Module Code & Module Title

CC5004NI Security in Computing

Assessment Weightage & Type
Weekly Assignment

Year and Semester

2021 -22 autumn

Student Name: Nischita Paudel

London Met ID: 20049186
College ID: NP01NT4S210092
Assignment Due Date: 1st April 2022
Assignment Submission Date: 1st April 2022
Word Count (Where required): 1109

I confirm that I understand my coursework needs to be submitted online via Google Classroom under the
relevant module page before the deadline for my assignment to be accepted and marked. I am fully
aware that late submissions will be treated as non-submission and a mark of zero will be awarded.
CC5004NI Security in Computing

Tutorial 13 – Analyzing eavesdropping network attacks and man in the middle

scenarios

Question 01. What makes post connection network attacks severe from an
organization’s view of their information security posture?

ANS: Connections can be intercepted between devices and victim remains unknown of
the compromised data, so its underlying weakness in the network protocols makes post
connection network attacks severe from an organization’s view of their information
security posture.

Question 02. Define what are eavesdropping attacks in computer networks. List and
elaborate a few plausible outcomes of this information threat.

ANS: When a hacker intercepts, deletes, or changes data sent between two devices, it
is called an eavesdropping attack. To access data in transit between machines,
eavesdropping, also known as sniffing or snooping, relies on unencrypted network
interactions. Theft of identity is a very real possibility. Identify threat is few plausible
outcomes of this information threat.

Question 03. Write a detailed entry on man in the middle attacks.

ANS: Man-in-the-middle (MITM) attacks are a sort of cybersecurity attack that allows
attackers to listen in on a conversation between two targets. The "man-in-the-middle"
assault takes place between two lawfully communicating hosts, allowing the attacker to
"listen" to a discussion they should not normally be able to listen to, hence the name.
MITM attacks are used to steal login credentials or personal information, as well as to spy
on victims, interrupt communications, and corrupt data.

There are usually two steps to a man-in-the-middle attack:

Interception: To obtain access to a network, attackers often use open or poorly secured
Wi-Fi routers. They also have the power to change DNS servers. Their goal is to find
weak passwords, and they may accomplish it by using IP spoofing or cache poisoning.
They will employ data capture tools to get the victim's information once they have gained
access.
1
Nischita Paudel
CC5004NI Security in Computing

Decryption: This stage involves decoding the intercepted data and preparing it for use by
hackers for their malicious purposes, which can range from identity theft to outright
disruption of business operations.

Question 04. Describe the use case of the ARP network protocol and elaborate what
makes them vulnerable to getting their cache poisoned using false data.

ANS: The Destination Address (ARP) is a technique for translating a dynamic IP

address to a permanent physical machine address in a local area network (LAN). The
actual machine address is known as a media access control (MAC) address. The
primary function of ARP is to translate 32-bit to 48-bit addresses and vice versa. This is
essential because IP addresses in IP version 4 (IPv4) are 32 bits long whereas MAC
addresses are 48 bits long. ARP operates between Layers 2 and 3 of the Open
Systems Interconnection models (OSI model). The MAC address is stored in the data
connection layer, Layer 2 of the OSI model. The IP address is stored in Layer 3, the
network layer. ARP spoofing is also known as ARP poison routing or ARP cache
poisoning. To match their MAC address to the IP address of a real device or service on
the network, a cybercriminal sends fake ARP packets to a target LAN. Because of the
connection, data from the victim's computer could be sent to the attacker's computer
instead of the intended destination. ARP spoofing attacks can be dangerous because
sensitive data can be sent between workstations without the victims' knowledge. ARP
spoofing allows for other sorts of cyberattacks such as man in the middle attacks, denial
of service attacks, and session hijacking.

Question 05. Which terminal command in Linux and windows can be used to view the
ARP cache of a computer system?

ANS: The terminal command in Linux and windows that can be used to view the ARP
cache of a computer system is “arp -a”.

Question 06. How can we initiate the process of verifying if a machine’s ARP cache
can be poisoned, using the arpspoof tool?

2
Nischita Paudel
CC5004NI Security in Computing

ANS: We can initiate the process of verifying a machine’s ARP cache to see if it can be
poisoned by using the command “arpspoof –i [interface] –t [clientIP] [gatewayIP]” using
arpspoof tool.

Question 07. What logical modifier are we looking for, when we are verifying if an ARP
cache has been compromised?

ANS: The Boolean value "True" in the logical modifier verifies that an ARP cache has
been compromised.

Question 08. How can we initiate the process of verifying if a machine’s ARP cache
can be poisoned using the bettercap framework?

ANS: Using the bettercap framework, we can start the process of testing a machine's
ARP cache to see if it can be poisoned by using the command "arp.spoof.fullduplex."

Question 09. When using bettercap for initiating network attacks, what does the
following commands do:

a. help: Displays a list of commands inside bettercap.

b. net. show: Displays a list of all the connected clients.

c. caplets. show: Displays a list of installed caplets.

Question 10. What are caplets used for in bettercap framework?

ANS: Caplets are text files containing a list of commands that the user wishes to
execute. Caplets in bettercap can be used to execute previously run commands
automatically.

Question 11. Write a detailed entry on DNS spoofing.

ANS: DNS spoofing (also known as DNS cache poisoning) is a type of attack in which
modified DNS records are used to redirect online traffic to a fake website that looks like
the real one. Users are then prompted to log into (what they think is) their account,
allowing the culprit the opportunity to steal their login credentials and other sensitive
information. Furthermore, the malicious website is frequently used to infect a user's

3
Nischita Paudel
CC5004NI Security in Computing

computer with worms or viruses, granting the attacker long-term access to the computer
and the data it stores.

A DNS spoofing attack can be carried out in a variety of ways, including:

• Man in the Middle (MITM): Interception of communications between users and a

DNS server to redirect users to a different/malicious IP address is known as man
in the middle (MITM).
• DNS server compromise - When a DNS server is configured to return a malicious
IP address, it is directly hijacked.

4
Nischita Paudel