How to Implement Eavesdropping Attack in NS2

 

To implement an eavesdropping attack in NS2 (Network Simulator 2), we have to simulate a malevolent node that snoops to the communication of other nodes in the network without participating in or modifying the communication. In such cases, the attacker node submissively observes the network traffic. Here is the detailed approach to implement the eavesdropping attack using ns2:

Steps to Implement an Eavesdropping Attack in NS2:

  1. Set up the Network Topology:
  • Start by defining the network topology contains several nodes interacting with one another.
  • Launch an attacker node that will overhear on the communications amongst other nodes.
  1. Identify the Eavesdropper Node:
  • Select one or more nodes to behave like the eavesdropper.
  • The eavesdropper node should be able to capture the traffic from its neighbouring nodes devoid of actively participating in the communication.
  1. Modify the Attacker Node:
  • The attacker node should have a Null agent to guard it against transmitting packets.
  • Log all the packets obtained by this node by using the in-built tracing mechanisms of ns2.
  1. Set Up Communication:
  • Use TCP or UDP agents to configure regular communication amongst two authorized nodes.
  • The attacker node will get all the packets flowing through the network.
  1. Logging the Traffic:
  • Allow tracing on the attacker node to log any packets that pass through its communication range.
  • The attacker node will use the trace file to save information about the packets it snoops on.
  1. Example Tcl Script for Eavesdropping Attack:

Below is an example Tcl script to replicate an eavesdropping attack:

# Create a new simulator

set ns [new Simulator]

# Define output trace files

set tracefile [open out.tr w]

$ns trace-all $tracefile

# Define nodes

set n0 [$ns node]  ;# Source Node

set n1 [$ns node]  ;# Destination Node

set n2 [$ns node]  ;# Eavesdropper Node

# Define links between nodes

$ns duplex-link $n0 $n1 1Mb 10ms DropTail

$ns duplex-link $n0 $n2 1Mb 10ms DropTail

$ns duplex-link $n1 $n2 1Mb 10ms DropTail

# Define TCP traffic from n0 to n1

set tcp0 [new Agent/TCP]

set sink0 [new Agent/TCPSink]

$ns attach-agent $n0 $tcp0

$ns attach-agent $n1 $sink0

$ns connect $tcp0 $sink0

# Traffic source

set ftp0 [new Application/FTP]

$ftp0 attach-agent $tcp0

$ns at 0.1 “$ftp0 start”

# Define Null agent for the eavesdropper node (n2)

set nullAgent [new Agent/Null]

$ns attach-agent $n2 $nullAgent

# Enable tracing at the eavesdropper node to log all packets it overhears

$ns at 0.1 “$n2 set ragent [$n2 agent-null]”

$ns at 0.2 “puts \”Eavesdropper n2 listening to traffic…\””

# Schedule simulation end

$ns at 5.0 “finish”

proc finish {} {

global ns tracefile

$ns flush-trace

close $tracefile

exit 0

}

# Run the simulation

$ns run

Breakdown of the Script:

  • Nodes:
    • n0: Source node that will send traffic.
    • n1: Destination node that will receive traffic.
    • n2: Eavesdropper node that will listen to the communication amidst n0 and n1.
  • Traffic:
    • TCP traffic is accomplished between n0 (sender) and n1 (receiver).
    • A Null agent is attached to n2 (the eavesdropper) so it doesn’t send any traffic but can receive and log packets.
  • Trace Logs:
    • The trace file (out.tr) will capture all packets exchanged between n0 and n1, and any packets the eavesdropper n2 snoops to.
  • Traffic Source:
    • The script design an FTP application to produce data traffic between n0 and n1 using TCP. The eavesdropper listens to this traffic but does not intrude.
  1. Analyze the Trace File:
  • After running the simulation, evaluate the trace file (out.tr) to see the packets obtained by the eavesdropper node (n2).
  • Validate for lines in the trace file where node n2 receives packets from n0 or n1.
  1. Optional Visualization (Using NAM):
  • You can also envision the simulation in NAM (Network Animator) to monitor the eavesdropper node capturing traffic.

Post-Simulation:

  • Traffic Analysis:
    • Review the trace stores to observe what kind of data the eavesdropper interrupted.
    • Evaluate the packet contents, headers or use modern traffic analysis strategy by extending the script.
  • Simulate Countermeasures:
    • You could execute encryption at the source and destination nodes to replicate defense from eavesdropping, where the eavesdropper can only see encrypted traffic however cannot understand the contents.

This procedure has the comprehensive instructions on how to set up the simulation which will be useful for the implementation of eavesdropping attack in the ns2 environment and we can provide the added information about this approach, if required.

Contact us for customized services regarding the implementation of Eavesdropping Attacks in NS2.