Protocol analyzers, which are also called sniffer's, capture packets to decode and analyze its contents. In this project we will, download and use Wireshark analyzer to decode our own packets.
Step: 1 open your web browser and type in http://www.wireshark.org/ in the address bar. The wireshark download webpage will open which looks like this-
Step: 2 Click and download wireshark.
Step: 3 Under Windows 2000/XP/2003/Vista lnstaller (.exe) click SourceForge-net.
Step: 4 A file download dialog box will appear. click on save and foolow the instructions to save the file in a location of your choice. When saving is done, click and run the installation program and follow the instructions to install the program.
Step: 5 When the installtion is complete, launch wireshark by clicking Start>Allprograms>Wireshark>Wireshark.
Step: 6 below capture on interface you will see your ethernet adapter. click on it to start capturing.
Step: 7 depending on yor networks traffic you will begin to see packets capture.
Now, lets generate some traffic. Go to Start>run type "cmd" and press Enter.
The command prompt will open.
at the command prompt, type "ftp server1". command will be accepted and the window will look like this-
Packets will appear in Wireshark.
Type quit and press enter to return to the command prompt. In my case, I've used ctrl+C to return to the command prompt.
click exit.
Step: 8 Now, lets check whether wireshark can pick up passwords or not. Open a web browser and go to www.bluehost.com/cgi-bin/uftp/. A web page will open up which looks like this-
Step: 9 Enter Gerald as username and happy as password.
You will get an error message says "login failed".
Step 10 Return to the Wireshark window and click on edit>findpacket.
Step: 11 Click String.
Step: 12 Under Filter: Enter Gerald.
Step: 13 Click Find.
Step: 14 According to the project at the bottom of the screen i should have seen the username and the password, which are just entered few minutes ago.
But, in my case after trying several times, I only got this message everytime. Which is because of the solid encryption protection that my d-link wireless modem/rounter is using. Wireshark couldn't decrypt the encrypted data. This is the only way you can stop wireshark from capturing sensitive data, by encryption.
Step: 15 Close all windows and do not save any data.
Whats happening on step 7-8?
On Step 7-8 Wire shark is capturing all the packets within the netwok to decode and analyze their content.
How to prevent Wireshark from capturing these data?
The only method to prevent wireshark from getting sensitive data, is to encode the data that is being sent in a manner that the an outsider cannot decode. In other word, "Encryption".
No comments:
Post a Comment