Graphics Programs Reference
In-Depth Information
0x0020 8018 438a 4c8c 0000 0101 080a 0007 1feb ..C.L...........
0x0030 000e 10d1 3233 3020 5573 6572 206c 6565 ....230.User.lee
0x0040 6368 206c 6f67 6765 6420 696e 2e0d 0a ch.logged.in...
Data transmitted over the network by services such as telnet, FTP, and
POP3 is unencrypted. In the preceding example, the user
leech
is seen logging
into an FTP server using the password
l8@nite
. Since the authentication pro-
cess during login is also unencrypted, usernames and passwords are simply
contained in the data portions of the transmitted packets.
tcpdump
is a wonderful, general-purpose packet sniffer, but there are
specialized sniffing tools designed specifically to search for usernames and
passwords. One notable example is Dug Song's program,
dsniff
, which is
smart enough to parse out data that looks important.
reader@hacking:~/booksrc $ sudo dsniff -n
dsniff: listening on eth0
-----------------
12/10/02 21:43:21 tcp 192.168.0.193.32782 -> 192.168.0.118.21 (ftp)
USER leech
PASS l8@nite
-----------------
12/10/02 21:47:49 tcp 192.168.0.193.32785 -> 192.168.0.120.23 (telnet)
USER root
P
ASS 5eCr3t
0x441 Raw Socket Sniffer
So far in our code examples, we have been using stream sockets. When
sending and receiving using stream sockets, the data is neatly wrapped in a
TCP/IP connection. Accessing the OSI model of the session (5) layer, the
operating system takes care of all of the lower-level details of transmission,
correction, and routing. It is possible to access the network at lower layers
using raw sockets. At this lower layer, all the details are exposed and must be
handled explicitly by the programmer. Raw sockets are specified by using
SOCK_RAW
as the type. In this case, the protocol matters since there are multiple
options. The protocol can be
IPPROTO_TCP
,
IPPROTO_UDP
, or
IPPROTO_ICMP
. The
following example is a TCP sniffing program using raw sockets.
raw_tcpsniff.c
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include "hacking.h"
int main(void) {
int i, recv_length, sockfd;
