Free Essay

Packet Sniffing

In:

Submitted By anky
Words 3356
Pages 14
A SEMINAR REPORT ON | PACKET SNIFFER | SUBMITTED BY SUBMITTED ONKUNAL GOPAL THAKUR MAY 14,2010VISHAL SHIRGUPPIJUSTIN FRANCISSHAZIA ALIUNDER THE GUIDANCE OF MR. SUNIL SURVEFR. CONCEICAO RODRIGUES COLLEGE OF ENGINEERINGBANDRA(W)MUMBAI – 400 050 |

CERTIFICATE

This is to certify that, Mr. KUNAL GOPAL THAKUR , Mr. VISHAL SHIRGUPPI ,Mr. JUSTIN FRANCIS and Ms. SHAZIA ALI have completed their project on PACKET SNIFFER satisfactorily in partial fulfillment under the department of Computer Engineering during academic year 2009-2010.

____________________________ Teacher In-Charge

ACKNOWLEDGEMENT

We would like to express our sincere thanks and gratitude to our guide Mr. Sunil Surve for his valuable guidance and suggestions. We are highly indebted to him for providing us an excellent opportunity to learn and present our studies in the form of this seminar report.
We take this opportunity to thank the members of the teaching and non-teaching staff of Fr.CRCE for the timely help extended by them.
Lastly thanking our parents, for their morale support and encouragement.

Kunal Gopal Thakur
Vishal Shirguppi
Justin Francis
Shazia Ali

ABSTRACT:
Packet sniffing is a technique of monitoring every packet that crosses the network. A packet sniffer is a piece of software or hardware that monitors all network traffic. The security threat presented by sniffers is their ability to capture all incoming and outgoing traffic, including clear-text passwords and usernames or other sensitive material. While packet sniffers can be fully passive, some aren’t, therefore they can be detected. This paper discusses the different methods that Anti-Sniff uses to detect these sniffing programs.[------PACKET SNIFFER DETECTION WITH ANTI SNIFF]

Table of Contents 1.0 Introduction.......................................................................................................................................................1

2.0 What is a packet sniffer? .................................................................................................................................2

3.0 Uses of a packet sniffer....................................................................................................................................3

4.0Sniffing tool……………………………………………………………………………………....4

5.0 Sniffing methods ..............................................................................................................................................5

5.1.1 IP-based sniffing ...........................................................................................................................................5

5.1.2 MAC-based sniffing ......................................................................................................................................5

5.1.3 ARP-based sniffing........................................................................................................................................5

6.0 Anti sniff assumption........................................................................................................................................7

7.0 Anti-Sniff detection methods…………………………………………………………………….7

7.1 Mac Detection…………………………………………………………………………………..7

7.1.1 Ethernet Network Interface Cards…………………………………………………………….8

7.1.2 TCP/IP on Ethernet ………………………………………………………………………….8
7.1.3 Implementation ……………………………….………………………………………………8
7.1.4 Results ………………………………………………………………………………………..9
7.2 DNS Detection………………………………………………………………………………….10
7.2.1 Exploit Sniffer Behavior………………………………………………………………………11
7.2.2 Implementation……………………………………………………………………………….12
7.2.3 Results ………………………………………………………………………………………..13
8.0 Conclusion……………………………………………………………………………………...14
9.0 References……………………………………………………………………………………....15

1.0 Introduction
Packet sniffing is a technique of monitoring every packet that crosses the network. A packet sniffer is a piece of software or hardware that monitors all network traffic. This is unlike standard network hosts that only receive traffic sent specifically to them. The security threat presented by sniffers is their ability to capture all incoming and outgoing traffic, including clear-text passwords and user names or other sensitive material. In theory, it’s impossible to detect these sniffing tools because they are passive in nature, meaning that they only collect data. While they can be fully passive, some aren’t therefore they can be detected. This paper discusses the different packet sniffing methods and explains how Anti-Sniff tries to detect these sniffing programs.

2. Working of packet sniffer:
A packet sniffer works by looking at every packet sent in the network, including packets not intended for itself. This is accomplished in a variety of ways. These sniffing methods will be described below. Sniffers also work differently depending on the type of network they are in
Shared Ethernet:
In a shared Ethernet environment, all hosts are connected to the same bus and compete with one another for bandwidth. In such an environment packets meant for one machine are received by all the other machines. Thus, any machine in such an environment placed in promiscuous mode will be able to capture packets meant for other machines and can therefore listen to all the traffic on the network.
Switched Ethernet:
An Ethernet environment in which the hosts are connected to a switch instead of a hub is called a Switched Ethernet. The switch maintains a table keeping track of each computer's MAC address and delivers packets destined for a particular machine to the port on which that machine is connected. The switch is an intelligent device that sends packets to the destined computer only and does not broadcast to all the machines on the network, as in the previous case. This switched Ethernet environment was intended for better network performance, but as an added benefit, a machine in promiscuous mode will not work here. As a result of this, most network administrators assume that sniffers don't work in a Switched Environment. [2]

3. Uses of Packet Sniffers
Sniffing programs are found in two forms. 1) Commercial packet sniffers are used to help maintain networks. 2) Underground packet sniffers are used by attackers to gain unauthorized access to remote hosts. Listed below are some common uses of sniffing programs:
• Searching for clear-text usernames and passwords from the network.
• Conversion of network traffic into human readable form.
• Network analysis to find bottlenecks.
• Network intrusion detection to monitor for attackers.
Using a sniffer in an illegitimate way is considered a passive attack. It does not directly interface or connect to any other systems on the network. However, the computer that the sniffer is installed on could have been compromised using an active attack. The passive nature of sniffers is what makes detecting them so difficult. The following list describes a few reasons why intruders are using sniffers on the network: * Capturing clear-text usernames and passwords * Compromising proprietary information * Capturing and replaying Voice over IP telephone conversations * Mapping a network * Passive OS fingerprinting
Obviously, these are illegal uses of a sniffer, unless you are a penetration tester whose job it is to find these types of weaknesses and report them to an organization. For sniffing to occur, an intruder must first gain access to the communication cable of the systems that are of interest. This means being on the same shared network segment, or tapping into the cable somewhere between the paths of communications. If the intruder is not physically present at the target system or communications access point, there are still ways to sniff network traffic. These include: * Breaking into a target computer and installing remotely controlled sniffing software. * Breaking into a communications access point, such as an Internet Service Provider (ISP) and installing sniffing software. * Locating/finding a system at the ISP that already has sniffing software installed. * Using social engineering to gain physical access at an ISP to install a packet sniffer. * Having an insider accomplice at the target computer organization or the ISP install the sniffer. * Redirecting communications to take a path that includes the intruder’s computer.
4. Sniffing Tools * tcpdump: Tcpdump is a powerful tool that allows us to sniff network packets and make some statistical analysis out of those dumps. One major drawback to tcpdump is the size of the flat file containing the text output. But tcpdump allows us to precisely see all the traffic and enables us to create statistical monitoring scripts.[3] * sniffit: Robust packet sniffer with good filtering. [3] * Ethereal: A free network protocol analyzer for UNIX and Windows. It allows you to examine data from a live network or from a capture file on disk.[3] * Hunt: The main goal of the HUNT project is to develop tools for exploiting well-known weaknesses in the TCP/IP protocol suite. [3] * Dsniff: Dsniff is a collection of tools for network auditing and penetration testing. dsniff, filesnarf, mailsnarf, msgsnarf, urlsnarf, and webspy passively monitor a network for interesting data (passwords, e-mail, files, etc.). arpspoof, dnsspoof, and macof facilitate the interception of network traffic normally unavailable to an attacker (e.g, due to layer-2 switching). sshmitm and webmitm implement active monkey-in-the-middle attacks against redirected SSH and HTTPS sessions by exploiting weak bindings in ad-hoc PKI. * IP spoofing : When the sniffing program is on a segment between two communicating end points, the intruder can impersonate one end in order to hijack the connection. This is often combined with a denial of service (DoS) attack against the forged address so they don't interfere anymore. [1]

5.1 Sniffing methods [4]
There are three types of sniffing methods. Some methods work in non-switched networks while others work in switched networks. The sniffing methods are: IP-based sniffing, MAC-based sniffing, and ARP-based sniffing.
5.1.1 IP-based sniffing
This is the original way of packet sniffing. It works by putting the network card into promiscuous mode and sniffing all packets matching the IP address filter. Normally, the IP address filter isn’t set so it can capture all the packets. This method only works in non-switched networks.
5.1.2 MAC-based sniffing
This method works by putting the network card into promiscuous mode and sniffing all packets matching the MAC address filter.
5.1.3 ARP-based sniffing
This method works a little different. It doesn’t put the network card into promiscuous mode. This isn’t necessary because ARP packets will be sent to us. This happens because the ARP protocol is stateless. Because of this, sniffing can be done on a switched network. To perform this kind of sniffing, you first have to poison the ARP cache1 of the two hosts that you want to sniff, identifying yourself as the other host in the connection. Once the ARP caches are poisoned, the two hosts start their connection, but instead of sending the traffic directly to the other host it gets sent to us. We then log the traffic and forward it to the real intended host on the other side of the connection. This is called a man-in-the-middle attack. See Diagram 1 for a general idea of the way it works.

Diagram 1: ARP sniffing method

6 ANTI-SNIFF ASSUMPTIONS
We have made various assumptions when we developed our remote sniffer detector. These assumptions limit the types of sniffers that we can detect. However, we feel that our assumptions are valid and reasonable .One assumption we have made is that the sniffer is an actual sniffer program running on a host .That is, we disallow the possibility that the sniffer is a dedicated device that a hacker physically attaches to the network. This is a rather reasonable assumption since a lot of break-ins are done remotely by hackers with no physical access to the network whatsoever. Usually, a UNIX machine is broken in to , and the hacker logs on to the compromised machine and installs a sniffer with root access. Another assumption we have made is that the network segment that we are interested in, the network segment which we wish to detect whether a sniffer is running or not, is an Ethernet segment. Again, this is a reasonable assumption since a large percentage of the network segments on the Internet are Ethernet .This leads us to mention that we also assume that TCP/IP is the protocol that the network is using. Although some of our techniques can be modified to support other networking protocols, the implementation is based on TCP/IP since it is, by far, the most popular network protocol today.

7.0 Anti-Sniff detection methods :
7.1 MAC DETECTION
The MAC detection technique for detecting sniffers running on a Ethernet segment requires that the machine running the detector be on the same Ethernet segment as the host that is suspected of running a sniffer. Thus, this technique allows remote detection of sniffers on the same Ethernet segment, but not the remote detection of sniffers across different networks .The basic idea behind the MAC detection technique is simple and has been discussed in the past [6].

7.1.1 Ethernet Network Interface Cards:
A basic Ethernet network interface card has a unique medium access control (MAC) address assigned to it by its manufacturer. Thus, all network interface cards (NIC) can be uniquely identified by its MAC address. Since Ethernet is a shared medium network, all data packets are essentially broadcasted. Since passing all packets broadcasted on the network to the operating system is inefficient , Ethernet controller chips typically implement a filter which filters out any packet that does not contain a target MAC address for the NIC .Since sniffers are interested in all traffic on the Ethernet segment, NICs provide a promiscuous mode. In promiscuous mode, all Ethernet data packets, regardless of the target MAC address, are passed to the operating system. Thus, when a sniffer is running on a machine, the machine's NIC is set to promiscuous mode to capture all of the Ethernet traffic . Figure2 shows the flow diagram of the Ethernet data packet path to the operating system .
7.1.2 TCP/IP on Ethernet:
The Ethernet protocol standard, IEEE 802.3, specifies the Ethernet packet structure. Figure2 shows a IP packet encapsulated in a Ethernet packet. For TCP/IP, a normal IP packet destined to a particular Ethernet host has the destination host's MAC address filled in the Ethernet header and the IP address of the destination filled in the IP header. Thus, IP packets transported by Ethernet have two addresses, both of which normally correspond to a machine's MAC address and IP address [6].

7.1.3 Implementation :
The implementation of the MAC detection technique is quite simple. The detection tool implements a ICMP Echo Request packet generator .The tool generates the full ICMP packet as well as the outer Ethernet packet that encapsulates the ICMP packet. The Ethernet packet is generate such that the target MAC address is different from the actual MAC address of the target machine. So, for any suspected host on the Ethernet segment, the tool can generate the ICMP Echo Request with incorrect MAC address and check if a ICMP Echo Reply is returned. If so, the suspected host is in promiscuous mode. Thus, a sniffer could likely be running on that host. Figure 3 shows how the MAC detection technique works as implemented.

7.1.4 Results :
The MAC detection technique works only against operating systems with a TCP/IP protocol stack that does not have the check against correct MAC addresses. We were able to confirm that Linux 2.0.35 was vulnerable to this kind of sniffer detection. We were able to detect when a Linux machine went in to promiscuous mode with 100% accuracy. However, FreeBSD 2.2.7 was not vulnerable to this kind of sniffer detection. The networking code in FreeBSD 2.2.7 correctly implements the necessary check so that incorrectly addressed Ethernet packets never reach the ICMP processing code.

Flow of Ethernet data packet with OS

8.0 DNS DETECTION:
The DNS detection technique exploits a behavior common in all password sniffers to date. This technique requires that the system administrator controls the Domain Name Server (DNS) [6]
8.1 Exploit Sniffer Behavior:
The DNS detection technique works by exploiting a behavior common to all password sniffers we have seen. The key observation is that all current password sniffers are not truly passive. In fact, password sniffers do generate network traffic, although it is usually hard to distinguish whether the generated network traffic was from the sniffer or not. It turns out that all password sniffers we have come across do a reverse DNS lookup on the traffic that it sniffed. Since this traffic is generated by the sniffer program, the trick is to detect this DNS lookup some how from normal DNS lookup requests. It is not hard to come up with the following idea. We can generate fake traffic to the Ethernet segment with a source address of some unused IP address that we provide the DNS service for. Then, since the traffic we generate should normally be ignored by the hosts on the segment, if a DNS lookup request is generated, we know that there is a sniffer on the Ethernet segment.
8.2 Implementation:
The implementation of the DNS detection technique is quite straight forward. The tool that implement this technique runs on the machine that is registered to provide the reverse DNS lookup for the trigger IP address, the invalid IP address that is used as the source address in the fake traffic. The tool generates a fake FTP [PR85] connection with the source IP address set to the trigger IP address. Then, the tool waits for a period of user definable time on the DNS service port. Within this period of time, the tool counts the number of DNS requests for the trigger IP address. When the time expires, the tool reports the number of DNS request counted. Note that the tool never returns a DNS reply. This is to avoid having the DNS entry being cached in some intermediate DNS server. The reason why DNS request needs to be counted is that the fake FTP traffic may actually be destined for a real machine on the network that provides FTP service. If so, that machine may trigger a DNS lookup. Thus, there are two cases we need to consider. If the fake FTP traffic ends up being destined to a real machine on the network, then if we count two or more DNS lookups, a sniffer is probably running on the network. Otherwise, if only one DNS lookup occurs, it is probably a legitimate lookup being performed by the host. The other case is that the fake traffic ends up being destined to no particular machine on the network. Then, if one or more DNS lookup occurs, there is most likely a sniffer on the network.

8.3 Results :
The DNS detection technique was able to detect sniffers running on a Ethernet segment with 100% accuracy regardless of operating system type. The default behavior of esniff, linsniff, sniffit and even tcpdump is to perform the reverse DNS lookup. Furthermore, it is possible to assign a trigger IP address to each network segment to perform the DNS detection technique .This is useful because even if the password sniffer does not perform a reverse DNS lookup, that is, the tool does not detect a sniffer in the required timeout period, the hacker may sometime in the future perform a reverse DNS lookup on the logged password entry. If so, then this technique can be extended to keep track of which IP address is assigned to what network and report a DNS lookup whenever it sees it in the future. request. Thus, the router will never generate the traffic on the network. However, this is possible to do if the machine running the tool is on the same network, therefore it can generate the fake traffic with invalid MAC addresses.

Diagram of DNS detection.

9.0 Conclusion :
When computers communicate over networks, they normally just listen to the traffic specifically for them. However, network cards have the ability to enter promiscuous mode, which allows them to listen to all network traffic regardless of if it’s directed to them. Packet sniffers can capture things like clear-text passwords and usernames or other sensitive material. Because of this packet sniffers are a serious matter for network security. Fortunately, not all sniffers are fully passive. Since they aren’t tools like Anti-Sniff can detect them. Since sniffing is possible on non-switched and switched networks, it’s a good practice to encrypt your data communications.

References-
1 ) Website (http://www.iss.net/security_center/advice/Underground/Hacking/Methods/Technical/Packet_sniffing/default.htm)
2) Ryan Spangler “Packet Sniffing on Layer 2 Switched Local Area Networks” University of Wisconsin – Whitewater Department of Computer and Network Administration
Packetwatch Research URL : http://www.packetwatch.net (December 2003)
3) Suhas A Desai “ Packet Sniffing: Sniffing Tools Detection Prevention Methods” University of California Department of Network Administration.(April 2004)
4) Ryan Spangler University of Wisconsin –“Packet Sniffer Detection with Anti Sniff ” Research URL http://www.packetwatch.net (May 2003) 5) A. Ornaghi, M. Valleri, “Man in the middle attacks Demos” Blackhat [Online Document], 2003,
Available HTTP: http://www.blackhat.com/presentations/bh-usa-03/bh-usa-03-ornaghi-valleri.pdf
6) Remote Sniffer Detection- David Wu and Frederick Wong fdavidwu , fredwongg@cs.berkeley.edu Computer Science Division University of California, Berkeley, CA 94720 (December 14, 1998)

Similar Documents

Free Essay

Packet Sniffing Prevention

...Packet Sniffing Prevention Blocking a Wireless Sniffer-Public Connection • Disable the automatic connection feature in wireless settings • Configure a firewall that is automatically installed with Window updates. Enhance the strength of the firewall and increase security settings to “block all incoming connections” • Confirm the public network’s home page includes a privacy policy. (Networks that use encryption to protect other users from accessing files on the computer will come complete with a privacy policy. Networks that don’t have a privacy statement on the home page do not use encryption.) • Use sites with ‘https’ at the beginning of the URL instead of ‘http’. The ‘s’ = security Tips to Defend against Sniffing • Restrict the physical access to the network media to ensure that a packet sniffer is not able to be installed • Use encryption to protect confidential information • Permanetly add MAC address to the gateway to the ARP cache • Use static IP and static ARP table –prevents attackers from adding the spoofed ARP entries • Turn off network identification broadcast and restrict the network to authorized users • Use IPv6 instead of IPv4 • Use encrypted sessions like: SSh, SCP, SSL • Use security :PGP and S/Mipe, VPN, IPsec, TLS and OTP Packet Sniffing Prevention • Best way – Use Encryption • Secure Socket Layer –encapsulates data with help of original certificates and digital signatures • IP Security- adds security at packet level...

Words: 551 - Pages: 3

Premium Essay

Nt1310 Unit 3 Assignment 3

...Wireshark Wireshark, a network analysis tool formerly known as Ethereal, collects packets in real time and display them in human-readable format. Wireshark includes filters, color-coding and numerous other features that allows deep analysis of network traffic and scrutinizes specific packets. It is used for networking troubleshooting, Malware analysis and education purposes. NMAP Nmap ("Network Mapper") is a Free Security Scanner for Network Exploration and Hacking. It is utilised to scan a network and collects data about the target network. It reports on open ports, Services running in the host, OS information and packet filters and firewall information. John the Ripper John the Ripper (JTR) is free and fast password cracker. Its main purpose is to detect susceptible UNIX passwords. It is one of the most widespread password...

Words: 541 - Pages: 3

Free Essay

Report

...SOFTWARE REQUIREMENT SPECIFICATION NET VIGILANT NETWORK MONITOR V1.1 Printed On: 3rd Dec 2007 C:\Washington University\ProjectDocument2.doc Department Of Computer Science & Engineering Washington University in Saint Louis Submitted By Subharthi Paul Madhuri Kulkarni Table of Contents |1 |INTRODUCTION |3 | |1.1 |Abstract____________________________________________________________ |4 | |1.2 |Introduction_________________________________________________________ |5 | |1.3 |Product Overview____________________________________________________ |6 | | | | | |2 |SPECIFIC REQUIREMENTS |8 | |2.1 |External Interface Requirements_________________________________________ |9 | | |2.1.1 User Interfaces_________________________________________________ ...

Words: 1548 - Pages: 7

Free Essay

Implementing Firewall Configurations

...configure, maintain and monitor rules for multiple profiles, notifications and authenticated exceptions and he would also like me to be able to create and manage inbound and outbound rules and with windows firewall I can accomplish both of these task because Windows Firewall with Advanced Security works by examining the source and destination addresses, source and destination ports, and protocol numbers of a packet, and then comparing them to the rules that are defined by the administrator. When a rule matches a network packet then the action specified in the rule (to allow or block the packet) is taken. Windows Firewall with Advanced Security also lets you allow or block network packets based on whether they are protected by IPsec authentication or encryption. Then I could also have capabilities of Data encryption and connection security rules with Windows Firewall Data protection includes both data integrity and data encryption. Data integrity uses message hashes to ensure that information is not being changed while in transit. Hash message authentication codes (HMAC) sign packets to verify that the information received is exactly the same as the information sent. This is called integrity and it is critical when data is exchanged over unsecured...

Words: 344 - Pages: 2

Free Essay

Sec 402 Wk 8 Assignment 2 Implementing Network

...SEC 402 WK 8 ASSIGNMENT 2 IMPLEMENTING NETWORK To purchase this visit here: http://www.activitymode.com/product/sec-402-wk-8-assignment-2-implementing-network/ Contact us at: SUPPORT@ACTIVITYMODE.COM SEC 402 WK 8 ASSIGNMENT 2 IMPLEMENTING NETWORK SEC 402 WK 8 Assignment 2 - Implementing Network and Personnel Security Measures Write a four to five (4-5) page paper in which you: 1. Create an information flow diagram, using Visio or Dia, which: a. Illustrates how remote users will securely connect to the government agency’s network. b. Illustrates the patch of network devices that data packets must travel to get from server to remote user’s device and back to server. Note: The graphically depicted solution is not included in the required page length. 2. Provide an equipment list of network security devices that would be needed to ensure the integrity and sensitivity of private information. In this list: a. Propose at least two (2) vendor brands per each device and the associate costs required to procure these items. b. Identify the functionality each device serves and the expected benefits the government agency should experience upon the successful installation of this equipment. 3. Develop a maintenance plan that should be recommended to the government agency to ensure having the latest security measures available within the network in which you: a. Describe the risks associated with not fulfilling the activities outlined within your maintenance plan...

Words: 832 - Pages: 4

Free Essay

Nt2580 Lab 2.2

... Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.1.5, timeout is 2 seconds: .!!!! Success rate is 80 percent (4/5), round-trip min/avg/max = 0/0/2 ms PC>ping 192.168.1.5 Pinging 192.168.1.5 with 32 bytes of data: Reply from 192.168.1.5: bytes=32 time=1ms TTL=128 Reply from 192.168.1.5: bytes=32 time=0ms TTL=128 Reply from 192.168.1.5: bytes=32 time=0ms TTL=128 Reply from 192.168.1.5: bytes=32 time=0ms TTL=128 Ping statistics for 192.168.1.5: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 1ms, Average = 0ms Packet Tracer PC Command Line 1.0 PC>ping 192.168.1.4 Pinging 192.168.1.4 with 32 bytes of data: Reply from 192.168.1.4: bytes=32 time=1ms TTL=128 Reply from 192.168.1.4: bytes=32 time=0ms TTL=128 Reply from 192.168.1.4: bytes=32 time=0ms TTL=128 Reply from 192.168.1.4: bytes=32 time=0ms TTL=128 Ping statistics for 192.168.1.4: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 1ms, Average =...

Words: 277 - Pages: 2

Premium Essay

Term Paper: Ripe

...Game.............2 Logging Packets...............3 Sending Packets...............3-4 Dynamic Packets..............5 Packet Blocking...............6 Packet Modification........6 Opcode Labeling..............7 Introduction to RiPEST...7 RiPEST Database.............8 Further Reading................8 1 RiPE Injecting RiPE: If you are using RiPE Launcher: Select the game or process that you want to inject into, and then click the "Inject" button. RiPE Launcher comes with RiPE. Make sure that RiPE Launcher is in the same folder / directory as RiPE.dll. If you are using Injector Gadget: Select the game or process that you want to inject into from the left. Add RiPE.dll to the DLLs to Inject list by browsing for it or dragging the .dll and dropping it into the DLLs to Inject box. After that is done, click the "Inject" button. Do NOT check "Cloak DLL." RiPE uses its own cloaking methods. Selecting a Game: After injecting, you should now see a "Game Selection" dialog. Select the game that you want to use RiPE for from the left, and the version from the right. Click on "Continue." You may additionally "Search for a Plugin" to search the RiPEST plugin database for other plugins. Plugins appear on the Game Selection menu just like any other game. 2 RiPE Logging Packets: To log packets, simply click "Hook Send" or "Hook Recv." Hook Send will log packets sent FROM the client TO the server. Hook Recv will log packets sent FROM the server TO...

Words: 1937 - Pages: 8

Premium Essay

Nt1310 Unit 1 Case Study

...oversubscribed port occurs, some of the packets must end up being dropped. Those client packets are being dropped will experience a slow-down in their file transfers or in the responsiveness of the network-based applications they are running. Overall network performance congestion could cause even though by subscribed high bandwidth ISP to internet access but hardware cannot utilizes the bandwidth ISP provide. b. Corruption If packets is corrupted by faulty cabling, electrical interference, or switch hardware faults then the corrupted packets will be dropped by the receiving switch. If corrupt packets at high rate it will cause a slow-down in network performance. Because servers/hosts require to resend the dropped packets again to the clients. If this issues did not fix it will cause the network traffic busy because the same data is resend again. It will occupied the network bandwidth cause another client on the network experience slow network. c. Collisions...

Words: 978 - Pages: 4

Free Essay

Foss

...for a change in the way data is delivered. Currently it’s by one packet of information (data) at a time. After some research I have learned there are a number of ways people are trying to change this method of data delivery. Some of them are: • Packets • Capsules • Holograms and Lasers • Teleportation I will give a brief explanation of each one and include the advantages and disadvantages. The current technology uses packets which are small files of information wrapped by a header and footer with security information on the both sides. These are the destination the packets are being sent to and the source that the packets are coming from. The advantages are: Packets are very secure because they can use encryption. Key exchange algorithms are used to securely exchange a shared secret value between two computers over an unsecured network connection. The computers exchange information that, when processed by the algorithm, produces the shared secret value. A third computer listening on the network and intercepting network packets between the first two computers cannot determine the shared secret value. The shared secret value can then be used as a session key, or to generate a session key, to encrypt the rest of the communications used in the IPsec negotiations. (Technet) • Small enough to send quickly The disadvantages are: • high learning curve • only sent one packet at a time Bottom line with packets it is like downloading a two-hour movie in 3 hours with a Fast-Ethernet...

Words: 1069 - Pages: 5

Premium Essay

Abc: Foodles Finance of Foodles

...Cost of yoodles is Rs. 10. 2. Sales Pattern in two halfs of 2011 is in the ratio 45:55. 3. The Duzy Pasar Retail Chain is available in 77 cities Working: | Demeter | Category | Total sales Ytd. 2011(Rs.) | 15381861.56 | 314249823.08 | Projected Yearly sales FY 2011(Rs.) | 34147733 | 697634607 | Target Market share | 15% | - | New Projected Sales FY 2011 | 104645191 | - | Incremental Sale | 69995007 | | Total Cost of BTL | 109152928 | - | ROI | 64% | - | Calculation of the cost: The following are the various costs for the BTL activities: Sample explanation: 1. Wet Sampling: 1 packet will serve 5 customers No. of customers per day: 40 (metros)+ 30(B & C Class cities) No. of packets per day per hyper per metro: 8+5.2=13.2 Total no. of packets: 8*15 (metros)+ 5.2* (77-15)= 442 Cost per day: 442* 7(unit cost of a packet)= 3097 per month Total cost for the next six month (2nd half-year): Rs. 557424 Similar calculations are done for other BTL Strategies. Analysis of the data provided: 1. For yoodles, in terms of cities. , the highest growth in sales nos.is in Mini metros & town class (‘C’ & ’D’ Class cities). 2. Also, the growth is highest for Modern Stores- Urban. 3. Region wise: * In Ytd. 2010, South & East did decently whereas North & west had extremely poor sales. * In Ytd. 2011, North & West picked up in sales. But Still we have highlighted North & West to strengthen its Market...

Words: 283 - Pages: 2

Free Essay

Term Paper

...Expectations from students: The aim of this Term Paper is to produce a Programming logic or Animation on the assigned Topic. The assignment is to read the existing system/problem and create a program of your concept to obtain the expected results. Assistance from text and reference books, articles and reports on the concerned topics from Internet can be taken but the animation logic should be your own piece of work. Along with, students are supposed to write an abstract of the topic with example, real world applications, and impact on society or solutions recommended. Abstract submission: (3-4 pages) • Description of the topic • Example of the given topic • Future plan of the given work. The Abstract (Synopsis) of the topic must be submitted latest by 15thof Sept and submission will be accepted thereafter. Final submission: a) A report containing following contents: 1. Introduction Provide a brief textual description of the problem. Elaborate on the given problem statement, providing some more detail. 2. Background a. What was the weakness in the previous algorithm/concepts and requirement of existing algorithm/concept? 3. Methodology : a. Steps of making the program (graphics be used to showcase the output) 4. Observation a. Result in the form of output and a well formatted report. 5. Future Scope and Suggestion --- Suggestion to improve the existing...

Words: 835 - Pages: 4

Free Essay

Tech Support

...William Kollie IS3120: Convergence of IP Based Network MR. McMiller July 20 2014 The dial up connection is made from a computer through modem and telephone line to the ISP's computer. The computer uses data in digital form. It means that it the computer can transmit data in 1's and 0's on and off also called digital or binary form. On other hand, telephone lines transmit data in analog form. It means that they transmit data by sound. the telephone line from your house is joined to a special terminal that sends the data received from their computers in form of audio signals from to enter the Public Switched Telephone Network PSTN. From PSTN, it is routed to the person or ISP that the modem is calling through the internet. Dial-up connection face connectivity problem which the user has to deal with. Dial up connection is unstable, dialup demand phone line connection which block incoming calls access, the chief disadvantage of dialup Internet, as compared with broadband Internet, is its slowness. Access to modern broadband networks is essential in the information age, said FCC Chairman Tom Wheeler. Yet 15 million Americans live in areas where they can’t get wireline broadband no matter how much they want it. These funds will jump-start broadband access in areas that would otherwise be bypassed by the digital economy. At least 100 million U.S. homes should have affordable access to actual download speeds of at least 100 megabits per second and actual upload speeds...

Words: 687 - Pages: 3

Premium Essay

It321 Unit 1

... Step 11- 192.168.1.97 Step 12- No Step 13- None Step 14- No it could not ping default gateway, 192.168.1.15 Step 15- No Step 18- R1, R2, and R3 are connected, because it use PPP Step 19- Fa0/0 192.168.1.65 255.255.255.224 Step 21- Yes Step 22- 192.168.1.49, 192.168.1.98, 192.168.1.33, 192.168.1.78; R1 forward the packet to R3 which send it to R2 which sends it to PC2 Step 24- 192.168.1.98 R3 S0/0/0 Step 26- 192.168.1.34 belongs to R3 S0/0/1; 192.168.1.17 belongs to R1 S0/0/0 Step 27- Yes, Serial interface S0/0/1 Step 28- Yes, passive interface S0/0/1 Lab 7 Step 2- R2 Fa0/0 192.168.2.254, PC2 192.168.2.2 Step 3- 192.168.1.0/24, 192.168.2.0/24, 192.168.3.0/24, 192.168.12.0/24, 192.168.13.0/24, and 192.168.23.0/24 Step 4- Yes, All route exist on table Step 5- R3 S0/0/0 192.168.13.3, R1 S0/0/1 192.168.13.1 Step 6- Goes to R3 then back to R1 Step 8- 192.168.2.0/24 via 192.168.13.3 Step 9- there is no route to 192.168.2.0/24 Step 10- use static default 0.0.0.0 S0/0/0 Step 11- R1 use a static route to 192.168.2.0 that send the packet to R3 and R3 use default to send it back to R1 Step 12- No Step 13- No, from R1 to R2 Step 14- ip route 192.168.2.0 255.255.255.0 192.168.13.3 Step 15- Use command “configure terminal” then command “no ip route” 192.168.2.0 255.255.255.0 192.168.13.3 Step 16- It will take 192.168.12.2 Step 17- Takes route 192.168.12.2 Step...

Words: 610 - Pages: 3

Free Essay

Nt1210 Lab 6. 1-4

...Lab 6.1 Review 1. It uses a beacon like transmission to find other devices on IBSS mode and on the same SSID to connect and share. 2. It has a very very short range and is unable to penetrate walls and other objects. 3. It is able to maintain connection anywhere in the house it is setup in without the need of trailing a connection cable like wired connections so you get a tradeoff of speed vs versatility Lab 6.2 Review 1. The biggest problem would be collision if multiple routers are using the same channel a common example of this is Comcast routers are set to use a channel close to the signal for the ps3 so you get a depredation of signal and loss of data packets as the connection goes on. 2. If a previously stated standard is not compatible with your adapter you could have issues with your connection not connecting Lab 6.3 Review 1. Um well I could write a book but simply a guest having access to your network could result in any imaginable results on your network to name a few rootkits,Trojan droppers, Remote Access Terminals, Keyloggers, Viruse’s. 2. Setting a MAC filter is a good way to filter who has access to your network its simply like saying Fred has access to the building with his fingerprint being scanned by a biometric scanner. Although this can be spoofed by spoofing your mac but you would still have to find out which macs are allowed and have to make sure the mac your spoofing is not connected so that you do not receive a duplicate error. Lab Review 6...

Words: 393 - Pages: 2

Premium Essay

Unit5

...something like a spoken language that uses electricity. A header and/or trailer as a place to store a message that needs to flow through the network with the user data. Leased line creates the equivalent of a cable directly between two remote sites. T Internet Protocol (IP), list the rules so that the network can forward data from end to end through the entire TCP/IP network. IP address identifies that device in a TCP/IP network. Remember, computer networks, including TCP/IP networks, need to deliver bits from one device to another. IP routing defines exactly how routers makes their choices of how to forward data in a TCP/IP network. : frame and packet. The term frame specifically refers to encapsulated data that includes the data-link header and trailer, plus everything in between—including the IP header. The term packet refers to what sits between the data-link header and trailer, but not including the data-link header and...

Words: 257 - Pages: 2