Construct A Script By Using Scapy Computer Science Essay

Construct A Script By Using Scapy computer Science Essay tuner intercommunicate for the most part clear be defined as a net hold up which is type determine up by development radio signal frequency to communicate among computers and other profits devices. Wireless webs known as WiFi network or WLAN.As a network grows and expands radio commemorate networks atomic number 18 extremely popular and painless to setup feature and no cabling involved. in that respect be two main components to glide path the radio network which be radio set router or access berth and wireless guests. Wireless network norm altogethery consumption in 802.11a, 802.11b, 802.11g, and 802.11n amounts protocol.Wireless network needs t altogetherly trade protection to carry all kinds of confidential selective information which means at least enabling Wired Equivalent Privacy (WEP) on the access forefront. Without proper implementation of security measures, any wireless network adapter coming within the range can access the internet without permission. So, it will results in congestion and slightly of the authorized client cannot access the internet. So, this investigate will do wireless network auditing by sniffleing some of the information within the access point and detect contingent infringements in ability of Computer and Mathematical Sciences.1.1 BackgroundWireless network is a network which is setup by using radio signal frequency to communicate among multiple post at one time. In addition, wireless network referred as WiFi network or WLAN. Although we have a bun in the oven enable WEP encryption on the access point, there ar still some weaknesses which can be good chairer by the users with the right equipment to crack. The assailant can sniff easily with several tools to crack the password to break in as unauthorized person. In order to verify the correct access point settings and detect intrusions in terms of security in wireless network, we earn t he complete script to audit wireless networks.1.2 Problem StatementNowadays wireless network become a rationalize in communication. Each wireless system or access point was setup with certain policies. It is hard to verify whether each wireless access point setup correctly or not. Plus, nowadays we need to use many tools to verify the wireless access point status. Furthermore, most of network admin does not check back each wireless access point after its configuration. Moreoer, we need some tools to identify the intrusions that come where they be try to access the Internet. Besides that, some of assaulters send spoofing frame to try access the wireless network. So, we cannot identify the attackers MAC address.1.3 Research ObjectivesThe main objective of this start isTo construct a script by using ScapyTo sniff and to mention possible intrusion on wireless network related with wireless security.1.4 Scope of the ResearchThis project focuses in Faculty of Computer and Mathematica l Sciences that has multiple access points which will enables to sniff all the information on wireless networks. We focuses on Data Link layer 2 to sniff the broadcast frame and identify possible intrusion.The main platform to go by the tools-Ubuntu10.10We are use two main tools to construct the script which are-Python2.6Scapy1.5 Significance of the ResearchThis project is meaning(a) to gain knowledge to construct the complete script by using Python2.6 and Scapy script. We can learn the easiest way by using this script with the shorter line compared to other script. This project also servings to learn 802.11 frame structure including beacon frame that has transmitted by the access point.1.6 governance of ThesisThis project divided into 5 main chapters Chapter 1 In this chapter, we handleed on the introduction generally of this topic. It includes problem statement, objectives, scope and significance of the research.Chapter 2 This chapter reviewed writings that relate to the top ic with previous researches. We include the similar of related studies to our research.Chapter 3 In third chapter, we identify materials and methods that are described in methodological analysis phases in order to get the desired information for the accomplishment of this research.Chapter 4 In quaternaryth chapter, we discusses on the findings of the research.Chapter 5 lastly, the last chapter is focuses on the recommendations and suggestions where it will summarize the certainty of the research.1.7 resultantThis introduction of this chapter had clearly explained the problem statement, objectives, scope, and significances of the research. This chapter gives a clear view of the overall content of the research.CHAPTER 2LITERATURE REVIEW2.0 IntroductionThis chapter ensures the previous work done by prior tec in the ambit of auditing wireless network, security of wireless network and any other related works. Section 2.1 discuss on main platform to tack together the tools. Section 2.2 discuss on the tools to be use to construct and campaigning the script. Section 2.3 discuss on standard protocol fro wireless Lan(WLAN), IEE 802.11. Then, sections 2.4 discuss on frame for 802.11, 2.5 Wireless LAN components, 2.6 Wireless Network Sniffing, 2.7 reviews for the related works and lastly 2.8 Summarizations of Literature Reviews.2.1 Platform2.1.1 Ubuntu10.10Ubuntu is a free operating system, developed by small team developers who are established Linux Debian projects. This free operating system was developed to facilitate the use of screen background linux, Ubuntu. It developed base on the Debian GNU/Linux distribution and distributed as free and open source software.Most Ubuntu packages are based on package from Debian. two distributions are using Debians deb package format and package counseling tools, Apt and Synaptic. However, sometimes .deb packages need to be rebuild from source to be use in Ubuntu.Ubuntu have variant edition much(prenominal) as GNOME des ktop, KDE edition, Kubuntu and server edition. In this project, we use Ubuntu 10.10 as our platform to run all the tools in it.2.2 Tools2.2.1 PythonPython is the one of the syllabus language that can interpret in developing the applications such as web applications and integrate the system more effectively. Python can run on Windows, Linux/Unix, Mac OS X. All the Python broadcasts can be packaged into stand-alone executable code for many using various tools.In this project, we use the latest pas seul, Python2.6 tool to construct and run the complete script after install all the Python package in Ubuntu10.10. We use Python as a programming language because it is most powerful language and shorter to write the code than other languages. Compared to other programming languages, Python are readable syntax, intuitive object orientation, very heights level dynamic info personas, full modularity, supporting hierarchical packages and many more.2.2.2 ScapyAccording to Philippe Biondi ( 2009), Scapy is a powerful interactive packet manipulation program from Python program that be able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, match requests and replies, and much more. It can easily handle most classical tasks like scanning, tracerouting, probing, unit tests, attacks or network discovery.For this project, we foc utilize on 802.11 standard protocols. Scapy enable to sniff wireless network and refund the packet and can send it to the wireless network.2.3 Wireless Protocol2.3.1 IEEE 802.11IEEE 802.11 is a standard protocol for wireless LAN (WLAN), which is uses RF technology to transmit and gather in data over the air. Based on this standard protocol, it communicates between wireless client and a base stations or access point. There are several types of standard protocols which are 802.11a, 802.11b, 802.11g, and 802.11n. Here are briefly about types of standard protocols2.3.1.1 IEEE 802.11bIEEE 802.11b standard su pports maximum bandwidth 11Mbps in 2.4 Ghz. The proceeds of this protocol is lowest. Disadvantage using this protocol is lowest maximum speed because it may interfere if no determined the frequency band.2.3.1.2 IEEE 802.11a802.11a supports bandwidth up to 54 Mbps in 5 GHz. The advantage of this protocol is fast maximum speed. Disadvantage using this protocol is the cost is higher than IEE 802.11b2.3.1.3 IEE 802.11gIEE 802.11g standard supports maximum bandwidth 54Mbps in the 2.4 GHz band in maximum range. The advantage is signal range is better with fastest maximum speed. Disadvantage using this protocol is higher cost than IEEE 802.11b.2.3.1.4 IEEE 802.11nIEEE 802.11n is developed on previous IEEE 802.11 standards by adding MIMO. IEEE 802.11n despatchers high throughput wireless transmission at 100Mbps 200 Mbps. It is better performance compared with IEE 802.11g.2.4 802.11 Frame2.4.1 Frame headerEachframecontainsastandardheaderasshowninFigure2.1Figure 2.1 Frame Headerfrom http// technet.microsoft.com/en-us/library/cc757419(WS.10).aspxTheframe headercontainsalltheinformationneededtogettheframe towhereitisgoingand throw in the towelthereceivertounderstandwhat messagetheframeiscarrying.Frame Control FC contains control information used for defining the type of 802.11 MAC frame and providing information necessary. FC sector as shown in Figure 2.2Figure 2.2 Frame Control Fieldfrom http//technet.microsoft.com/en-us/library/cc757419(WS.10).aspxThe details of frame control field as followsProtocol adaptation Protocol Version provides the current version of the 802.11 protocol used.Type and Subtypes It is determines the function of the frame. There are three main different of type fields which are control, data and management and breaks into multiple subtypes.Three values of type field00 Management01 Control10 Data11 Reserved/UnusedBreaks into subtype field00/0000 Management/Association Request00/1000 Management/Authentication00/1100 Management/Deauthent ication01/1011 Control/Request To Send (RTS)10/0000 Data/DataTo DS and from DS Specifytheaddressingtypeofthe frame, either the frame is going to or exiting from the DS.More Fragments Shows more fragments of the frame, either data or management type.Retry Retransmitted either data or management frame types.Power Management shows whether the sending station is in active mode or power-save mode.More Data shows to a station in power-save mode that the AP has more frames to send. It is also used for APs to show that additional broadcast/multicast frames are to follow.WEP shows whether or not encryption and authentication are used in the frame.Order Shows that all received data frames must be processed in order.Duration/ID Shows the remaining duration needed to receive the future(a) frame transmission.Sequence Control (SEQ) SEQ usedforfragmentationand packetreassembly.Frame body The frame body contains the data or information include in either management type or data type frames.F rame Check Sequence (FCS) The transmitting STA uses a cyclic redundancy check (CRC) over all the fields of the MAC header and the frame body field to generate the FCS value.2.4.2 Beacon FrameBeacon frames are identified by the type field being set to 0 (Management Frame) and subtype of 8. Beacon frame are used by access point to advertise its presence and relay information, such as timestamp, SSID, and other parameters based on access point to radio NICs that are within range. Radio NICs continually scan all 802.11 radio convey and listen to beacons as the basis for choosing which access point is best to associate with.According to Robin Wood (2007), peoplemostly believe that turningoffbeaconswillhidetheirnetworkfromattacksastheir SSID will no longer be broadcast. Unfortunately, SSID is transmitted in clear text in all management frames and when the network is hidden while there is no data being transmitted, attacker can collect a management frame they can find in network SSID.2.5 Wireless LAN component2.5.1 Access pointWireless access point (WAP) is a basically hardware equipment that gets wireless devices to colligate to a wired network using Wi-Fi, Bluetooth or related standards. In a wireless network, an access point sends and receives signals to any number of other, local wireless devices. These are normally adapters and routers. The WAP is commonly use in offices, homes and educational institutions. WAP devices use in IEEE 802.11 standards.2.6 Wireless Network SniffingWireless Sniffer is captures the data on wireless network without being detected. Wireless network sniffing works in 802.11, Ethernet as the physical and data link layers which is able of surveying raw packets (RFMON support), which include any prism2 based card (Linksys, D-Link, Rangelan, etc), Cisco Aironet cards, and Orinoco based cards.Moreover, sniffing can also service of process find the easy kill as in scanning for open access points that allow anyone to connect, or capturing the passwords used in a connection session that does not even use WEP, or in telnet, rlogin and ftp connections. Sniffing wireless network usually used by the attackers to capture the data and get the suspend information from the beacon frame. There are several techniques used to sniff the wireless network. almost of them are as follows-Passive ScanningPassive scanning is the first steps used to sniff the wireless networks. It is turn to mode RF into manage mode that allows every frame appearing on a channel to be copied as the radio of the station tunes to various channels. A station in supervise mode can capture packets without associating with an AP or ad-hoc network. When the transmission of the data in the form of radio waves starts the attackers can scan the whole data passively and carry on the sniffing process.The so-called promiscuous mode allows the capture of all wireless packets of an associated network. In this mode, packets cannot be read until authentication and a ssociation are completed. With the help of this data sniffer can easily decodes the secret information of the wireless networks.SSID DetectionAfter scan the data transmitted, it can detect the list of service set identifier (SSID) in the particular wireless network. The SSID shown in the Beacon frames is set to null in the hope of making the WLAN invisible unless a client already knows the correct SSID.When the Beacon displays a null SSID, there are two possibilities. Eventually, an Associate Request may appear from a legitimate station that already has a correct SSID. To such a request, there will be an Associate Response frame from the AP. Both frames will contain the SSID in the clear, and the attacker sniffs these.If the station wishes to join any available AP, it sends Probe Requests on all channels, and listens for Probe Responses that contain the SSIDs of the APs. The station considers all Probe Responses, just as it would have with the non-empty SSID Beacon frames, to selec t an AP. Normal association then begins. The attacker usually waits to sniff these Probe Responses and extract the SSIDs. Otherwise, if the beacon transmission is disabled, the attacker has two choices. The attacker can keep sniffing waiting for a voluntary Associate Request to appear from a legal station that already has a correct SSID and sniff that SSID.Collection of MAC addressesAfter detecting the SSID, sniffer now take steps to sniff the wireless network by collecting the required MAC addresses with the help of passive scanning and also with the help of different types of software. The collected of MAC address used for constructing spoofed frame by using specific tool. In wireless sniffing, there are some reasons why attacker collects all the MAC address. Some of the reasons are the attacker used sniffing to hide his or her identity and their access points. The other reason, access points used in collecting the MAC would not be registered.2.7 Review of Previous Related Works2. 7.1 Author David MaynorTitle of report Beginners Guide to Wireless Auditing (2006)This paper is a theatre of how to find the vulnerabilities in wireless devices drivers with specific techniques. The researcher discuss on how to build auditing environment, how to construct tools and in conclusion how to interpret the results. On this paper, although this was done on Dell Latitude D610, the internal wireless card of the machine was not used. The researcher was used wireless card, Netgear WPN511 to set up auditing environment that is supported with madwifi drivers. The combination with LORCON (Loss Of Radio CONnectivity) ability to craft the packet from scratch. Moreover, after setting up the good environment with patch madwifi and LORCON, the researcher construct the script with Scapy to generate a simple frame and inject it. The researcher use Wireshark to see the packets injected.2.7.2 Author Shreeraj ShahTitle of Paper Secure Your Wireless Networks with Scapy Packet Manipulation (2007)According to Shreej Shah, Scapy is scriptable and easy to use compared with Kismet and Airodump-ng. This paper focused on intrusion detection by using proven techniques. There are two techniques can be employed which are passive sniffing and active packet injection. The researcher discussed only passive sniffing methodology. In this project, there are several steps are used in passive sniffing methodology as follows-Set up a station for radio frequency (RF) manage modeSniff packets and discover network access pointsDiscover hidden access points and SSID (service set identifier)Harvest MAC and IP addressesPerform ongoing intrusion detection with sniffing.2.7.3 Author Robin Wood, Robin and freedomsoftware.co.ukTitle Programming Wireless Security (2007)This paper discussed some programming techniques to build wireless security tools. The researchers construct the script by using Python and Ruby script. There are several techniques that are used by using both scripts including d eauthentication attack, sniffing wireless traffic and automating a Four-Way- Handshake capture. All the techniques will be brought together to create an applications to automate capturing an EAPOL handshake which can used to crack the Pre-Shared Key. This paper required several tools including Lorcon, Pylorcon, red lorcon and Scruby. Moreover, it also discussed about several issues on Scruby which means Ruby scripts will not work properly as exactly required.2.8 Summarizations of some Literature ReviewsNoAuthorYearProject TitleProject Similarities and Differences1.Peter Seebach2005Getting practical about wireless security, Part 1 Building a wireless sniffer with PerlIn this paper, lightweight wireless sniffer was build that runs on open source software. This paper show to use open source software by get information about on wireless network and identified the common security problem.2.TJ OConnor2010Detecting and Responding to Data Link LayerAttacksIn this paper, Scapy is used to e xamine network traffic for data link layer attacks with identifying signatures and anomalies on both wired and wireless networks.3.Petter Clutterbuck, Terry Rowlands, Owen Seamons2007Auditing the Data Confidentiality of Wireless Local commonwealth NetworksThis paper describes how the software auditing artefact uses on sampled data packets to product a very detailed evaluation of the level of data confidentiality in effect crossways the WLAN.4.Mingzhe Li, Mark Claypool, and Robert Kinicki2005How to Build and Use an IEEE 802.11 Wireless Network SnifferIn this paper, wireless sniffer is built on computers with Linux operating systems and prism GT-based wireless interface cards. The operating systems tested are SUSE (Novell) Linux release 9.0/9.1/9.2/10.0 and Linux Fedora Core 3 where the kernel version can be either 2.4.x or 2.6.x. The wireless network interface cards, Netgear WG 511 version 1 PCMCIA card and Allnet ALL0271 54Mbit Wireless PCI adapter are usedTable 2.1 Summarization of related Literature Review2.9 ConclusionAll the information self-collected from this literature review is very useful in order to identify potential information that can make this research more relevant. By judgment the scenario of past implementation, it will give a better view on how to achieve these research objectives and also inspire new ideas to be implemented or added into this research.CHAPTER 3METHODOLOGY3.0 IntroductionThis chapter presents about the methodology being used as a guideline to ensure the project will operate successfully. methodological analysis consists of hardware, software and method that being used in this research. We need to choose proper hardware and software to meet the research exigency. Methodology is very important part to audit the wireless network with sequence of phases. We need to follow all this phases in order to accomplish the final project with achieving the objective. We divide the methodology of our project to several phases, where e very phase will include the important activities and its significant to be done.3.1 Methodology PhaseIn this project, there are four phases of method that followed properly. First phase is planning, second phase is development, third phase is testing, fourth phase is result and evaluation and the last phase is documentation. All the course of the methodology phase will be implementing systematically and efficiently as its role is vital to ensure the process of finishing this project in time. These phases are illustrated in methodology overview in Figure 3.1(i) and Figure 3.1(ii).PLANNINGDEVELOPMENTTESTINGRESULT AND EVALUATIONDOCUMENTATIONFigure 3.1 Project Phase (i) keepDevelopmentTestingResult and EvaluationPlanningProblem AssessmentPreliminary study of Literature entrap OSInstall Python packageInstall Scapy packageConstruct scriptRun Scapy scriptSniff a list of access point.Sniff Intrusion DetectionWriting a reportProject ScopeProject ObjectiveProject PlanningDetermine hardware a nd software usedScapy script completedResult findingFinal report completed.Figure 3.1 Project Phase (ii)3.2 Research Methodology3.2.1 PlanningFor planning phase, the activity is to define the objective of project by identifying problem opinion and by preliminary study of literature review. The deliverable of this phase can identify research objective and scope and also project planning. It consists of3.2.1.1 Preliminary study of literature reviewThe purpose is to understanding the similar or related project to be done. We need to review and get the idea on how it can be implemented and find the objective, scope and others benefit can get for the project requirement. This preliminary study can review by journals, online resource (internet), articles or book.USERACCESS POINTUSERSNIFF3.2.2 DevelopmentDiagram 3.1 Structure of research project3.2.2 a Install operating systemWe install Ubuntu 10.10 with interactive lifelike User Interface (GUI) on the laptop. It is easier to update the latest package. All the latest package including Python will updated on Ubuntu10.10emailprotected sudo apt-get update3.2.2 b Install toolsWe install Scapy in Python program where the Scapy is interactive manipulation program that can construct with the shorter script compared to the other script. We install Python program as a main programming language and resides the finished package in it.a. Install Python 2.6 packageemailprotected sudo apt-get install pythonemailprotected cd /tmpemailprotected /tmp fetch http//www.secdev.org/projects/scapy/files/scapy-latest.tar.gzemailprotected /tmp tar xvzf scapy-latest.tar.gzemailprotected /tmp cd scapy-2.1.0emailprotected /tmp/scapy-2.1.0 python setup.py install b. Install python-scapy packageemailprotected sudo apt-get install python-libpcap c. Install libpcap and libdnet and their Python wrappers.emailprotected sudo apt-get install python-libdnetd. Install additional software for special features.emailprotected sudo apt-get install tcpdum p graphviz imagemagick python-gnuplot python-crypto python-pyx3.2.2 c Construct the scriptWe construct the script with Python program for sniffing and detect possible vulnerabilities. The script will run on Ubuntu 10.10 in root terminal.3.2.3 TestingTesting phase, the action is to test by sniffing wireless network in an area by running the completed script. Before we run the script, we need to setting up the station for radio frequency (FR) in monitor mode. We illustrates the steps in Figure 3.2Construct the scriptSetting up the station for Radio Frequency (RF) to monitor modeScript runEnter the commandGet the data from acces point including- parent of access pointSSIDchannelRadio TypeSecurity TypeSignalCollect the dataIntrusion Detection including-Discovering Rogue Access billDiscovering Dummy Access PointFigures 3.2 Steps for testing3.2.4 Result and EvaluationIn this phase, we come out with the result by running the script. We collect all the information about SSID, MAC address, channel, radio type, security type, signal from broadcast frame that send by multiple access point. Next, we can detect possible intrusion by running other script using a same scripting language.3.2.5 DocumentationIn this final phase, all the results and findings will be included in one report. From the documentation, the researcher can determine whether the project achieve the objectives or not.3.3 Hardware and Software RequiredTo execute this project successfully, some requirement need to be accomplish. Some of the requirement will be involving hardware and software. Hardwares that will be required are3.3.1 HardwareThis project will used laptop.Processor at least 1 Gigahertz of CPU speed.3GB of RAM250 Gigabyte of hard disk spaceIntel WiFi Link 5100 wireless network interface cardMotherboard that support the processorMonitorNetwork cable3.3.2 SoftwareThis project will be running on LINUX platformUbuntu 10.103.3.3 ToolsPython2.6Scapy3.4 ConclusionAs a conclusion, this chapter is ver y important to gather all related and relevant information required. All the information will be used in order to achieve the objectives of this research.CHAPTER 4RESULTS AND DISCUSSIONS4.0 IntroductionThis chapter discusses on the results gathered from this research, which is obtained by implementing the methods in Chapter 3. The result based on running completed script on Ubuntu10.10. It will display all the available information of access point actively in an area after sniffing it. Moreover we can detect all the possible intrusion with display the list of rogue access point and dummy access point.4.1 Sniff the wireless networkFirst of all we set up Radio Frequency (RF) into monitor mode which is in wlan0 interface. Next, we run the completed script that is already saved in root on Ubuntu 10.10 with the material body of file, sniffap.py. Then, we open the root terminal by enter ./sniffap.py wlan0. The result has shown in Figure 4.1Figure 4.1 Sniff Wireless Networkssniffap.py na me of saved filewlan0 monitor mode interfaceCHAPTER 5CONCLUSIONS AND RECOMMENDATIONS5.0 IntroductionThis final chapter discuss about the conclusion of this research. It also discusses the suggestions and recommendations that will help those who want to upgrade or refers to this project in the future.5.1 ConclusionAs you can see, having an effective wireless access policy is critical to the security of any organization that operates a wireless networks. Without appropriate policy, the attacker easily gain access the wireless networks.5.2 RecommendationThis project is hopefully can only use the fully script to get the data from the access point without purchase the tools. Moreover, the admin take the action to get access point more securely and get a better signal for client to access the Internet.