Packet Sniffer

Sebastien Simon
3 min readJun 19, 2024

--

Objective:

To create a home lab environment for learning and practicing packet sniffing using ARM-based macOS, Kali Linux, and an ARM Ubuntu server. This project will cover:

  • Setting up the environment.
  • Configuring necessary tools.
  • Conducting packet sniffing exercises.

Lab Setup:

Components:

  • macOS (ARM): Primary workstation for accessing the lab environment.
  • Kali Linux (VM): Used for offensive security tasks, including packet sniffing.
  • Ubuntu Server (ARM): Hosts network services and acts as a target for packet sniffing.

Step-by-Step Instructions:

1. Setting Up the Environment

1.1. Install VirtualBox on macOS

  • Download and install VirtualBox for ARM macOS.
  • Download the ARM images for Kali Linux and Ubuntu Server:
  • Kali Linux ARM Image
  • Ubuntu Server ARM Image

1.2. Set Up Kali Linux VM

  1. Open VirtualBox and create a new VM:
  • Name: KaliLinux
  • Type: Linux
  • Version: Other Linux (64-bit)
  1. Allocate memory and create a virtual hard disk.
  2. Attach the Kali Linux ARM image to the VM and start the VM.
  3. Follow the on-screen instructions to complete the Kali Linux installation.

1.3. Set Up Ubuntu Server VM

  1. Repeat the above steps to create a new VM for Ubuntu Server:
  • Name: UbuntuServer
  • Type: Linux
  • Version: Ubuntu (64-bit)
  1. Attach the Ubuntu Server ARM image and complete the installation.

2. Configuring Ubuntu Server

2.1. Install Essential Packages

sudo apt update
sudo apt install openssh-server apache2 mysql-server

2.2. Configure Network Services

  1. Ensure Apache is running:
sudo systemctl start apache2
sudo systemctl enable apache2

2. Ensure MySQL is running:

sudo systemctl start mysql
sudo systemctl enable mysql

3. Configuring Kali Linux

3.1. Install Packet Sniffing Tools

  1. Update the system and install essential tools:
sudo apt update
sudo apt install tcpdump

Performing Packet Sniffing Tasks

Example 1: Basic Packet Capture with Wireshark

  1. Launch Wireshark on Kali Linux:
sudo wireshark

2. Select the network interface (e.g., eth0 or wlan0) to start capturing packets.

  • Capture traffic between Kali Linux and Ubuntu Server:
  • Open a terminal and run a command to generate traffic, such as SSH or HTTP:
ssh user@<ubuntu_server_ip>
Browse a webpage hosted on the Ubuntu Server:
curl http://<ubuntu_server_ip>
  1. Analyze the captured packets in Wireshark:
  • Apply filters to focus on specific types of traffic (e.g., ssh, http, tcp, udp).

Example 2: Command-Line Packet Capture with Tcpdump

  1. Run Tcpdump to capture traffic on Kali Linux:
sudo tcpdump -i eth0 -w capture.pcap
  • -i eth0 specifies the interface.
  • -w capture.pcap writes the captured packets to a file.

Generate traffic between Kali Linux and Ubuntu Server:

  • Perform actions like SSH, HTTP requests, or any other network activity.

Stop the Tcpdump capture:

  • Press Ctrl + C to stop the capture.

Analyze the captured packets:

  • Open the capture file in Wireshark:
sudo wireshark capture.pcap
  • Use Wireshark filters to analyze the traffic.

Example 3: Advanced Packet Analysis with Wireshark

  1. Capture encrypted traffic:
  • Perform SSH or HTTPS traffic to the Ubuntu Server.

2. Use Wireshark to identify encryption details:

  • Apply filters like tls or ssh to focus on encrypted traffic.
  • Analyze the handshakes and encryption protocols used.

Summary

By setting up this home lab project, you can gain practical experience with packet sniffing using tools like Wireshark and Tcpdump on Kali Linux. The Ubuntu Server will act as a controlled target, hosting various services. This setup will help you understand how to capture and analyze network traffic, which is a valuable skill in cybersecurity. If you have any questions or need further assistance, feel free to ask!

--

--