Changes between Version 114 and Version 115 of AnonymityModule


Ignore:
Timestamp:
Jul 7, 2011 1:17:14 PM (13 years ago)
Author:
TTaggart
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • AnonymityModule

    v114 v115  
    9898
    9999=== Direct Client-to-Server Traffic ===
    100 Then type the command `sudo tcpdump -i eth0 -s 0 -x -w /tmp/direct.pcap.` This will begin listening to the traffic that comes through this node and that specific ethernet link, eth0 in the example, write the data out to the file direct.pcap in the tmp diretory.  For more help with `tcpdump` type in the command `man tcpdump`  At this time, the person connected to Alice will enter the command `wget --no-proxy http://server1/cgi-bin/ip.cgi` This saves a local copy of the web page set up on the server, and by doing so generates HTTP traffic to examine. We were able to listen in on this traffic thanks to the `tcpdump` command. Then the users connected to Server1 will enter the command `cp /tmp/direct.pcap .` This will copy the file with the sniffed data into the users directory. We'll analyze what this data looks like and can tell us at a later time. However if you want to analyze this data now before we sniff more, proceed to Step 3 on this page.
     100Then type the command `sudo tcpdump -i eth0 -s 0 -x -w /tmp/direct.pcap` This will begin listening to the traffic that comes through this node and that specific ethernet link, eth0 in the example, write the data out to the file direct.pcap in the tmp diretory.  For more help with `tcpdump` type in the command `man tcpdump`  At this time, the person connected to Alice will enter the command `wget --no-proxy http://server1/cgi-bin/ip.cgi` This saves a local copy of the web page set up on the server, and by doing so generates HTTP traffic to examine. We were able to listen in on this traffic thanks to the `tcpdump` command. Then the users connected to Server1 will enter the command `cp /tmp/direct.pcap .` This will copy the file with the sniffed data into the users directory. We'll analyze what this data looks like and can tell us at a later time. However if you want to analyze this data now before we sniff more, proceed to Step 3 on this page.
    101101[[BR]]To reiterate, the commands are:
    102  * `sudo tcpdump -i eth0 -s 0 -x -w /tmp/direct.pcap.` from the server
     102 * `sudo tcpdump -i eth0 -s 0 -x -w /tmp/direct.pcap` from the server
    103103 * `wget --no-proxy http://server1/cgi-bin/ip.cgi` from Alice
    104104 * `cp /tmp/direct.pcap .` from the server after closing the tcpdump
    105105
    106106=== Client-to-Server Traffic through a Proxy ===
    107 Now we'll use a proxy to make this traffic a bit more anonymous.  A proxy will mask the source and destination of the traffic from both the client and the server by working as a go between for the two nodes.  Repeat the `tcpdump` command `sudo tcpdump -i eth0 -s 0 -x -w /tmp/throughproxy.pcap.` However, now the user connected to Alice should enter the command `env http_proxy=http://proxy:8888 wget http://server1/cgi-bin/ip.cgi` This command changes an environmental setting and sends the `wget` command through the proxy on port 8888.  Thanks to the `tcpdump` command, we have a copy of this traffic as well. Then the user on the Server1 node should enter `cp /tmp/throughproxy.pcap .` This saves us a copy of the data.
     107Now we'll use a proxy to make this traffic a bit more anonymous.  A proxy will mask the source and destination of the traffic from both the client and the server by working as a go between for the two nodes.  Repeat the `tcpdump` command `sudo tcpdump -i eth0 -s 0 -x -w /tmp/throughproxy.pcap` However, now the user connected to Alice should enter the command `env http_proxy=http://proxy:8888 wget http://server1/cgi-bin/ip.cgi` This command changes an environmental setting and sends the `wget` command through the proxy on port 8888.  Thanks to the `tcpdump` command, we have a copy of this traffic as well. Then the user on the Server1 node should enter `cp /tmp/throughproxy.pcap .` This saves us a copy of the data.
    108108[[BR]]Again, in order:
    109  * `sudo tcpdump -i eth0 -s 0 -x -w /tmp/direct.pcap.` from the server
     109 * `sudo tcpdump -i eth0 -s 0 -x -w /tmp/direct.pcap` from the server
    110110 * `env http_proxy=http://proxy:8888 wget http://server1/cgi-bin/ip.cgi` from Alice
    111111 * `cp /tmp/direct.pcap .` from the server after closing the tcpdump
     
    113113=== Client-to-Server Traffic through Tor ===
    114114We will now use [https://www.torproject.org/ Tor] to
    115 onion route the data. As the name suggests onion routing alters the data flow through a minimum of 3 relays, each adding another layer of anonymity, because the packets of data only know the address of the next relay and the previous relay. Repeat the `tcpdump` command `sudo tcpdump -i eth0 -s 0 -x -w /tmp/throughtor.pcap` . Now, the user on Alice should use the command `torify wget http://server/cgi-bin/ip.cgi` And then `cp /tmp/throughtor.pcap .` from the server node.
     115onion route the data. As the name suggests onion routing alters the data flow through a minimum of 3 relays, each adding another layer of anonymity, because the packets of data only know the address of the next relay and the previous relay. Repeat the `tcpdump` command `sudo tcpdump -i eth0 -s 0 -x -w /tmp/throughtor.pcap` Now, the user on Alice should use the command `torify wget http://server/cgi-bin/ip.cgi` And then `cp /tmp/throughtor.pcap .` from the server node.
    116116[[BR]]In order:
    117  * `sudo tcpdump -i eth0 -s 0 -x -w /tmp/direct.pcap.` from the server
     117 * `sudo tcpdump -i eth0 -s 0 -x -w /tmp/direct.pcap` from the server
    118118 * `torify wget http://server/cgi-bin/ip.cgi` from Alice
    119119 * `cp /tmp/direct.pcap .` from the server after closing the tcpdump
     
    163163[[Image(readwireshark.png)]]
    164164
    165 Highlight one of the HTTP packets, then expand the Hypertext Transfer Protocol section. Here we can read that the command `wget` and the user was trying to access `http://server1/cgi-bin/ip.cgi`. So, even though the server doesn't know where the request came from, we still know what the command is.
     165Highlight one of the HTTP packets, then expand the Hypertext Transfer Protocol section. Here we can read that the command `wget` and the user was trying to access `http://server1/cgi-bin/ip.cgi` So, even though the server doesn't know where the request came from, we still know what the command is.
    166166
    167167== More on Your Own ==