To simulate an eavesdropping attack using OMNeT++, which contains modeling a scenario in which an attacker inactively intercepts and observes network traffic among communicating hosts without changing the information. Eavesdropping attacks, also called as packet sniffing, that permit the attacker to access sensitive data like passwords, session tokens, or private messages if the traffic is not encrypted.
Below is a common procedure on how to simulate an eavesdropping attack project using OMNeT++.
Steps to Simulate Eavesdropping Attack Projects in OMNeT++
- Set Up OMNeT++ and INET Framework
- Install OMNeT++: We download and install OMNeT++ from the OMNeT++ official website.
- Install INET Framework: The INET framework offers the essential models for networking protocols that are necessary for replicating communication among the hosts. We can download INET from the INET GitHub page or install it using OMNeT++’s package manager.
- Understand the Eavesdropping Attack
An eavesdropping attack contains an attacker listening to network traffic among two or more hosts. It can be done in numerous ways:
- Passive Monitoring: The attacker monitors packets as they traverse a shared network segment, likea router or a switch.
- Packet Sniffing: The attacker captures network traffic utilizing packet capture tools and then examine the content of the packets.
- Define Network Topology (NED File)
Make a network topology, which encompasses two or more communicating hosts and an attacker node, which is placed in the network to eavesdrop on the communication among the hosts.
Example NED File for Eavesdropping Attack Simulation:
network EavesdroppingAttackNetwork
{
submodules:
hostA: StandardHost {
@display(“i=device/pc”);
}
hostB: StandardHost {
@display(“i=device/pc”);
}
router: Router {
@display(“i=abstract/router”);
}
attacker: StandardHost {
@display(“i=device/laptop”);
}
connections:
hostA.pppg++ <–> PointToPointLink <–> router.pppg++;
hostB.pppg++ <–> PointToPointLink <–> router.pppg++;
attacker.pppg++ <–> PointToPointLink <–> router.pppg++; // Attacker listens to traffic
}
In this topology:
- hostA and hostB are legitimate devices that communicating with each other.
- router forwards traffic among the hosts.
- attacker is connected to the router and can intercept the traffic among the two hosts.
- Configure Hosts to Generate Traffic
To replicate communication among the legitimate hosts, set up them to exchange network traffic (e.g., TCP, UDP, or ICMP), which the attacker can intercept.
Example Configuration in omnetpp.ini:
[General]
network = EavesdroppingAttackNetwork
sim-time-limit = 100s
# Configure hostA to send TCP traffic to hostB
*.hostA.numTcpApps = 1
*.hostA.tcpApp[0].typename = “TcpBasicClientApp”
*.hostA.tcpApp[0].connectAddress = “hostB”
*.hostA.tcpApp[0].connectPort = 80 # HTTP-like traffic
*.hostA.tcpApp[0].sendBytes = 1000000 # Send 1MB of data
# Configure hostB to receive traffic from hostA
*.hostB.numTcpApps = 1
*.hostB.tcpApp[0].typename = “TcpBasicServerApp”
*.hostB.tcpApp[0].localPort = 80
In this configuration:
- hostA transmits 1 MB of TCP traffic to hostB over port 80, replicating normal web traffic.
- hostB performs as a server that listens on port 80 and receives the data.
- Implement Eavesdropping Functionality for the Attacker
The attacker node requires to be able to intercept and examine packets passing among the legitimate hosts. It can be done by making a custom PacketSniffer module, which captures all traffic flowing via the attacker.
Example C++ Code for Eavesdropping Attack (Packet Sniffer):
class Eavesdropper : public cSimpleModule
{
protected:
virtual void initialize() override;
virtual void handleMessage(cMessage *msg) override;
void analyzePacket(cPacket *pkt);
};
void Eavesdropper::initialize()
{
EV << “Eavesdropper initialized. Listening to traffic…\n”;
}
void Eavesdropper::handleMessage(cMessage *msg)
{
// Capture incoming packet
cPacket *pkt = check_and_cast<cPacket*>(msg);
analyzePacket(pkt);
// Forward packet to the next node without altering it
send(pkt, “out”);
}
void Eavesdropper::analyzePacket(cPacket *pkt)
{
// Log packet details (e.g., sender, receiver, content)
EV << “Eavesdropped packet: ” << pkt->getName() << ” from ” << pkt->getSenderModule()->getName() << endl;
// Optionally, extract more detailed information (e.g., headers, payload)
// For example, if it’s an IP packet:
// auto ipHeader = dynamic_cast<IPv4Datagram*>(pkt);
// if (ipHeader) {
// EV << “Captured IP packet with source: ” << ipHeader->getSrcAddress() << ” and destination: ” << ipHeader->getDestAddress() << endl;
// }
}
In this module:
- handleMessage() captures every packet, which passes through the attacker node.
- analyzePacket() records the packet details, like the packet’s source and destination, and optionally extorts more detailed data like IP addresses or payload.
- Configure the Attacker in omnetpp.ini
Set up the attacker node to run the Eavesdropper module, which listens to and logs the traffic through hostA and hostB.
Example Configuration for Attacker in omnetpp.ini:
[General]
network = EavesdroppingAttackNetwork
sim-time-limit = 100s
# Configure attacker to eavesdrop on traffic between hostA and hostB
*.attacker.numApps = 1
*.attacker.app[0].typename = “Eavesdropper”
- Run the Simulation
When the network, hosts, and attacker are set up then we can run the simulation in OMNeT++:
- Qtenv or Tkenv: Utilize OMNeT++’s graphical environment to observe the flow of traffic and monitor how the attacker captures packets.
- Packet Logging: The attacker will record packets as they traverse the router, showing how it can access data flowing among the legitimate hosts.
- Analyze the Results
After running the simulation then we examine the outcomes from the eavesdropping module:
- Captured Packets: Verify the logs to monitor the packets captured by the attacker, containing IP addresses, port numbers, and packet content.
- Sensitive Data: If the communication is unencrypted (e.g., HTTP traffic) then the attacker may capture sensitive information like usernames, passwords, or other private data.
- Traffic Patterns: The attacker can also examine traffic patterns, like the volume and timing of packets, to infer data regarding the communication among hostA and hostB.
- Extend the Project
Here are a few ways to prolong the eavesdropping attack simulation:
Encrypted Traffic Simulation
- Replicate encrypted communication (e.g., HTTPS or TLS). In this case, the attacker can still eavesdrop on the communication however will be not capable to read the content of encrypted packets. But, they can still execute traffic analysis to get insights from the packet timing, sizes, and patterns.
Advanced Traffic Analysis
- Execute more sophisticated traffic analysis, like correlating packet sizes and timing to infer user behaviour or communication patterns without requiring to access the real packet content.
Simulating Countermeasures
- Intrusion Detection Systems (IDS): Execute an IDS, which observes for suspicious traffic patterns and raises alerts when an eavesdropping attack is identified.
- Firewalls: Set up firewalls on hostA and hostB to avoid unauthorized traffic sniffing and make sure the use of encrypted communication protocols.
Example Project Structure:
EavesdroppingAttackSimulation/
├── src/
│ └── EavesdroppingAttackNetwork.ned # Network topology
│ └── Eavesdropper.cc # Custom eavesdropping attack implementation
├── omnetpp.ini # Simulation configuration
└── Makefile # Build file for compiling the project
In this manual, we clearly demonstrated basic to advance informations with instances through the simple approach to replicate and analyse the Eavesdropping attack projects using OMNeT++ platform. Also, we will deliver more innovative insights regarding this project depending on your needs. We carry on Eavesdropping Attack Projects using OMNeT++ tailored to your requiremnts. Stay connected with phdprime.com for top-notch research insights and advice on new topics. Feel free to email us for the best simulation support
