Packet Sniffer
Objective:
To create a home lab environment for learning and practicing packet sniffing using ARM-based macOS, Kali Linux, and an ARM Ubuntu server. This project will cover:
- Setting up the environment.
- Configuring necessary tools.
- Conducting packet sniffing exercises.
Lab Setup:
Components:
- macOS (ARM): Primary workstation for accessing the lab environment.
- Kali Linux (VM): Used for offensive security tasks, including packet sniffing.
- Ubuntu Server (ARM): Hosts network services and acts as a target for packet sniffing.
Step-by-Step Instructions:
1. Setting Up the Environment
1.1. Install VirtualBox on macOS
- Download and install VirtualBox for ARM macOS.
- Download the ARM images for Kali Linux and Ubuntu Server:
- Kali Linux ARM Image
- Ubuntu Server ARM Image
1.2. Set Up Kali Linux VM
- Open VirtualBox and create a new VM:
- Name:
KaliLinux
- Type:
Linux
- Version:
Other Linux (64-bit)
- Allocate memory and create a virtual hard disk.
- Attach the Kali Linux ARM image to the VM and start the VM.
- Follow the on-screen instructions to complete the Kali Linux installation.
1.3. Set Up Ubuntu Server VM
- Repeat the above steps to create a new VM for Ubuntu Server:
- Name:
UbuntuServer
- Type:
Linux
- Version:
Ubuntu (64-bit)
- Attach the Ubuntu Server ARM image and complete the installation.
2. Configuring Ubuntu Server
2.1. Install Essential Packages
sudo apt update
sudo apt install openssh-server apache2 mysql-server
2.2. Configure Network Services
- Ensure Apache is running:
sudo systemctl start apache2
sudo systemctl enable apache2
2. Ensure MySQL is running:
sudo systemctl start mysql
sudo systemctl enable mysql
3. Configuring Kali Linux
3.1. Install Packet Sniffing Tools
- Update the system and install essential tools:
sudo apt update
sudo apt install tcpdump
Performing Packet Sniffing Tasks
Example 1: Basic Packet Capture with Wireshark
- Launch Wireshark on Kali Linux:
sudo wireshark
2. Select the network interface (e.g., eth0 or wlan0) to start capturing packets.
- Capture traffic between Kali Linux and Ubuntu Server:
- Open a terminal and run a command to generate traffic, such as SSH or HTTP:
ssh user@<ubuntu_server_ip>
Browse a webpage hosted on the Ubuntu Server:
curl http://<ubuntu_server_ip>
- Analyze the captured packets in Wireshark:
- Apply filters to focus on specific types of traffic (e.g., ssh, http, tcp, udp).
Example 2: Command-Line Packet Capture with Tcpdump
- Run Tcpdump to capture traffic on Kali Linux:
sudo tcpdump -i eth0 -w capture.pcap
-i eth0
specifies the interface.-w capture.pcap
writes the captured packets to a file.
Generate traffic between Kali Linux and Ubuntu Server:
- Perform actions like SSH, HTTP requests, or any other network activity.
Stop the Tcpdump capture:
- Press Ctrl + C to stop the capture.
Analyze the captured packets:
- Open the capture file in Wireshark:
sudo wireshark capture.pcap
- Use Wireshark filters to analyze the traffic.
Example 3: Advanced Packet Analysis with Wireshark
- Capture encrypted traffic:
- Perform SSH or HTTPS traffic to the Ubuntu Server.
2. Use Wireshark to identify encryption details:
- Apply filters like
tls
orssh
to focus on encrypted traffic. - Analyze the handshakes and encryption protocols used.
Summary
By setting up this home lab project, you can gain practical experience with packet sniffing using tools like Wireshark and Tcpdump on Kali Linux. The Ubuntu Server will act as a controlled target, hosting various services. This setup will help you understand how to capture and analyze network traffic, which is a valuable skill in cybersecurity. If you have any questions or need further assistance, feel free to ask!