Home arrow Site Administration arrow Page 4 - Capturing Packets with the Wireshark Network Analyzer

Packet Analysis: Sample Case Study - Administration

In the first part of this two-part series, you learned the network communication concepts you need to know to understand the operation and data provided by Wireshark. I also covered the installation steps and some very basic configuration. This part will delve more deeply into using Wireshark for analyzing your network.

TABLE OF CONTENTS:
  1. Capturing Packets with the Wireshark Network Analyzer
  2. Stop Capturing and Exporting Data
  3. Saving Exported Packet Information
  4. Packet Analysis: Sample Case Study
By: Codex-M
Rating: starstarstarstarstar / 2
January 07, 2010

print this article
SEARCH DEV SHED

TOOLS YOU CAN USE

advertisement

Now that you've learned the basic features of Wireshark, let's look at an example of packet analysis. Say you are tasked to retrieve a password from the packets. The password is entered in a log-in form (unencrypted). To grab sensitive data such as passwords that are sent in clear text form (not encrypted), follow the procedure below:

Step 1. Since most password submission originates from the client machine (at the application layer), the protocol is to use HTTP for the unencrypted method. Sort for “HTTP” protocol results by clicking the “Protocol” header (screenshot details below).

Step 2. Sending passwords to the website server using HTTP should involve using POST or GET. But POST is more common, since it hides passwords in the URL/browser address bar. So find a POST entry under “Info” column.

If you know the login page URL (for example: wp-login.php) in WordPress, you can find it faster.

Step 3. Once you see the results, double click that packet result, and then it will open a new window. Maximize that window, and navigate to “line based text data.” Expand it, and you can see the password in that entry (actual password in bold):

log=admin&pwd=xtyunbghgrtfderwdfh&wp-submit=Log+In&redirect_to=http%3A%2F%2Fwww.php-developer.org%2Fwp-admin%2F&testcookie=1

The actual password is xtyunbghgrtfderwdfh.

Getting Packets from Other Networked Computers

So far the packets you have been studying in the above section are traveling between your machine and the outside world. In a realistic application, such as administering a lot of computers in the local area network, you need to capture packets from other computers.

Because of this, you need to install/set up your Wireshark on a network interface card that can see all packets in the network (commonly called “promiscuous mode”), not just one computer. Different methods can do this, which you can learn in detail in the official Wireshark documentation

Future tutorials will focus on more advanced applications of Wireshark, such as capturing packets on a wireless network and an in-depth application of Wireshark in network administration.



 
 
>>> More Site Administration Articles          >>> More By Codex-M
 

blog comments powered by Disqus
escort Bursa Bursa escort Antalya eskort
   

SITE ADMINISTRATION ARTICLES

- Coding: Not Just for Developers
- To Support or Not Support IE?
- Administration: Networking OSX and Win 7
- DotNetNuke Gets Social
- Integrating MailChimp with Joomla: Creating ...
- Integrating MailChimp with Joomla: List Mana...
- Integrating MailChimp with Joomla: Building ...
- Integrating MailChimp with Joomla
- More Top WordPress Plugins for Social Media
- Optimizing Security: SSH Public Key Authenti...
- Patches and Rejects in Software Configuratio...
- Configuring a CVS Server
- Managing Code and Teams for Cross-Platform S...
- Software Configuration Management
- Back Up a Joomla Site with Akeeba Backup

Developer Shed Affiliates

 


Dev Shed Tutorial Topics: