The following virtual machines are required for completion of this lab: Exercise I: Mapping a Network Topology Using

Module 08: Sniffers Objective The objective of this lab is to make students learn to sniff a network and analyze packets for any attacks on the network. The primary objectives of this lab are to: Sniff the network Analyze incoming and outgoing packets Troubleshoot the network for performance Secure the network from attacks Scenario Since you are an expert Ethical Hacker and PenetrationTester, your IT director instructs you to sniff a network and analyze if there is evidence of any of the following on the network: MAC attacks, DHCP attacks, ARP poisoning, spoofing, or DNS poisoning. Virtual Machines The following virtual machines are required for completion of this lab: 1. 2008 Server (10.10.10.1) 2. Windows 7 (10.10.10.31) 3. 2003 Server (10.10.10.61) 4. NAT Exercise I: Mapping a Network Topology Using Look@LAN Lab Scenario To be an expert Ethical Hacker and Penetration Tester, you must have sound knowledge of sniff network packets, perform ARP poisoning, spoof the network and DNS poisoning. Lab Objectives The objective of this lab is to reinforce concepts of network security policy, policy enforcement and policy audits. 1. Log on to Windows Server 2003

Switch to Windows Server 2003 (10.10.10.61) machine from Machines tab in the right pane of the window. 2. Enter Credentials Go to Machine Commands and click Ctrl+Alt+Del. In the log on box enter the following credentials and click Enter. User Name: Administrator Password: Pa$$w0rd You can also use the Machine Commands menu to enter the user name and password. 3. Install Look@LAN To install Look@LAN navigate, to Z:\CEHv7 Module 08 Sniffers\Network Topology\lookatlan. Double-click on lalsetup250.exe to install Look@LAN. Follow the wizard driven installation steps to install Look@LAN. Z:\ drive is mapped network drive containing the CEH tools. 4. Launch Look@LAN To launch Look@LAN, navigate to Start --> All Programs --> Look@LAN --> Look@LAN. 5. Create New Profile To creata new profile click Create New Profile from Look@LAN wizard 6. New Profile Settings In New Profile settings select the target machine IP. In this lab, it is Windows Server 2003 (10.10.10.61) and click Next. 7. Starts Sniffing The tool will start sniffing details on the machine A window will open with a list of IP addresses. Click Hide button at the bottom of the window 8. View Statistics

Go to View menu from menu bar and select Statistics. The Statistics will list down the number of Online and Offline machines in the right pane. 9. View Network settings Go to Settings and click Network Settings from the menu bar it displays the network confirguration. 10. Trapping Configuration Go to Settings and select Trapping Configuration from the menu bar. The Trapping configuration window will list down the General and Mail option available for trapping. 11. Quick Host Scan Go to Tools and select Quick Host Scan. 12. Input the Host IP Input the Host IP as 10.10.10.61 (Windows Server 2003) and click Analyze. 13. Proof Scan After scanning is completed it displays Proof Scan wizard. Close the Proof Scan wizard. 14. View Graphs Lab Analysis To view graphical statistics go to Tools menu and select Show graphs. In this lab you have reinforced concepts of network security policy, policy enforcement and policy audits. Exercise II: Sniffing the Network Using the Colasoft Packet Builder Lab Scenario To be an expert Ethical Hacker and Penetration Tester, you must have sound knowledge of sniffing network packets, performing ARP poisoning, spoofing the network, and DNS poisoning. Lab Objectives

The objective of this lab is to reinforce concepts of network security policy, policy enforcement and policy audits. 1. Logon to Windows Server 2003 Switch to Windows Server 2003 (10.10.10.61) machine from Machines tab in the right pane of the window. 2. Enter Credentials Go to Machine Commands and click Ctrl+Alt+Del. In the log on box enter the following credentials and press Enter. User Name: Administrator Password: Pa$$w0rd You can also use the Machine Commands menu to enter your user name and password. 3. Install Colasoft Packet Builder To install Colasoft Packet Builder, navigate to Z:\CEHv7 Module 08 Sniffers\Sniffing Tools\TCP-IP Packet Crafter\Packet Builder. Double-click on pkbuilder10_build166.exe file. Follow the wizard driven installation steps to install Colasoft Packet Builder. Z:\ drive is mapped network drive containig the CEH tools. 4. Launch Colasoft Packer Builder To launch Colasoft Packer Builder, navigate to Start --> All Programs --> Colasoft Packet Builder 1.0 --> Colasoft Packet Builder 1.0. 5. Check the Adapter settings Before starting of your task, check the Adapter settings from Send option and click Select default adapter to set it to the default from the menu bar. 6. Select Adapter Select the approriate adapter from the drop down list and click OK button. 7. Create Packet To add or create the packet, click Add in the menu section.

8. Adding Packet When an Add Packet dialog box pops up, you need to select the template and click OK. 9. Added Packets You can view the added packets list on your right-hand side of your window. 10. Decode Editor Colasoft Packet Builder allows you to edit decoding information in the two editors: Decode Editor and Hex Editor left hand side of the window. 11. Send All Packets To send all packets at one time, click Send All from the menu bar. Check the Burst Mode option in Send All Packets dialog window, and then click Start. 12. Export All Packets To export the packets sent from the file menu, click File --> Export --> All Packets. 13. Save Packets Lan Analysis Save the packets at your desired location click on Save button to save. In this lab you have performed network sniffing using the Colasoft Packet Builder. Exercise III: Sniffing the Network Using the OmniPeek Network Analyzer Lab Scenario To be an expert Ethical Hacker and Penetration Tester, you must have sound knowledge of sniffing network packets, performing ARP poisoning, spoofing the network, and DNS poisoning. Lab Objectives The objective of this lab is to reinforce concepts of network security policy, policy enforcement, and policy audits. 1. Logon to Windows Server 2003

Switch to Windows Server 2003 (10.10.10.61) machine from Machines tab in the right pane of the window. 2. Enter Credentials Go to Machine Commands and click Ctrl+Alt+Del. In the log on box enter the following credentials and press Enter. User Name: Administrator Password: Pa$$w0rd You can also use the Machine Commands menu to enter the user name and password. 3. Install OmniPeekNetwork Analyzer To install OmniPeekNetwork Analyzer, navigate to Z:\CEHv7 Module 08 Sniffers\Sniffing Tools\Packet Sniffing Tool\OmniPeek Network Analyzer. Double-click on OmniPeek607demo.exe to install. Follow the wizard driven installation steps to install OmniPeekNetwork Analyzer. Z:\ drive is mapped network drive containing the CEH tools 4. Launch OmniPeekNetwork Analyzer To launch OmniPeekNetwork Analyzer, navigate to Start --> All Programs --> WildPackets OmniPeek Demo. 5. OmniPeek Main Window OmniPeek evaluation version warning window will appear click OK or close to continue. 6. Create an OmniPeek capture Create an OmniPeek capture window as follows: o Click New Capture on the main screen of OmniPeek. o View the general options in the OmniPeek Capture Options dialog box when it appears. o Leave the default general settings and click OK. 7. Start Capture Now, Click Start Capture to begin capturing packets. The Start Capture tab turns to Stop Capture and traffic statistics begin to populate the Network Dashboard in the capture window of OmniPeek.

8. View Captured Packets To view captured packets, click the Capture tab views in the navigation bar, where you can view expert and statistical analysis of the data, the Peer Map display and more. 9. View Captured Packets To view the captured packets, select Packets in a Capture section of the Dashboard at the left hand-side of the window. Similarly, you can view Log, Filters, Hierarchy, and Peer Map by selecting the respective options in the same Dashboard. You can view the Nodes and Protocols from the Statistics section of the Dashboard. 10. Saving Report To save the result, go to File --> Save Report. 11. Report Type Lab Analysis Select format type of the report and click Save button. In this lab you have performed network sniffing using the OmniPeek Network Analyzer. Exercise IV: Spoofing MAC Address Using SMAC Lab Scenario To be an expert Ethical Hacker and Penetration Tester, you must spoof MAC addresses, sniff network packets, and perform ARP poisoning, network spoofing and DNS poisoning. Lab Objectives The objective of this lab is to reinforce concepts of network security policy, policy enforcement, and policy audits. In this lab, you will learn how to spoof the MAC address. 1. Logon to Windows Server 2008 Switch to Windows Server 2008 (10.10.10.1) machine from Machines tab in the right pane of the window.

2. Enter Credentials Go to Machine Commands and click Ctrl+Alt+Del. In the log on box enter the following credentials and press Enter. User Name: Administrator Password: Pa$$w0rd You can also use the Machine Commands menu to enter the user name and password. 3. Install SMAC To install SMAC, navigate to E:\CEHv7 Module 08 Sniffers\MAC Spoofing Tools\SMAC. Double-click smac27beta_setup.exe and follow the wizard-driven installation steps to install SMAC. 4. Launch SMAC To launch SMAC, navigate to Start --> All Programs --> KLC --> SMAC 2.7. 5. Accept the SMAC 2.7 License Agreement Click I Accept button on the License Agreement of SMAC. 6. SMAC 2.0 Registration Click Proceed button on SMAC 2.0 Registration wizard. 7. Choose a Network Adapter Choose a network adapter to spoof MAC address. To generate a random MAC address, click Random, which also inputs into the New Spoofed MAC Address to simplify MAC Address Spoofing 8. New Spoofed MAC Address You can able to see new spoofed MAC address left hand side of the window 9. Network Connection or Adapter Section The network connection or adapter displays the network connection name. Click << or >> icon. The display changes to show network adapter information. These buttons toggles between network adapter and network connection information.

10. Hardware ID and Configuration ID Click << or >>. The display changes to show Configuration ID information. This button toggles between Hardware ID and Configuration ID. 11. IPConfig To bring up the ipconfig information, click IPConfig. 12. IPConfig window The IPConfig window pops up. You can also save the information by clicking on the File menu at the top of the window. 13. MAC List You can also import the MAC address list into SMAC by clicking MAC List. 14. Load List If there is no address in the MAC address field, click Load List to select a MAC address list file you have created. 15. Sample MAC Address List From the browse window select Sample_MAC_Address_List.txt file and click Open button. 16. MAC List It displays the sample MAC Addresses loaded in MAC List window. 17. Select MAC Address Select any one the MAC address from the list and click Select button. 18. Restart Adapter Lab Analysis To restart Network Adapter, click Restart Adapter, which restarts the selected Network Adapter. You cause a temporary disconnection problem for your Network Adapter. In this lab you have performed MAC Address Spoofing using SMAC.

Exercise V: Sniffing a Network Using the WinArpAttacker Tool Lab Scenario To be an expert Ethical Hacker and Penetration Tester, you must have sound knowledge of Footprinting, network protocols and their topology, TCP and UDP services, routing tables, remote access (SSH or VPN), and authentication mechanisms. Lab Objectives The objectives of this lab are to: Scan, Detect, Protect, and Attack computers on local area networks (LANs): Scan and show the active hosts on the LAN within a very short time period of 2-3 seconds Save and load computer list files, and save the LAN regularly for a new computer list Update the computer list in passive mode using sniffing technology Freely provide information regarding the type of operating systems they employ? Discover the kind of firewall, wireless access point and remote access Discover any published information on the topology of the network Discover if the site is seeking help for IT positions that could give information regarding the network services provided by the organization Identify actual users and discover if they give out too much personal information, which could be used for social engineering purposes~ 1. Logon to Windows Server 2008 Switch to Windows Server 2008 (10.10.10.1) machine from Machines tab in the right pane of the window. 2. Enter Credentials Go to Machine Commands and click Ctrl+Alt+Del. In the log on box enter the following credentials and press Enter. User Name: Administrator Password: Pa$$w0rd You can also use the Machine Commands menu to enter the user name and password. 3. Install WinPcap To install WinPcap, navigate to E:\CEHv7 Lab Prerequisites\WinPcap.

Double-click WinPcap_4_1_2.exe and follow the wizard-driven installation steps to install WinPcap. 4. Launch WinArpAttacker To launch WinArpAttacker, navigate to E:\CEHv7 Module 08 Sniffers\ARP Poisoning Tools\WinArpAttacker. Double-click WinArpAttacker.exe to launch WinArpAttacker. 5. Scanning Hosts on the LAN Click the Scan option from the toolbar menu and select Scan LAN. The scan shows active hosts on the LAN in a very short period of time (2-3 seconds). The Scan option has two modes: Normal scan and Antisniff scan. 6. Scanning Saves and Loads Scanning saves and loads a computer list file and also scans the LAN regularly for new computer lists. 7. ARP Attack By performing attack action, scanning can pull and collect all the packets on the LAN. Select a Host (10.10.10.61 Windows Server 2003) from the displayed list and select Attack --> Flood Make sure that Windows Server 2003 (10.10.10.61) is running before running this lab. 8. Data Sniffed by Spoofing and Forwarded Scanning acts as another gateway or IP-forwarder without other user recognition on the LAN, while spoofing ARP tables. All the data sniffed by spoofing and forwarded by the WinArpAttackerIP-forward functions are counted, as shown in the main interface. 9. Saving Report Lab Analysis Click Save to save the report. In this lab you have performed network sniffing using the WinArpAttacker Tool.

You have now: Scanned, Detected, Protected, and Attacked computers on local area networks (LANs): Scanned and showed the active hosts on the LAN within a very short time period of 2-3 seconds Saved and loaded computer list files, and saved the LAN regularly for a new computer list Updated the computer list in passive mode using sniffing technology Freely provided information regarding the type of operating systems they employ Discovered the kind of firewall, wireless access point and remote access Discovered any published information on the topology of the network Discovered if the site is seeking help for IT positions that could give information regarding the network services provided by the organization Identified actual users and discovered if they give out too much personal information, which could be used for social engineering purposes Exercise VI: Analyzing a Network Using the Colasoft Capsa Network Analyzer Lab Scenario To be an expert Ethical Hacker and Penetration Tester, you must have sound knowledge of sniffing, network protocols and their topology, TCP and UDP services, routing tables, remote access (SSH or VPN) and authentication mechanisms. Lab Objectives The objective of this lab is to obtain information regarding the target organization that includes, but is not limited to: Network traffic analysis, Network communication monitoring Network problem diagnosis Network security analysis Network performance detection Network protocol analysis~ 1. Logon to Windows Server 2008 Switch to Windows Server 2008 (10.10.10.1) machine from Machines tab in the right pane of the window.

2. Enter Credentials Go to Machine Commands and click Ctrl+Alt+Del. In the log on box enter the following credentials and press Enter. User Name: Administrator Password: Pa$$w0rd You can also use the Machine Commands menu to enter the user name and password. 3. Install Colasoft Capsa Network Analyzer To install Colasoft Capsa Network Analyzer, navigate to E:\CEHv7 Module 08 Sniffers\Sniffing Tools\Packet Sniffing Tool\Capsa Network Analyzer. Double-click capsa_ent_7.2.1.2299_demo.exe and follow the wizard-driven installation steps to install Colasoft Capsa Network Analyzer. 4. Launch Colasoft Capsa Network Analyzer To launch Colasoft Capsa Network Analyzer, navigate to Start --> All Programs --> Colasoft Capsa 7 Demo --> Colasoft Capsa 7 Demo. 5. Welcome Screen Click Buy Later or Close button on the Welcome screen to continue. 6. Create New Project In the Capture tab of the main window, select the Local Area Connection check box in Adapters and click Play located at the bottom-right of the window, which creates a New Project 7. Analysis Report You can view the analysis report in a graphical format in the Dashboard section of Node Explorer. 8. Summary Tab The Summary tab shows full analysis and statistics. 9. Diagnosis Tab View the performance of protocols with the Diagnosis tab.

10. Protocol Tab You can view an analysis of protocols on the Protocol tab. 11. IP Endpoint The IP Endpoint tab displays statistics of all IP addresses communicating within the Network. On IP Endpoint tab, you can easily find the nodes with the highest traffic volumes, and check if there is a multicast storm or broadcast storm in your network. 12. IP Conversation The IP Conversation tab presents IP conversations between pairs of nodes. The lower pane of the IP Conversation section offers UDP and TCP conversation, which you can drill down to analyze. 13. TCP Conversation The TCP Conversation tab dynamically presents the real-time status of TCP conversations between pairs of nodes. The lower pane on this tab offers related packets, time sequence charts, and reconstructed data flow to help you drill down to analyze the conversations. 14. UDP Conversation The UDP Conversation tab dynamically presents the real-time status of UDP conversations between two nodes. The lower pane of this tab gives you related packets and reconstructed data flow to help you drill down to analyze conversations. 15. Matrix Tab In the Matrix tab, you can view the nodes communicating in the network by connecting them in lines graphically. The weight of the line indicates the volume of traffic between nodes arranged in an extensive ellipse. You can easily navigate and shift between global statistics and details of specific network nodes by switching corresponding nodes in the Node Explorer window. 16. Packet Tab

The Packet tab provides original information for any packet. It consists of three major parts: Summary Decode, Hex/ASCII/EBCDIC Decode and Field Decode. 17. Log Tab The Log tab provides an Email Log, FTP Log, DNS Log and HTTP Log. You can view the logs of TCP conversations, web access, DNS transactions and email communications. 18. Report Tab The Report tab provides 27 statistics reports from the global network to a specific network node. You can view this display in 2D or 3D style of line charts or area charts. A new feature of this tab allows you to create reports on demand. 19. Stop Lab Analysis Click Stop on the main window after completing your task. In this lab you have analyzed a network using the Colasoft Capsa Network Analyzer. You have performed: Network traffic analysis Network communication monitoring Network problem diagnosis Network security analysis Network performance detection Network protocol analysis Exercise VII: Sniffing Passwords using Wireshark Lab Scenario To be an expert Ethical Hacker and Penetration Tester, you must have sound knowledge of sniffing Network Packets, performing ARP Poisoning, spoofing network and DNS poisoning. Lab Objectives

The objective of this lab is to demonstrate Sniffing technique to capture from multiple interfaces and data collection from any network topology. 1. Logon to Windows Server 2008 Switch to Windows Server 2008 (10.10.10.1) machine from Machines tab in the right pane of the window. 2. Enter Credentials Go to Machine Commands and click Ctrl+Alt+Del. In the log on box enter the following credentials and press Enter. User Name: Administrator Password: Pa$$w0rd You can also use the Machine Commands menu to enter the user name and password. 3. Install Wireshark To install Wireshark, navigate to E:\CEHv7 Module 08 Sniffers\Sniffing Tools\Wireshark. Double-click wireshark.exe and follow the wizard-driven installation steps to install WireShark. 4. Launch Wireshark Launch Wireshark in Windows Server 2008 (IP address: 10.10.10.1) (Host Machine). To launch, click Start --> All Programs --> Wireshark --> Wireshark 5. Capture Interfaces From the Wireshark menu bar, click Capture --> Interfaces... 6. Wireshark: Capture Interfaces In the Wireshark Capture Interfaces box, find Ethernet Driver Interface that is connected to the system. Click Start button in that interface s line. 7. Traffic Information The wireshark displays the traffic captured.

8. Analyzing Captured Files Now, click --> Stop button or you can stop the session from Capture tab and click --> Stop 9. Analyze the Captured Files Now, navigate to File option and click --> Open to analyze the captured files 10. Wireshark pop-up Save Capture file before opening a new one pop-up appears click Contiue without Saving button 11. Sample Capture File For this lab, the sample captured file of telnet is located at E:\CEHv7 Module 08 Sniffers\Wireshark Sample Capture Files\telnet-cooked.pcap Now, select sample captured file of Telnet and click --> Open as shown in below figure 12. Observe the Password Telnet traffic is generated as shown in below figure Now, browse to Frame number 29, and right click --> Follow TCP Stream 13. Follow TCP Stream Lab Analysis In Follow TCP Stream wizard, find the Login and Password option that extracted In this lab you have performed Sniffing to capture from multiple interfaces and data collection from any network topology. Exercise VIII: Performing Man-In-The-Middle Attack using Cain & Abel Lab Scenario To be an expert Ethical Hacker and Penetration Tester you must have sound knowledge of sniffing, network protocols and their topology, TCP and UDP services, routing tables, remote access (SSH or VPN), authentication mechanism and encryption techniques.

Lab Objectives The objective of this lab to accomplish the following: Sniff network traffic and perform ARP Poisoning Launch Man-in-the-Middle attack Sniff network for password~ 1. Logon to Windows 7 Switch to Windows 7 (10.10.10.31) machine from Machines tab of the right pane of your window. 2. Enter Credentials In the log on box enter the following credentials and press Enter. User Name: Administrator Password: Pa$$w0rd You can also use the Machine Commands menu to enter the user name and password. 3. Switch to Windows Server 2003 Switch to Windows Server 2003 machine from Machines tab in the right pane of the window. 4. Enter Credentials Go to Machine Commands and click Ctrl+Alt+Del. In the log on box enter the following credentials and press Enter. User Name: Administrator Password: Pa$$w0rd You can also use the Machine Commands menu to enter the user name and password. 5. Logon to Windows Server 2008 Switch to Windows Server 2008 (10.10.10.1) machine from Machines tab in the right pane of the window. You can use Machine Commands Ctrl + Alt + Del to login 6. Enter Credentials

In the log on box enter the following Credentials and press Enter User Name: Administrator Password: Pa$$w0rd Once you login to Windows Server 2008 (10.10.10.1) machine server manager window will pop-up, close server manager window. You can use the Machine Commands menu to enter your user name and password 7. Install WinPcap To install WinPcap, navigate to E:\CEHv7 Lab Prerequisites\WinPcap. Double-click WinPcap_4_1_2.exe and follow the wizard-driven installation steps to install WinPcap. 8. Install Cain & Abel To install Cain & Abel, navigate to E:\CEHv7 Module 08 Sniffers\ARP Poisoning Tools\Cain and Abel. Double-click ca_setup.exe and follow the wizard-driven installation steps to install Cain & Abel. 9. Launch Cain & Abel To launch Cain & Abel navigate to Start --> All Programs --> Cain --> Cain 10. Configure Ethernet Card When you first open Cain & Abel, you will notice a series of tabs near the top of the window. To configure Ethernet Card, click Configure from menu bar. 11. Configuration Dialog Box Configuration Dialog window consists of several tabs. Click Sniffer tab to select sniffing adapter. Select adapter and click Apply and OK. 12. Start Sniffing To start sniffing click Start/Stop Sniffer icon from the menu bar. And open Sniffer tab

13. Click + (Add to List) icon Now click + icon to Scan for MAC Addresses from the menu bar or Right click on the dashboard and select Scan MAC Addresses from context menu 14. MAC Addresses Scanner MAC Addresses Scanner wizard opens select All hosts in my subnet option or select Range option from Target section. From Promiscuous-Mode Scanner section check All Tests option then click OK button. If you are selecting a Range option then you must provide the IP range of your network. In this lab we have selected Range option and we have provided a range of 10.10.10.1 to 10.10.10.90 15. APR Tab After scanning is complete, a list of detected MAC addresses is displayed. Now click on APR tab from the bottom of cain & abel window. + (Add to List) icon will disabled in this tab. 16. Activate + (Add to List) icon To activate this + (Add to List) icon click any where in the dashboard it will activate. 17. Click + (Add to List) icon Click + (Add to List) icon to open New ARP Poison Routing wizard. 18. New ARP Poison Routing In New ARP Poison Routing wizard select Windows Server 2003 (10.10.10.61) from the left pane. After selecting Windows Server 2003 (10.10.10.61) IP Address then in right pane it displays Windows 7 (10.10.10.31) IP address. Now select Windows 7 IP Address from the right pane and click OK button 19. Start APR Poisoning

Now click Start/Stop APR button to start APR poisoning as shown in the following figure. After clicking on Start/Stop APR button note down the packets generated. 20. Switch to Windows Server 2003 Switch to Windows Server 2003 (10.10.10.61) machine through Machines tab from the right pane of the window 21. Launch Command Prompt Launch Command Prompt in Windows Server 2003 (10.10.10.61) and in command prompt type this command ping 10.10.10.31 and press Enter 10.10.10.31 is represents Windows 7 IP address 22. Switch to Windows Server 2008 Switch to Windows Server 2008 (10.10.10.1) machine through Machines tab from the right pane of the window. After switching to Windows Server 2008 you can observe some packets are captured in Cain & Abel. 23. Switch to Windows Server 2003 Switch to Windows Server 2003 (10.10.10.61) machine through Machines tab from the right pane of the window. 24. Launch IIS Manager To launch IIS Manager, navigate to Start --> Administrative Tools --> Internet Information Services (IIS) Manager. 25. FTP Site Service In IIS Manager window select FTP Sites from the left pane and check whether the FTP service is running. If it is not running right-click on Default FTP Site and select the Start option from the context menu. 26. Switch to Windows 7

Switch to Windows 7 (10.10.10.31) machine from Machines tab from the right pane of the window. 27. Launch Firefox Launch Firefox browser in Windows 7 (10.10.10.31) machine and type ftp://10.10.10.61 in the address bar and press Enter. 10.10.10.61 represents Windows Server 2003 IP address 28. Authentication Required In Authentication Required pop-up enter the credentials of Windows Server 2003 (10.10.10.61) machine and click OK button. Enter these Credentials User Name: Administrator Password: Pa$$w0rd 29. Switch to Windows Server 2008 Switch to Windows Server 2008 (10.10.10.1) machine from Machines tab from the right pane of the window. 30. Observe the Packets Now check with the Packets in Cain & Abel. 31. Passwords Tab Click Passwords tab at bottom 32. Captured Password Lab Analysis Select FTP from the left pane under Passwords. Now check for the ftp://10.10.10.61 accessed from the Windows 7 machine (10.10.10.31). It will display the password that you have entered at Authentication Required pop-up. In this lab you have accomplished the following: Sniffed network traffic and performed ARP Poisoning. You have now:

Launched Man-in-the-Middle attack Sniffed network for password