NETWORK BASED ATTACKS

• Sniffing
• Denial-of-Service (DoS) Attack
 1. Sniffing
A sniffing attack involves an attacker getting into the
network data-stream and reading, monitoring or
capturing full packets of data flowing between a client
and a server. A hacker intercepting a network packet
containing unencrypted information can cause severe
damage to the organization or entity that owns the data.
Data compromised may include sensitive information like
account credentials, bank details, and different kinds of
Personally Identifiable Information (PII). Sniffing attacks
can either be active (involving both data access and
manipulation) or passive (where the attacker only sees
the information but does not actively interfere in its
transmission). Examples of tools used for sniffing attacks
For example Sniffing Tool-Wireshark
WireShark:
• Wireshark is an open-source application that captures
and displays data traveling back and forth on a
network.
• Because it can drill down and read the contents of
each packet, it's used to troubleshoot network
problems and test software.
What Is Wireshark?

Originally known as Ethereal, Wireshark displays data from

hundreds of different protocols on all major network types.
Data packets can be viewed in real-time or analyzed offline.
Wireshark supports dozens of capture/trace file formats,
including CAP and ERF. Integrated decryption tools display the
encrypted packets for several common protocols, including
WEP and WPA/WPA2.
 WireShark User Guide
• First download WireShark and install it on OS.
• You must be logged in to the device as an administrator to use
Wireshark.
How to Capture Data Packets With Wireshark
?
• When you launch Wireshark, a welcome screen lists the available
network connections on your current device. Displayed to the right of
each is an EKG-style line graph that represents live traffic on that
network.

To begin capturing packets with Wireshark:

1. Select one or more of networks, go to the menu bar, then
select Capture.
2. In the Wireshark Capture Interfaces window, select Start.
3. Select File > Save As or choose an Export option to record the capture.
4. To stop capturing, press Ctrl+E. Or, go to the Wireshark toolbar and select the
red Stop button that's located next to the shark fin.
 How to View and Analyze Packet Contents
The captured data interface contains three main sections:
• The packet list pane (the top section)
• The packet details pane (the middle section)
• The packet bytes pane (the bottom section)
Packet List
The packet list pane, located at the top of the window, shows all packets
found in the active capture file. Each packet has its own row and
corresponding number assigned to it, along with each of these data points:

• No: This field indicates which packets are • Protocol: The packet's protocol name,
part of the same conversation. It remains such as TCP, can be found in this
blank until you select a packet. column.
• Time: The timestamp of when the packet • Length: The packet length, in bytes, is
was captured is displayed in this column. displayed in this column.
The default format is the number of
seconds or partial seconds since this • Info: Additional details about the
specific capture file was first created. packet are presented here. The
• Source: This column contains the address contents of this column can vary
(IP or other) where the packet originated. greatly depending on packet contents.
• Destination: This column contains the
address that the packet is being sent to.
To change the time format to something more useful (such as the
actual time of day), select View > Time Display Format.
When a packet is selected in the top pane, you may notice one or more symbols appear in
the No. column. Open or closed brackets and a straight horizontal line indicate whether a packet
or group of packets are part of the same back-and-forth conversation on the network. A broken
horizontal line signifies that a packet is not part of the conversation.
Packet Details
The details pane, found in the middle, presents the protocols and protocol fields of the selected
packet in a collapsible format. In addition to expanding each selection, you can apply individual
Wireshark filters based on specific details and follow streams of data based on protocol type by
right-clicking the desired item.
Packet Bytes
At the bottom is the packet bytes pane, which displays the raw data of the selected packet in a
hexadecimal view. This hex dump contains 16 hexadecimal bytes and 16 ASCII bytes alongside the data
offset.
Selecting a specific portion of this data automatically highlights its corresponding section in the packet
details pane and vice versa. Any bytes that cannot be printed are represented by a period.
To display this data in bit format as opposed to hexadecimal, right-click anywhere
within the pane and select as bits.
How to Use Wireshark Filters?
Capture filters instruct Wireshark to only record packets that meet
specified criteria. Filters can also be applied to a capture file that has
been created so that only certain packets are shown. These are referred
to as display filters.
Wireshark provides a large number of predefined filters by default. To use
one of these existing filters, enter its name in the Apply a display
filter entry field located below the Wireshark toolbar or in the Enter a
capture filter field located in the center of the welcome screen.
For example, if you want to display TCP packets, type tcp. The Wireshark
autocomplete feature shows suggested names as you begin typing, making it easier to
find the correct moniter for the filter you're seeking.
Another way to choose a filter is to select the bookmark on the left side of the entry
field. Choose Manage Filter Expressions or Manage Display Filters to add, remove, or
edit filters.
 You can also access previously used filters by selecting the down arrow on the right
side of the entry field to display a history drop-down list.

Capture filters are applied as soon as you begin recording network traffic. To apply a
display filter, select the right arrow on the right side of the entry field.
Wireshark Color Rules
While Wireshark's capture and display filters limit which packets are recorded or shown on the
screen, its colorization function takes things a step further: It can distinguish between different
packet types based on their individual hue. This quickly locates certain packets within a saved set by
their row color in the packet list pane.
Wireshark comes with about 20 default coloring rules, each can be edited, disabled, or
deleted. Select View > Coloring Rules for an overview of what each color means. You
can also add your own color-based filters.
Statistics in Wireshark
Other useful metrics are available through the Statistics drop-down menu. These include size and timing
information about the capture file, along with dozens of charts and graphs ranging in topic from packet
conversation breakdowns to load distribution of HTTP requests.
Display filters can be applied to many of these statistics via their interfaces,
and the results can be exported to common file formats,
including CSV, XML, and TXT.
 Lab Setup

Equipments :
• Vmware Workstation
• Kali Linux File
• Metasploitable-2
 Vmware Workstation
•Download Vmware Workstation from Vmware site.

•Now install Vmware Workstation Setup File.

Kali Setup
•Download kali-linux-2024.2-vmware-amd64 File from Kali website and open it in
Vmware Workstation.
• After kali-linux-2024.2-vmware-amd64 File open in Vmware Workstation, Start
the virtual machine by click on Power on this virtual machine button.
•Login to KALI.
Metaspolitable-2 Setup
•Download metasploitable-linux-2.0.0 File from any website and open it in Vmware
Workstation.
• After metasploitable-linux-2.0.0 File open in Vmware Workstation, Start the
virtual machine by click on Power on this virtual machine button.
•Login to [Link].
 Denial-of-Service (DoS) Attack

A denial-of-service (DoS) attack is a malicious attempt to disrupt or shut

down the normal functioning of a targeted server, service, or
network by overwhelming it with a flood of illegitimate requests
that trigger a crash. This causes the target to become slow,
unresponsive, or utterly inaccessible to legitimate users. These
malicious endeavors can cripple websites, disrupt services, and
cause significant financial and reputational damage.

For example tool-XERXES

XERXES is a free and Open source tool available on GitHub. You can install
and download the tool free of cost. A denial of service attack can be
performed by using this tool. Xerxes is written in C. The framework works by
maintaining a full TCP connection. After making full TCP Connection it only
requires a few hundreds of requests at long term in regular intervals. As a
result, Xerxes doesn’t need to spend lots of traffic requests to exhaust all
the available connections on a server. Using xerxes any remote machine can
be taken down or any server can be taken down easily. The tool use
perfectly legitimate HTTP traffic. The tool is very useful for security testing.
 Installation
Step 1: Open your kali linux operating system and use the following
command to install the tool from github.
git clone [Link]
Step 2: Now use the following command to move into the directory of the tool.
cd XERXES
Step 3: Now use the following command to move into the
compile of the tool.

gcc -o xerxes xerxes.c

Step 3: Now you are the directory of the tool. Use the following command to start dos
attack.
./xerxes IP/DOMAIN 80