News / capture the packet
Capture The Packet (CTP)
The time for those of hardened mettle is drawing near; are you prepared to battle? Compete in the world’s most challenging cyber defense competition based on the Aries Security Cyber Range . In order to triumph over your competitors, contestants must be well rounded, like the samurai. Tear through the challenges, traverse a hostile enterprise class network, and diligently analyze what is found in order to make it out unscathed. Not only glory, but prizes await those that emerge victorious from this upgraded labyrinth.
The Dark Tangent has asked that we extend your time in the labyrinth and this has caused the difficulty of challenges to be amplified, so only the best prepared and battle hardened will escape the crucible. Follow us on Twitter or Facebook (links below) to get notifications for dates and times your team will compete, as well as what prizes will be awarded.
Wall Of Sheep
An interactive look at what could happen if you let your guard down when connecting to any public network, Wall of Sheep passively monitors the DEF CON network looking for traffic utilizing insecure protocols. Drop by, hang out, and see for yourself just how easy it can be! Most importantly, we strive to educate the “sheep” we catch, and anyone else interested in protecting themselves in the future. We will be hosting several ‘Network Sniffing 101’ training sessions using Wireshark, Ettercap, dsniff, and other traffic analyzers.
Wall of Sheep DJ Community - WoSDJCo
Come chill with us while we play all your favorite Deep, underground house, techno, breaks, and DnB beats mixed live all weekend by your fellow hacker DJs. We will provide the soundtrack for all your epic PHV hax, just like we do every year. Schedule of DJs available at: https://wallofsheep.com/pages/dc26
Looking to upgrade your skills or see how you would fare in Capture The Packet? Come check out what Packet Detective has to offer! A step up in difficulty from Packet Investigator, Packet Detective will put your network hunting abilities to the test with real-world scenarios at the intermediate level. Take the next step in your journey towards network mastery in a friendly environment still focused on learning and take another step closer to preparing yourself for the competitive environment of Capture The Packet.
NEW FOR 2018: Packet Inspector
Taking the place of Packet Detective as your introduction to network analysis, sniffing, and forensics. Do you want to understand the techniques people use to tap into a network, steal passwords and listen to conversations? Packet Inspector is the place to develop these skills! For well over a decade, the Wall of Sheep has shown people how important it is to use end-to-end encryption to keep sensitive information like passwords private. Using a license of the world famous Capture The Packet engine from Aries Security, we have created a unique way to teach hands-on skills in a controlled real-time environment.
Join us in the Packet Hacking Village to start your quest towards getting a black belt in Packet-Fu.
NEW FOR 2018: Walkthrough Workshops - Learn to build Honey Pots
The Packet Hacking Village brings yet another Def Con premiere: Walkthrough Workshops, where you will go on a self-guided journey to building your own honey pot, taking it live and hopefully trapping some unsuspecting users. Fear not though, like with all our other training events, we will have helpful and knowledgeable staff on hand to assist you along the way!
Back for a sixth year, we continue to accept presentations focusing on practice and process while emphasizing defense. Speakers will present talks and training on research, tools, techniques, and design, with a goal of providing skills that can be immediately applied during and after the conference. Our audience ranges from those who are new to security, to the most seasoned practitioners in the security industry. Expect talks on a wide variety of topics for all skill levels. Updated schedule available at: https://wallofsheep.com/pages/dc26
A returning favorite from last year, we have hands-on labs and training sessions from an amazing line-up of instructors covering beginner to advanced level material. See our website for updated schedules. Updated schedule available at: https://wallofsheep.com/pages/dc26
For nearly 20 years we have been sniffing traffic at conferences using 10/100 Ethernet HUBs. Although using a HUB is one of the easiest fastest setups you can do, this method has slowly become obsolete.
While 10/100MB shared was great back in the day, it’s considered extremely slow by today’s standards.
Frankly, as our fleet of HUBS started aging, we started experiencing more and more failures (port outages, loud/dead fans, more than normal slowness, etc.) Trying to replace the hubs was getting harder and harder and fleet age wasn’t the only problem we were experiencing. People would spew traffic back into the HUB tainting the data everyone was trying to capture. And… depending on the venue no names (DEF CON), we would have people intentionally saturate the HUB or attack others on the HUB intended for network forensics.
We knew we had to do something, the ideal alternative to using network HUBS is using a network TAP. This would also solve all the other issues mentioned above with just one catch. High port count Gigabit Network TAP technologies are freaking expensive!!! We didn't have 15-20 thousand dollars per device laying around.
So we looked into seeing if one of the manufactures would give us a discount or possibly sponsor our projects. When this didn’t pan out, we had this crazy idea…
Was it was possible to make our own?
Well, the answer is YES! We are proud to announce after several years of development and testing, we have released our first 48 Port high speed network device intended for network forensics that won’t require a luxury car loan to buy.
While it sounds insane, we are releasing the CTP410052T for the low cost of $2500.00 so labs everywhere can finally actually afford to upgrade!
If you’re interested and didn’t get a chance to swing by the Packet Hacking Village at DEF CON this year to see one in action check it out here:
On Preparing for Some of Our Events At DEF CON (e.g., Packet Detective, Wall of Sheep, Speaker Workshops)
Would you like to learn how tap into a network?
Do you want to learn how to capture people’s passwords or hear their phone conversations?
There are many learning opportunities at DEF CON, especially at the Wall of Sheep. If you want to learn how to tap into a network, capture people's passwords, want to contribute to the Wall of Sheep, play Packet Detective, or play Capture The Packet, it is important that you come prepared with a computer with tools already installed! You do not want to be downloading tools and software at the conference as the DEF CON network is arguably the world's most hostile network.
A computer with wired or wireless networking is required. Any platform is acceptable (e.g., Mac OS X, Windows, Linux, Android). Administrative access on the computer is required!
Here is a list of tools that are frequently used at the Wall of Sheep and thus you should install most of them on your computer:
- Wireshark (http://www.wireshark.org/)
- Ettercap (http://ettercap.github.io/ettercap/)
- tcpdump (http://www.tcpdump.org/)
- WinDump (http://www.winpcap.org/windump/) --Windows only
- ngrep (http://ngrep.sourceforge.net/)
- NetworkMiner (http://www.netresec.com/?page=NetworkMiner)
- Xplico (http://www.xplico.org/)
- Cain & Abel (http://www.oxid.it/cain.html) -- Windows only
You can also choose a Linux distro live-CD aimed at penetration testing such as Kali Linux (https://www.kali.org/) to get up-and-running quickly as it has almost all the above tools installed already.
Step 1: Configure Your Machine
You will need to set your computer to allow it to capture ALL the traffic on the network, not just information sent specifically for that machine. An example of this would be to set your network adapter to promiscuous mode.
Helpful videos can be found under Tools and Training of our website.
Step 2: Be the Detective
The steps, repeat:
- Monitor the traffic
- Save the captures
- Analyze the data
Once you have your machine configure and some of the tools installed, you can practice and hone your skills at the Wall of Sheep. The Wall of Sheep will supply you with a live feed of the DEF CON wireless network so you can capture packets and analyze the data.
Be sure to test your Packet Detective skills at the Packet Detective tables by experiencing the same type of challenges that are used in Capture The Packet.
There is bit more than installing the tools, configuring your machine, and the repetitive steps: you also need to understand the network you will be investigating. That is:
- Are you going to tap into and sniff a wired network or a wireless network?
- Does the network use a hub or a switch?