Wireshark Packet Sniffing Usernames, Passwords, and Web Pages

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
Wireshark is a packet sniffing program that network administrators can use to isolate and troubleshoot problems on the network it can also be used by someone with malicious intent to eavesdrop on network communications and capture sensitive data like usernames passwords the types of websites that people are visiting and the types of things that are looking at their email all kinds of things so Wireshark can be used in a very positive way to help troubleshoot network problems or it could be used in the wrong hands to eavesdrop let's see how this works I have a diagram that I've created here to show you the scenario the scenario is this this is my computer in the center dance computer and I have two network connections I have a wireless connection going this way and I've got a wired connection going this way I can use Wireshark to capture traffic crossing either one of these network interfaces so all traffic that leaves my computer on this network interface wirelessly I could capture also traffic that comes across my interface from the network coming into the interface I could capture that as well also same thing with this network connection so what I want to do is is I want to generate some traffic from my computer and I'm going to send and receive data and then I'm going to capture that data and take a look at that data the protocols that will be analyzing our telnet SSH FTP and HTTP an FTP and HTTP connections will happen off the internet and the telnet and ssh connections will be happening from a router that I'm going to connect to and then I'll capture that traffic as it leaves my computer and then also as it returns so this should be a fun exercise and show you a little bit about how Wireshark works so Wireshark is really easy to use actually all you have to do first of all is tell it which interfaces you want to capture so if I'm going to let's say telnet into the router I'll go up here and I'll say capture interfaces and then I've got a pic the correct interface now I have a bunch of virtual interfaces here so I have to first of all look closely at which interface I want to use right now so my wireless connection that's for going out to the internet right now my local area connection my gigabit network connection is the one I want to use and you can see traffic flowing across it a little bit right now but this is the one right here gigabit network connection so I'm gonna select it and I'll press Start and now I'll start capturing traffic on that interface so now what I can do is I can get a connection so what I'll do is I'll open up putty and I'll tell net into the router so I'll choose telnet from putty and I'll put in the IP address of the router 192.168.0.1 now I'm capturing all of this traffic right now so here is the telnet session I'll put in my username which is admin and then I'll put in my password Cisco one two three four five and you can see I just got into the router now I'll go to privilege user mode unable and I'll put in the next password which is Dan's courses and now I'm in privileged user mode and I could start executing commands like show me the IP routing table or something like that right okay so now I'm done so I'm gonna stop capturing so I'll press the stop button here and you can see that I've captured just a ton of packets here see that all these packets here now let's say I was snooping or eavesdropping on the network and I'm interested in possible network management connections and usernames and passwords and seeing if somebody was using a protocol like telnet which is not encrypted and would possibly give away that information so all I have to do is go really quickly here and say I'm interested in the telnet protocol and this is my filtering tool right here see it says filter so I put in telnet click apply and it'll isolate only the packets that are using the telnet protocol and by doing that we can take a look at the different types of communications that were happening so as you can see I can open this up and we can start looking at each packet so telnet let's see here telnet telnet look at that telnet if we look in this window right here you can see these are returns user access verification return newline username and if I go to the next packet then the next one and the next one the next one next one eventually we'll see something here data a d m i n min and then password and we'll keep going down here see I s see Oh 1 2 3 4 5 each character is sent separately each keystroke sent separately in a separate packet here but you can just put them all together and you can see the entire situation I could also take this telnet communication and I'll take this packet and I'll say right click and choose follow TCP stream and we can see the whole thing right here user access verification username you can see here admin password Cisco 1 2 3 4 5 then here's my enable command now the letters are a little funky here split into red and blue but we can see that the command was enable and the password was dance courses we can also see the output from my show IP route command and the type of output that the router generated everything here was is basically in plain text so we learned that telnet is not a very secure protocol to use for remote administration if someone happened to be eavesdropping on the network and picking up that data they it would reveal both my username my password and all the commands that I'm giving so I'll close this and I'll close putty and I'll execute the same scenario but this time I'll use SSH so I'll press capture interfaces same connection start I want to continue without saving the previous capture I don't need to save all those packets all say continue without saving I don't need also just the TCP stream so I'll clear that so that we can see all types of communications here and I'll open up putty once again except this time I'll use instead of telnet I'll use SSH put in the IP address and click open and I'll log in again as admin and I'll use the same password Cisco one two three four five gets me in an able and the password dance courses and then a command like show IP route now let's stop the capture we've got all of our data here you can see right here ssh version two the protocol encrypted request packet well let's first of all let's filter for SSH SSH and click apply and so these are all the SSH packets key exchanged initialized diffie-hellman key exchange this is the key exchange new keys client keys encryption AES 256 and we're looking to see if we can here it is so here is something sent from me to the router encrypted request packet and see here I'm not going to be able to pick up any information here and figure out the usernames and passwords or anything like that and if I go up to the top and I say follow TCP stream we can see in here that all of the messages if we follow the stream is entirely encrypted and I'm not going to be able to figure out exactly what types of information was sent across the network that was SSH and telnet now what about FTP File Transfer Protocol and HTTP so let's say I wanted to connect to an FTP server on the internet so I just happen to have one here that we can use so I'll open up a file Zilla connection to my web host FTP Dan's courses dot-com I'll put in the user test user at Dan's courses calm I'll put in my password Wireshark gr8 and this will be a port 21 connection to FTP so before i connect though I want to start capturing so I'll say capture interfaces except this time I'm going out to the Internet so I'm not going to use the local area connection I'm going to use my wireless connection so I'll select the wireless connection and press start so now I'm capturing web traffic there we go let's start our connection now Quick Connect alright it's connecting to my web host online and it already submitted my username and password and I can now examine the files on my web host I'll stop the connection or stop the capture and I'll close my connection to my web host there we go and let's take a look at what we have so here is the captured packets as you can see it's a ton of information all we're interested in though is FTP so FTP is the protocol I'm interested in so I'll filter for FTP and you can see right there we don't have to look very far look at the second line user test user at dance courses comm and then password it says pass right here Wireshark gr8 so there it is done well that was quick if we follow the TCP stream you can see all of the information here and yeah there you go there's the username and password so FTP is not secure so what have we learned we've learned that telnet it's not encrypted not secure SSH is encrypted and that FTP is not encrypted now what about HTTP traffic if someone was eavesdropping on your network and they were sniffing packets could they see the web pages that you were looking at absolutely let's take a look so once again I'll capture interfaces and I'll capture my wireless network connection I'll hit start continue without saving so now I'm capturing traffic and let me clear this because we don't want just that stream okay so we don't want to filter yet and open up a web browser and I'll go to D Alvar get e.com my web site I know because I have a simple picture here so it's a good one to go to and then I'll go to my web site here dance courses comm and I can hit a couple of pages and I've got some images here and there should be some graphics there we go all right sounds good so I'll stop the capture and let's say I'm interested in the types of images that I happen to be looking at well what I'll do is first I'll filter my capture data all the different protocols and packets that I captured this time I'm interested in HTTP traffic so I'll click apply these are my web requests so I'm interested in let's say maybe images that somebody's looking at so I could say and just scroll down and start looking for the types of files like JPEGs and PNG files and jiff files and things like that let's see if we can find one really quickly here all right there's a PNG request here as a PNG file here this looks like it was from my website let's see if we can get that first image there it is right here get this is the call to get my image from my website on the next line it says right here JPEG image so what it can do is is highlight this then I'll go down in the second window area and there is the JPEG file right here this is what I'm interested in so I'll just right-click on this JPEG and I'll say export selected packet bytes and raw data and I'll just choose a name image one and I know it's a JPEG so I'll put dot jpg and save it to my desktop now I'll scroll down and look for some other images that we can take go here scroll down media type image JPEG export selected packet bytes image two dot jpg save here's a JPEG image right here jpg file interchange format that looks good export image three dot jpg and this last one export selected packet bytes and I'll name this image for jpg and save it to the desktop so I have highlighted a couple of different images by looking for them here and exported them to the desktop let's take a look at what we found so we'll go to the desktop and here are the images image 1 image - image 3 and image 4 so we'll just open this one first there's the first image right right for my website rebuilt from the packet capture so we learned that if somebody was listening in on the network they could pull the images and the type of information that you're viewing the types of websites you're viewing and all kinds of stuff if they were using a packet sniffing program and you can see that none of that stuff is necessarily private or encrypted now it's a good reason to think about when you should be using HTTPS when you should be using an encrypted protocol and things like that so it's definitely something to think about well anyway I hope you liked the demonstration you could try that for yourself just capture interfaces choose the correct interfaces and click start and then start capturing and then browse some web traffic when you're done press the stop button and then try to isolate some images like a JPEG image or a PNG file or a jiff file and then highlight like this one is a portable networks graphic so what you do is you highlight that and then export the selected packet bytes in this case this would be image 5 dot PNG since it's a PNG file so I'll hit save and save that and sure enough it's a tiny little image little icon but it is an image right PNG file so it's a type of thing that you could have a lot of fun with all you have to do is just start capturing one of your Nick working network interfaces and start generating some traffic by browsing the web
Info
Channel: danscourses
Views: 1,870,987
Rating: undefined out of 5
Keywords: Wireshark, Sniffing, Packets, Telnet, SSH, FTP, images, HTTP, Packet Analyzer, usernames, passwords, danscourses
Id: r0l_54thSYU
Channel Id: undefined
Length: 19min 3sec (1143 seconds)
Published: Thu Feb 12 2015
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.