Construct A Script By Using Scapy Computer Science Essay

Wireless web by and large can be defined as a web which is set up by utilizing radio signal frequence to pass on among computing machines and other web devices. Wireless webs known as WiFi web or WLAN.

As a web grows and expands wireless webs are highly popular and easy to setup characteristic and no telegraphing involved. There are two chief constituents to entree the radio web which are wireless router or entree point and wireless clients. Wireless web usually used in 802.11a, 802.11b, 802.11g, and 802.11n criterions protocol.

Wireless web demands extremely security to transport all sorts of confidential informations which means at least enabling Wired Equivalent Privacy ( WEP ) on the entree point. Without proper execution of security steps, any radio web arranger coming within the scope can entree the cyberspace without permission. So, it will consequences in congestion and some of the authorised client can non entree the cyberspace. So, this research will make wireless web scrutinizing by whiffing some of the information within the entree point and observe possible invasions in Faculty of Computer and Mathematical Sciences.

1.1 Background

Wireless web is a web which is setup by utilizing radio signal frequence to pass on among multiple Stationss at one clip. In add-on, radio web referred as WiFi web or WLAN. Although we have enable WEP encoding on the entree point, there are still some failings which can be easy cleft by the users with the right equipment to check. The aggressor can whiff easy with several tools to check the watchword to interrupt in every bit unauthorised individual. In order to verify the right entree point scenes and detect invasions in footings of security in radio web, we construct the complete book to scrutinize wireless webs.

1.2 Problem Statement

Nowadays radio web become a tendency in communicating. Each radio system or entree point was setup with certain policies. It is difficult to verify whether each radio entree point apparatus right or non. Plus, nowadays we need to utilize many tools to verify the wireless entree point position. Furthermore, most of web admin does non look into back each radio entree point after its constellation. Furthermore, we need some tools to place the invasions that come where they are seeking to entree the Internet. Besides that, some of aggressors send burlesquing frame to seek entree the radio web. So, we can non place the aggressor ‘s MAC reference.

1.3 Research Aims

The chief aim of this undertaking is:

To build a book by utilizing Scapy

To whiff and to happen possible invasion on radio web related with wireless security.

1.4 Scope of the Research

This undertaking focuses in Faculty of Computer and Mathematical Sciences that has multiple entree points which will enables to whiff all the information on radio webs. We focuses on Data Link layer 2 to whiff the broadcast frame and place possible invasion.

The chief platform to run the tools: –

Ubuntu10.10

We are use two chief tools to build the book which are: –

Python2.6

Scapy

1.5 Significance of the Research

This undertaking is of import to derive cognition to build the complete book by utilizing Python2.6 and Scapy book. We can larn the easiest manner by utilizing this book with the shorter line compared to other book. This undertaking besides helps to larn 802.11 frame construction including beacon frame that has transmitted by the entree point.

1.6 Organization of Thesis

This undertaking divided into 5 chief chapters: –

Chapter 1: In this chapter, we discussed on the debut by and large of this subject. It includes job statement, aims, range and significance of the research.

Chapter 2: This chapter reviewed literature that relate to the subject with old researches. We include the similar of related surveies to our research.

Chapter 3: In 3rd chapter, we identify stuffs and methods that are described in methodological analysis stages in order to acquire the coveted information for the achievement of this research.

Chapter 4: In 4th chapter, we discusses on the findings of the research.

Chapter 5: Finally, the last chapter is focal points on the recommendations and suggestions where it will sum up the decision of the research.

1.7 Decision

This debut of this chapter had clearly explained the job statement, aims, range, and significances of the research. This chapter gives a clear position of the overall content of the research.

Chapter 2

LITERATURE REVIEW

2.0 Introduction

This chapter examines the old work done by anterior research worker in the field of scrutinizing radio web, security of radio web and any other related plants. Section 2.1 discuss on chief platform to put in the tools. Section 2.2 discuss on the tools to be usage to concept and run the book. Section 2.3 discuss on standard protocol fro radio Lan ( WLAN ) , IEE 802.11. Then, subdivisions 2.4 discuss on frame for 802.11, 2.5 Wireless LAN constituents, 2.6 Wireless Network Sniffing, 2.7 reappraisals for the related plants and in conclusion 2.8 Summarizations of Literature Reviews.

2.1 Platform

2.1.1 Ubuntu10.10

Ubuntu is a free operating system, developed by little squad developers who are established Linux Debian undertakings. This free operating system was developed to ease the usage of desktop Linux, Ubuntu. It developed based on the Debian GNU/Linux distribution and distributed as free and unfastened beginning package.

Most Ubuntu bundles are based on bundle from Debian. Both distributions are utilizing Debian ‘s deb bundle format and box direction tools, Apt and Synaptic. However, sometimes.deb bundles need to be rebuild from beginning to be used in Ubuntu.

Ubuntu have variant edition such as GNOME desktop, KDE edition, Kubuntu and server edition. In this undertaking, we use Ubuntu 10.10 as our platform to run all the tools in it.

2.2 Tools

2.2.1 Python

Python is the 1 of the scheduling linguistic communication that can construe in developing the applications such as web applications and incorporate the system more efficaciously. Python can run on Windows, Linux/Unix, Mac OS X. All the Python plans can be packaged into stand-alone feasible codification for many utilizing assorted tools.

In this undertaking, we use the latest version, Python2.6 tool to concept and run the complete book after install all the Python bundle in Ubuntu10.10. We use Python as a scheduling linguistic communication because it is most powerful linguistic communication and shorter to compose the codification than other linguistic communications. Compared to other scheduling linguistic communications, Python are clear sentence structure, intuitive object orientation, really high degree dynamic informations types, full modularity, back uping hierarchal bundles and many more.

2.2.2 Scapy

Harmonizing to Philippe Biondi ( 2009 ) , Scapy is a powerful synergistic package use plan from Python plan that be able to hammer or decrypt packages of a broad figure of protocols, send them on the wire, capture them, lucifer petitions and answers, and much more. It can easy manage most classical undertakings like scanning, tracerouting, examining, unit trials, onslaughts or web find.

For this undertaking, we focused on 802.11 standard protocols. Scapy enable to whiff radio web and bring forth the package and can direct it to the radio web.

2.3 Wireless Protocol

2.3.1 IEEE 802.11

IEEE 802.11 is a standard protocol for radio LAN ( WLAN ) , which is uses RF engineering to convey and have informations over the air. Based on this standard protocol, it communicates between wireless client and a base Stationss or entree point. There are several types of criterion protocols which are 802.11a, 802.11b, 802.11g, and 802.11n. Here are briefly about types of standard protocols:

2.3.1.1 IEEE 802.11b

IEEE 802.11b criterion supports maximal bandwidth 11Mbps in 2.4 Ghz. The advantage of this protocol is lowest. Disadvantage utilizing this protocol is lowest maximal velocity because it may interfere if no determined the frequence set.

2.3.1.2 IEEE 802.11a

802.11a supports bandwidth up to 54 Mbps in 5 GHz. The advantage of this protocol is fast maximal velocity. Disadvantage utilizing this protocol is the cost is higher than IEE 802.11b

2.3.1.3 IEE 802.11g

IEE 802.11g criterion supports maximal bandwidth 54Mbps in the 2.4 GHz set in maximal scope. The advantage is signal scope is better with fastest maximal velocity. Disadvantage utilizing this protocol is higher cost than IEEE 802.11b.

2.3.1.4 IEEE 802.11n

IEEE 802.11n is developed on old IEEE 802.11 criterions by adding MIMO. IEEE 802.11n offers high throughput radio transmittal at 100Mbps – 200 Mbps. It is better public presentation compared with IEE 802.11g.

2.4 802.11 Frame

2.4.1 Frame heading

EachA frameA containsA aA standardA headerA asA shownA inA FigureA 2.1

Figure 2.1 Frame Header

from hypertext transfer protocol: //technet.microsoft.com/en-us/library/cc757419 ( WS.10 ) .aspx

TheA frame headerA containsA allA theA informationA neededA toA getA theA frame toA whereA itA isA goingA andA allowA theA receiverA toA understandA what messageA theA frameA isA carrying.

Frame Control – FC contains command information used for specifying the type of 802.11 MAC frame and supplying information necessary. FC field as shown in Figure 2.2

Figure 2.2 Frame Control Field

from hypertext transfer protocol: //technet.microsoft.com/en-us/library/cc757419 ( WS.10 ) .aspx

The inside informations of frame control field as follows:

Protocol Version – Protocol Version provides the current version of the 802.11 protocol used.

Type and Subtypes – It is determines the map of the frame. There are three chief different of type Fieldss which are control, informations and direction and interrupt into multiple subtypes.

Three values of type field:

00 – Management

01 – Control

10 – Datas

11 – Reserved/Unused

Breaks into subtype field:

00/0000 – Management/Association Request

00/1000 – Management/Authentication

00/1100 – Management/Deauthentication

01/1011 – Control/Request To Send ( RTS )

10/0000 – Data/Data

To DS and from DS – SpecifyA theA addressingA typeA ofA the frame, either the frame is traveling to or go outing from the DS.

More FragmentsA – Shows more fragments of the frame, either informations or direction type.

Retry – Retransmitted either informations or direction frame types.

Power ManagementA – shows whether the directing station is in active manner or power-save manner.

More DataA – shows to a station in power-save manner that the AP has more frames to direct. It is besides used for APs to demo that extra broadcast/multicast frames are to follow.

WEPA – shows whether or non encoding and hallmark are used in the frame.

OrderA – Shows that all received informations frames must be processed in order.

Duration/ID – Shows the staying continuance needed to have the following frame transmittal.

Sequence Control ( SEQ ) – SEQ usedA forA fragmentationA and packetA reassembly.

Frame organic structure – The frame organic structure contains the information or information included in either direction type or informations type frames.

Frame Check Sequence ( FCS ) – The transmission STA uses a cyclic redundancy cheque ( CRC ) over all the Fieldss of the MAC heading and the frame organic structure field to bring forth the FCS value.

2.4.2 Beacon Frame

Beacon frames are identified by the type field being set to 0 ( Management Frame ) and subtype of 8. Beacon frame are used by entree point to publicize its presence and relay information, such as timestamp, SSID, and other parametric quantities based on entree point to radio NICs that are within scope. Radio NICs continually scan all 802.11 wireless channels and listen to beacons as the footing for taking which entree point is best to tie in with.

Harmonizing to Robin Wood ( 2007 ) , peopleA largely believe that turningA offA beaconsA willA hideA theirA networkA fromA attacksA asA their SSID will no longer be broadcast. Unfortunately, SSID is transmitted in clear text in all direction frames and when the web is hidden while there is no information being transmitted, aggressor can roll up a direction frame they can happen in web SSID.

2.5 Wireless LAN constituent

2.5.1 Access point

Wireless entree point ( WAP ) is a fundamentally hardware equipment that allows wireless devices to link to a wired web utilizing Wi-Fi, Bluetooth or related criterions. In a radio web, an entree point sends and receives signals to any figure of other, local radio devices. These are normally arrangers and routers. The WAP is normally usage in offices, places and educational establishments. WAP devices use in IEEE 802.11 criterions.

2.6 Wireless Network Sniffing

Wireless Sniffer is captures the information on radio web without being detected. Wireless web whiffing plants in 802.11, Ethernet as the physical and informations nexus beds which is able of describing natural packages ( RFMON support ) , which include any prism2 based card ( Linksys, D-Link, Rangelan, etc ) , Cisco Aironet cards, and Orinoco based cards.

Furthermore, whiffing can besides assist happen the easy putting to death as in scanning for unfastened entree points that allow anyone to link, or capturing the watchwords used in a connexion session that does non even utilize WEP, or in telnet, rlogin and ftp connexions. Sniffing wireless web normally used by the aggressors to capture the informations and acquire the appropriate information from the beacon frame. There are several techniques used to whiff the radio web. Some of them are as follows: –

Passive Scaning

Passive scanning is the first stairss used to whiff the radio webs. It is turn to mode RF into proctor manner that allows every frame looking on a channel to be copied as the wireless of the station melodies to assorted channels. A station in proctor manner can capture packages without tie ining with an AP or ad-hoc web. When the transmittal of the informations in the signifier of wireless moving ridges starts the aggressors can scan the whole information passively and transport on the sniffing procedure.

The alleged promiscuous manner allows the gaining control of all wireless packages of an associated web. In this manner, packages can non be read until hallmark and association are completed. With the aid of this information sniffer can easy decrypt the secret information of the radio webs.

SSID Detection

After scan the information transmitted, it can observe the list of service set identifier ( SSID ) in the peculiar radio web. The SSID shown in the Beacon frames is set to null in the hope of doing the WLAN unseeable unless a client already knows the right SSID.A When the Beacon displays a void SSID, there are two possibilities.A Finally, an Associate Request may look from a legitimate station that already has a right SSID.A To such a petition, there will be an Associate Response frame from the AP.A Both frames will incorporate the SSID in the clear, and the aggressor snuffs these.A

If the station wishes to fall in any available AP, it sends Probe Requests on all channels, and listens for Probe Responses that contain the SSIDs of the APs.A The station considers all Probe Responses, merely as it would hold with the non-empty SSID Beacon frames, to choose an AP. Normal association so begins.A The aggressor normally waits to whiff these Probe Responses and pull out the SSIDs. Otherwise, if the beacon transmittal is disabled, the aggressor has two choices.A The aggressor can maintain whiffing waiting for a voluntary Associate Request to look from a legal station that already has a right SSID and snuff that SSID.A

Collection of MAC references

After observing the SSID, sniffer now take stairss to whiff the radio web by roll uping the needed MAC addresses with the aid of inactive scanning and besides with the aid of different types of package. The collected of MAC reference used for building spoofed frame by utilizing specific tool. In radio sniffing, there are some grounds why aggressor collects all the MAC reference. Some of the grounds are the aggressor used whiffing to conceal his or her individuality and their entree points. The other ground, entree points used in roll uping the MAC would non be registered.

2.7 Review of Previous Related Works

2.7.1 Writer: David Maynor

Title of Paper: “ Beginner ‘s Guide to Wireless Auditing ” ( 2006 )

This paper is a survey of how to happen the exposures in wireless devices drivers with specific techniques. The research worker discuss on how to construct scrutinizing environment, how to build tools and eventually how to construe the consequences. On this paper, although this was done on Dell Latitude D610, the internal radio card of the machine was non used. The research worker was used wireless card, Netgear WPN511 to put up scrutinizing environment that is supported with madwifi drivers. The combination with LORCON ( Loss Of Radio CONnectivity ) ability to craft the package from abrasion. Furthermore, after puting up the good environment with spot madwifi and LORCON, the research worker concept the book with Scapy to bring forth a simple frame and shoot it. The research worker usage Wireshark to see the packages injected.

2.7.2 Writer: Shreeraj Shah

Title of Paper: “ Procure Your Wireless Networks with Scapy Packet Manipulation ” ( 2007 )

Harmonizing to Shreej Shah, Scapy is scriptable and easy to utilize compared with Kismet and Airodump-ng. This paper focused on invasion sensing by utilizing proved techniques. There are two techniques can be employed which are inactive sniffing and active package injection. The research worker discussed merely inactive whiffing methodological analysis. In this undertaking, there are several stairss are used in inactive whiffing methodological analysis as follows: –

Set up a station for wireless frequence ( RF ) proctor manner

Sniff packages and discover web entree points

Discover hidden entree points and SSID ( service set identifier )

Harvest MAC and IP references

Perform ongoing invasion sensing with sniffing.

2.7.3 Writer: Robin Wood, Robin and freedomsoftware.co.uk

Title: “ Programing Wireless Security ” ( 2007 )

This paper discussed some programming techniques to construct wireless security tools. The research workers construct the book by utilizing Python and Ruby book. There are several techniques that are used by utilizing both books including deauthentication onslaught, whiffing radio traffic and automatizing a Four-Way- Handshake gaining control. All the techniques will be brought together to make an applications to automatize capturing an EAPOL handshaking which can used to check the Pre-Shared Key. This paper required several tools including Lorcon, Pylorcon, ruby lorcon and Scruby. Furthermore, it besides discussed about several issues on Scruby which means Ruby books will non work decently every bit precisely required.

2.8 Summarizations of some Literature Reviews

No

Writer

Year

Undertaking Title

Undertaking Similarities and Differences

1.

Peter Seebach

2005

Geting practical about wireless security, Part 1: Building a radio sniffer with Perl

In this paper, lightweight radio sniffer was build that runs on unfastened beginning package. This paper show to utilize unfastened beginning package by acquiring information about on radio web and identified the common security job.

2.

TJ OConnor

2010

Detecting and Reacting to Data Link Layer

Attacks

In this paper, Scapy is used to analyze web traffic for informations link bed onslaughts with placing signatures and anomalousnesss on both wired and wireless webs.

3.

Petter Clutterbuck, Terry Rowlands, Owen Seamons

2007

Auditing the Data Confidentiality of Wireless Local Area Networks

This paper describes how the package scrutinizing artefact utilizations on sampled informations packages to merchandise a really elaborate rating of the degree of informations confidentiality in consequence across the WLAN.

4.

Mingzhe Li, Mark Claypool, and Robert Kinicki

2005

How to Construct and Use an IEEE 802.11 Wireless Network Sniffer

In this paper, radio sniffer is built on computing machines with Linux runing systems and prism GT-based radio interface cards. The operating systems tested are SUSE ( Novell ) Linux release 9.0/9.1/9.2/10.0 and Linux Fedora Core 3 where the meats version can be either 2.4.x or 2.6.x. The radio web interface cards, Netgear WG 511 version 1 PCMCIA card and Allnet ALL0271 54Mbit Wireless PCI arranger are used

Table 2.1: Summarization of related Literature Review

2.9 Decision

All the information gathered from this literature reappraisal is really utile in order to place possible information that can do this research more relevant. By understanding the scenario of past execution, it will give a better position on how to accomplish these research aims and besides animate new thoughts to be implemented or added into this research.

Chapter 3

Methodology

3.0 Introduction

This chapter presents about the methodological analysis being used as a guideline to guarantee the undertaking will run successfully. Methodology consists of hardware, package and method that being used in this research. We need to take proper hardware and package to run into the research demand. Methodology is really of import portion to scrutinize the radio web with sequence of stages. We need to follow all this phases in order to carry through the concluding undertaking with accomplishing the aim. We divide the methodological analysis of our undertaking to several stages, where every stage will include the of import activities and it ‘s important to be done.

3.1 Methodology Phase

In this undertaking, there are four stages of method that followed decently. First stage is be aftering, 2nd stage is development, 3rd stage is proving, 4th stage is consequence and rating and the last stage is certification. All the flow of the methodological analysis stage will be implementing consistently and expeditiously as its function is critical to guarantee the procedure of completing this undertaking in clip. These stages are illustrated in methodological analysis overview in Figure 3.1 ( I ) and Figure 3.1 ( two ) .

Planning

Development

Testing

RESULT AND EVALUATION

Documentation

Figure 3.1 Undertaking Phase ( I )

Documentation

Development

Testing

Consequence and Evaluation

Planing

Problem Assessment

Preliminary survey of Literature

Install OS

Install Python bundle

Install Scapy bundle

Construct book

Run Scapy book

Sniff a list of entree point.

Sniff Intrusion Detection

Writing a study

Project Scope

Undertaking Objective

Undertaking Planing

Determine hardware and package used

Scapy book completed

Consequence happening

Concluding study completed.

Figure 3.1 Undertaking Phase ( two )

3.2 Research Methodology

3.2.1 Planning

For be aftering stage, the activity is to specify the aim of undertaking by placing job appraisal and by preliminary survey of literature reappraisal. The deliverable of this stage can place research aim and range and besides undertaking planning. It consists of:

3.2.1.1 Preliminary survey of literature reappraisal

The intent is to understanding the similar or related undertaking to be done. We need to reexamine and acquire the thought on how it can be implemented and happen the aim, range and others benefit can acquire for the undertaking demand. This preliminary survey can reexamine by diaries, on-line resource ( cyberspace ) , articles or book.

User

ACCESS POINT

User

SNIFF3.2.2 Development

Diagram 3.1: Structure of research undertaking

3.2.2 [ a ] Install operating system

We install Ubuntu 10.10 with synergistic Graphical User Interface ( GUI ) on the laptop. It is easier to update the latest bundle. All the latest bundle including Python will updated on Ubuntu10.10

root @ ubuntu: ~ # sudo apt-get update

3.2.2 [ B ] Install tools

We install Scapy in Python plan where the Scapy is synergistic use plan that can build with the shorter book compared to the other book. We install Python plan as a chief scheduling linguistic communication and resides the full bundle in it.

a. Install Python 2.6 bundle

root @ ubuntu: ~ # sudo apt-get install python

root @ ubuntu: ~ # cadmium /tmp

root @ ubuntu: /tmp # fetch hypertext transfer protocol: //www.secdev.org/projects/scapy/files/scapy-latest.tar.gz

root @ ubuntu: /tmp # pitch xvzf scapy-latest.tar.gz

root @ ubuntu: /tmp # cadmium scapy-2.1.0

root @ ubuntu: /tmp/scapy-2.1.0 # python setup.py install B. Install python-scapy bundle

root @ ubuntu: ~ # sudo apt-get install python-libpcap c. Install libpcap and libdnet and their Python negligees.

root @ ubuntu: ~ # sudo apt-get install python-libdnet

d. Install extra package for particular characteristics.

root @ ubuntu: ~ # sudo apt-get install tcpdump graphviz imagemagick python-gnuplot python-crypto python-pyx

3.2.2 [ degree Celsiuss ] Construct the book

We construct the book with Python plan for whiffing and detect possible exposures. The book will run on Ubuntu 10.10 in root terminus.

3.2.3 Testing

Testing stage, the action is to prove by whiffing radio web in an country by running the completed book. Before we run the book, we need to puting up the station for wireless frequence ( FR ) in proctor manner. We illustrates the stairss in Figure 3.2

Construct the book

Puting up the station for Radio Frequency ( RF ) to supervise manner

Script tally

Enter the bid

Get the information from acces point including: –

Name of entree point

SSID

channel

Radio Type

Security Type

Signal

Roll up the informations:

Intrusion Detection including: –

Detecting Rogue Access Point

Detecting Dummy Access Point

Figures 3.2 Stairss for proving

3.2.4 Result and Evaluation

In this stage, we come out with the consequence by running the book. We collect all the information about SSID, MAC reference, channel, wireless type, security type, signal from broadcast frame that send by multiple entree point. Following, we can observe possible invasion by running other book utilizing a same scripting linguistic communication.

3.2.5 Documentation

In this concluding stage, all the consequences and findings will be included in one study. From the certification, the research worker can find whether the undertaking achieve the aims or non.

3.3 Hardware and Software Required

To put to death this undertaking successfully, some demand demand to be accomplish. Some of the demand will be affecting hardware and package. Hardware ‘s that will be required are:

3.3.1 Hardware

This undertaking will used laptop.

Processor at least 1 Gigahertz of CPU velocity.

3GB of Random-access memory

250 Gigabyte of difficult disc infinite

Intel WiFi Link 5100 radio web interface card

Motherboard that support the processor

Proctor

Network overseas telegram

3.3.2 Software

This undertaking will be running on LINUX platform:

Ubuntu 10.10

3.3.3 Tools

Python2.6

Scapy

3.4 Decision

As a decision, this chapter is really of import to garner all related and relevant information required. All the information will be used in order to accomplish the aims of this research.

Chapter 4

RESULTS AND DISCUSSIONS

4.0 Introduction

This chapter discusses on the consequences gathered from this research, which is obtained by implementing the methods in Chapter 3. The consequence based on running completed book on Ubuntu10.10. It will expose all the available information of entree point actively in an country after whiffing it. Furthermore we can observe all the possible invasion with show the list of rogue entree point and dummy entree point.

4.1 Sniff the radio web

First of all we set up Radio Frequency ( RF ) into proctor manner which is in wlan0 interface. Following, we run the completed book that is already saved in root on Ubuntu 10.10 with the name of file, sniffap.py. Then, we open the root terminus by enter./sniffap.py wlan0. The consequence has shown in Figure 4.1

Figure 4.1 Sniff Wireless Networks

sniffap.py – name of saved file

wlan0 – proctor manner interface

Chapter 5

CONCLUSIONS AND RECOMMENDATIONS

5.0 Introduction

This concluding chapter discuss about the decision of this research. It besides discusses the suggestions and recommendations that will assist those who want to upgrade or refers to this undertaking in the hereafter.

5.1 Decision

As you can see, holding an effectual wireless entree policy is critical to the security of any organisation that operates a radio webs. Without appropriate policy, the aggressor easy derive entree the radio webs.

5.2 Recommendation

This undertaking is hopefully can merely utilize the to the full book to acquire the information from the entree point without purchase the tools. Furthermore, the admin take the action to acquire entree point more firmly and acquire a better signal for client to entree the Internet.