Changes between Version 115 and Version 116 of AnonymityModule


Ignore:
Timestamp:
Jul 7, 2011 4:07:28 PM (13 years ago)
Author:
TTaggart
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • AnonymityModule

    v115 v116  
    3939For this exercise, we are going to set up a network with 11 different nodes.  2 nodes will be client nodes, Alice and Bob, which will be making HTTP requests from 2 other nodes, Server1 and Server2, which will be running Apache2.  There will be a proxy node running tinyproxy, 4 nodes running the Tor program, and 2 routers. Once we set up the network, we will set up tinyproxy on the proxy node and Apache2 on the 2 Server nodes.  Then we will have Alice make HTTP requests of the Server1 node directly, through the proxy, and through the Tor network, while we sniff the requests.  The "Wide Area" should be treated as a cloud of an unknown number of computers and routers, representing a large network where we are just highlighting the nodes used for Tor. We will then analyze this data using Wireshark to determine who is communicating and what they are saying.
    4040
    41 == Step 1 Setting Up the Network ==
     41== Step 1 Editing your NS file ==
     42
     43
     44== Step 2 Setting Up the Network ==
     45
    4246Swap in the Experiment using [attachment:anonymous.ns this NS file]
    4347  [[Image(wan.php3)]] [[Image(networksetup.png)]]
     
    8589This will run a script which installs and sets up [https://banu.com/tinyproxy/ tinyproxy] on the node. Tinyproxy is a free program and is designed to be small and easy to operate. The proxy is now set up!  We'll get to using it in a little while.
    8690
    87 == Step 2 Generating and Listening to Network Traffic ==
     91== Step 3 Generating and Listening to Network Traffic ==
    8892We are now ready to begin learning! [[BR]]
    8993The topics to be covered are
     
    98102
    99103=== Direct Client-to-Server Traffic ===
    100 Then type the command `sudo tcpdump -i eth0 -s 0 -x -w /tmp/direct.pcap` This will begin listening to the traffic that comes through this node and that specific ethernet link, eth0 in the example, write the data out to the file direct.pcap in the tmp diretory.  For more help with `tcpdump` type in the command `man tcpdump`  At this time, the person connected to Alice will enter the command `wget --no-proxy http://server1/cgi-bin/ip.cgi` This saves a local copy of the web page set up on the server, and by doing so generates HTTP traffic to examine. We were able to listen in on this traffic thanks to the `tcpdump` command. Then the users connected to Server1 will enter the command `cp /tmp/direct.pcap .` This will copy the file with the sniffed data into the users directory. We'll analyze what this data looks like and can tell us at a later time. However if you want to analyze this data now before we sniff more, proceed to Step 3 on this page.
     104Then type the command `sudo tcpdump -i eth0 -s 0 -x -w /tmp/direct.pcap` This will begin listening to the traffic that comes through this node and that specific ethernet link, eth0 in the example, write the data out to the file direct.pcap in the tmp diretory.  For more help with `tcpdump` type in the command `man tcpdump`  At this time, the person connected to Alice will enter the command `wget --no-proxy http://server1/cgi-bin/ip.cgi` This saves a local copy of the web page set up on the server, and by doing so generates HTTP traffic to examine. We were able to listen in on this traffic thanks to the `tcpdump` command. Then the users connected to Server1 will enter the command `cp /tmp/direct.pcap .` This will copy the file with the sniffed data into the users directory. We'll analyze what this data looks like and can tell us at a later time. However if you want to analyze this data now before we sniff more, proceed to Step 4 on this page.
    101105[[BR]]To reiterate, the commands are:
    102106 * `sudo tcpdump -i eth0 -s 0 -x -w /tmp/direct.pcap` from the server
     
    120124
    121125
    122 == Step 3 Analyzing the Traffic Data ==
     126== Step 4 Analyzing the Traffic Data ==
    123127So now we have collected HTTP network traffic data from 3 different connections: direct, through a proxy, and through the Tor network.  Now, it's time to analyze that data.  We will do this using [http://www.wireshark.org/ Wireshark].  Wireshark is a network packet analyzer, it takes captured packets (or captures its own) and then analyzes and displays the data in the packets.  Displaying the information allows the Wireshark user to ensure that no harmful communication is being used against the system or to even spy on a system.  To access this data we need to use the SSH Secure File Transfer Client
    124128