Professional Documents
Culture Documents
Lab 2
Capturing Network Traffic
1. Wireshark on Kali
1) Open a web browser → Start to capture the traffic from eth0 → Connect
to www.amazon.com in the web browser → If loading the initial page was
finished, stop to capture the traffic.
2) Try to see the traffic only between your laptop and Amazon webserver
using Follow function. If you are not sure the IP address Amazon
webserver, remember thing you did in the last lab.
3) Q) Can you check the SYN → SYN-ACK → ACK for TCP handshake?
4) Q) Can you check the SSL/TLS connection?
o Find the following traffic sequences:
▪ Client Hello
▪ Server Hello, Certificate
▪ Server Key Exchange, Server Hello Done
o Find the following information:
▪ CipherSuites that your browser support. (Hint) Your browser is
client.
▪ The agreed CipherSuite used in this SSL/TLS connection.
1
CSCI369 Ethical Hacking
This material is copyrighted. It must not be
distributed without permission from
Joonsang Baek and Jongkil Kim
Scapy is a Python program that enables the user to generate, modify, sniff,
dissect and transmit network packets. This capability allows construction of
tools that can probe, scan or attack networks. Scapy is already installed on the
Kali linux. Start it by typing scapy in the terminal.
2) SYN-ACK Test: Now, let’s try to do some fun things. The sr() function in
Scapy is for sending packets and receiving responses. In particular, the
input of this function is multiple packets (to send) and the return value is
multiple responses (represented as packets). Its variant sr1()only
takes one packet as input and returns one packet as a response.
2
CSCI369 Ethical Hacking
This material is copyrighted. It must not be
distributed without permission from
Joonsang Baek and Jongkil Kim
o Try more commands to get the information of the packet using the
table below: (Hint: Replace “pkt” with the packet you have read, e.g.
a[23])
4) [Scapy with python] Scapy can also be used as a python library. You can
create your own automated analysis program of packets (or attacks)
using Scapy. Your task is to write a python program that extracts the
packet containing user ID and password from the downloaded pcap file.
(Hint: Use the functions above and python basic commands to figure out
what are the user id (followed by “user_name”) and password (followed by
“password”). )
To include the scapy package in your python code, use “from scapy.all
import *”