Changes between Version 59 and Version 60 of AnonymityModule


Ignore:
Timestamp:
Jun 30, 2011 3:44:33 PM (13 years ago)
Author:
jhudson
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • AnonymityModule

    v59 v60  
    2626
    2727=== Direct Client-to-Server Traffic ===
    28 Then type the command `sudo tcpdump -i eth0 -s 0 -x -w /tmp/direct.pcap` This will begin listening to the traffic that comes through this node and that specific ethernet link, eth0 in the example, and write the data out to the file direct.pcap in the tmp diretory.  At this time, the person connected to Alice will enter the command `wget --no-proxy http://server1/cgi-bin/ip.cgi` This saves a local copy of the web page set up on the server, and by doing so generates HTTP traffic to examine. We were able to listen in on this traffic thanks to the `tcpdump` command. We'll analyze what this data looks like and can tell us at a later time.
     28Then type the command `sudo tcpdump -i eth0 -s 0 -x -w /tmp/direct.pcap` and then`cp /tmp/direct.pcap .` This will begin listening to the traffic that comes through this node and that specific ethernet link, eth0 in the example, write the data out to the file direct.pcap in the tmp diretory, and then copy it into the users directory.  At this time, the person connected to Alice will enter the command `wget --no-proxy http://server1/cgi-bin/ip.cgi` This saves a local copy of the web page set up on the server, and by doing so generates HTTP traffic to examine. We were able to listen in on this traffic thanks to the `tcpdump` command. We'll analyze what this data looks like and can tell us at a later time.
    2929
    3030=== Client-to-Server Traffic through a Proxy ===
    31 Now we'll use a proxy to make this traffic a bit more anonymous.  A proxy will mask the source and destination of the traffic from both the client and the server by working as a go between for the two nodes.  Repeat the `tcpdump` command `sudo tcpdump -i eth0 -s 0 -x -w /tmp/throughproxy.pcap` from the server node. However, now the user connected to Alice should enter the command `env http_proxy=http://proxy:8888 wget http://server1/cgi-bin/ip.cgi` This command changes an environmental setting and sends the `wget` command through the proxy on port 8888.  Thanks to the `tcpdump` command, we have a copy of this traffic as well.
     31Now we'll use a proxy to make this traffic a bit more anonymous.  A proxy will mask the source and destination of the traffic from both the client and the server by working as a go between for the two nodes.  Repeat the `tcpdump` command `sudo tcpdump -i eth0 -s 0 -x -w /tmp/throughproxy.pcap` and then `cp /tmp/throughproxy.pcap .` from the server node. However, now the user connected to Alice should enter the command `env http_proxy=http://proxy:8888 wget http://server1/cgi-bin/ip.cgi` This command changes an environmental setting and sends the `wget` command through the proxy on port 8888.  Thanks to the `tcpdump` command, we have a copy of this traffic as well.
    3232
    3333=== Client-to-Server Traffic through Tor ===
    3434We will now use [https://www.torproject.org/ Tor] to
    35 onion route the data. As the name suggests onion routing alters the data flow through a minimum of 3 relays, each adding another layer of anonymity, because the packets of data only know the address of the next relay and the previous relay. Repeat the `tcpdump` command `sudo tcpdump -i eth0 -s 0 -x -w /tmp/throughtor.pcap` from the server node. Now, the user on Alice should use the command `torify wget http://server/cgi-bin/ip.cgi` 
     35onion route the data. As the name suggests onion routing alters the data flow through a minimum of 3 relays, each adding another layer of anonymity, because the packets of data only know the address of the next relay and the previous relay. Repeat the `tcpdump` command `sudo tcpdump -i eth0 -s 0 -x -w /tmp/throughtor.pcap` and `cp /tmp/throughtor.pcap .` from the server node. Now, the user on Alice should use the command `torify wget http://server/cgi-bin/ip.cgi` 
    3636
    3737
    3838== Step 3 Analyzing the Traffic Data ==
    39 So now we have collected HTTP network traffic data from 3 different connections: direct, through a proxy, and through the Tor network.  Now, it's time to analyze that data.  We will do this using [http://www.wireshark.org/ Wireshark].
     39So now we have collected HTTP network traffic data from 3 different connections: direct, through a proxy, and through the Tor network.  Now, it's time to analyze that data.  We will do this using [http://www.wireshark.org/ Wireshark]. To access this data we need to use the SSH Secure File Transfer Client
     40
     41[[Image(sshclientstart.png)]]
     42
     43Click on the Quick Connect Button
     44
     45[[Image(sshclientlogon.png)]]
     46
     47It should look like this. Click Connect, and enter your password when prompted.  In the right column, you should see three files: direct.pcap, throughproxy.pcap, and throughtor.pcap. Copy these files and place them on your desktop.  Then open up Wireshark.