
