Wireshark Tutorial - Installation and Password sniffing

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
- In this video I'm gonna show you how to download and use Wireshark. Wireshark is a really important tool if you wanna see what's going on on a network. So as an example, seeing passwords or other information on a network. (techno music) In this example, I'm using Windows 10. I'm gonna open up Microsoft Edge and to go Google.com and do a search for Wireshark. First hit is Wireshark.org so you could just go directly to Wireshark.org, if you wanted to, and then click download to download Wireshark. What I'm gonna do is select the Windows installer 64-bit because that's what I'm using in this example and I'm gonna click Save. Wireshark is now downloaded so I'm going to click Open Folder to open my Downloads folder. And as you can see here, Wireshark win64-bit, version 3.03 has been downloaded. I'm gonna double click on that executable file, click Yes to install the application. Now you can change some of the options when you install Wireshark. I'm gonna basically stay with the defaults. You need to agree to the Wireshark license. I'm gonna click Agree. Wireshark is free, you don't have to pay for it, but you do need to agree to the license if you want to use it. Components to install, I'm gonna stay with the defaults but essentially Wireshark is the graphical user interface that we want to use. TShark is a command line interface, very useful if you want to use Wireshark without a graphical user interface. I'm gonna click Next. I'll keep the defaults but also add a desktop icon, click Next. I'll stay with the default installation directory, click Next. Wireshark either requires Npcap or Winpcap to capture live network data. I'm gonna stay with the defaults and click Next. USBpcap is required to capture USB traffic. I'm not gonna use that so I'm gonna simply click Install to install Wireshark. As you can see, Wireshark is now being installed on my Windows computer. You essentially need to just wait for that installation to complete. So a whole bunch of files are installed. Now the Npcap license agreement is displayed. You need to agree to that as well. You can specify various options but I'm gonna stay with the defaults and click install. Once you get used to Wireshark and you use more advanced features, you can select some of the other options but again here, I'm just using the defaults to allow Wireshark to make changes to my computer and install as an example, Loopback Adapter, on my Windows computer. So as an example, in Control Panel, if I look at my network and internet, what you'll notice is I have an Npcap Loopback Adapter installed. So under Control Panel, Network and Internet, Network Connections, I have my ethernet interface, Ethernet0, which is Network 2 and I have an Npcap Loopback Adapter installed and that was installed as part of the Wireshark installation. Click Next, click Finish. So Npcap is now being installed. Wireshark installation continues. As you can see there, my Wireshark icon is now displayed on my desktop. A bunch of files are extracted and notice the installation is complete. Click Next, click Finish. That's how you install Wireshark on a Windows computer. All I need to do now is start it up. And notice I have two interfaces, Npcap Loopback Adapter and Ethernet0. This shows me that there's a lot of traffic being seen on that ethernet adapter so I'm gonna simply double click that. Now note, if the network is busy, which this network is, you'll see a lot of traffic in the output. It could filter, as an example, for some type of protocol. EIGRP is a routing protocol and I can see hello messages for that protocol. If you don't know what that is, don't worry. OSPF is another routing protocol, so I can see that. So there's a lot of traffic in this network but I'm filtering to only see certain traffic types, in this case telnet. So what I'll do in this example is telnet to a device on my network. So I'll telnet to 192.168.254. Notice we can see telnet traffic in the output now, previously we didn't see that. I'll put in my user name, which in this example is wireshark, and I'll put in my password. And notice I've connected to a 3750 Cisco switch. Show version will actually show me that output. Now if you haven't worked with Cisco devices before, don't worry. Basically all I've done is telneted to a switch in my network, a device that I'm physically plugged into. You would see something similar if you had telneted to a router. But notice here's the telnet data. I can, as an example, have a look at the telnet data. I can see here user access verification asking for a user name, my PC with this IP address, 192.168.1.85, is sending data to the switch. The switch then replies. So as an example, notice the data sent here is wi. That's echoed back, in other words, I'm sending data to the switch and then it's sending it back again so that it displays on the screen. So scrolling up here, I could actually see my user name displayed and that's what's being displayed here so that's the e in Wireshark. That's echoed back. And then, if I continue, you'll see the user name, wireshark. And then the switch prompts for the password and what you'll notice now is my password is sent to the switch. Now there's a much easier way of doing this. If I click on one of the packets and then click Follow, TCP Stream, I'll see the entire stream. So as an example, the blue is what the switch is displaying, the red is what I'm typing. So hence you see wireshark typed twice there but notice the password is only displayed once because the switch didn't echo that back again. There's my show version command. So I typed sh space vr and then I pressed tab and that's what was displayed and then the output of the command was displayed there. Now, as an example, on this switch, if I typed show run, and don't worry too much about this command, all I want you to see is that I can see information in real time in Wireshark. Notice here is a user name called Bob, here's a user name called Wireshark, both with a really bad password of Cisco. This password David is using encryption, that's much better, that's what I should be using if you're using a Cisco device. But once again, if I click on a telnet packet and then go Analyze, Follow, TCP Stream, you can see all of that output in Wireshark. It's being captured by Wireshark and I can view the user names and passwords. Now in my Wireshark course I talk more about this and show you how to hack protocols in more detail using Port Span, as an example. So here, it's fairly easy to see what's going on because my device is sending the traffic into the network and receiving the traffic but it you wanted to capture packets from other devices, you need to enable Span or something else in your network so that you can see those packets and have visibility of what's going on. But what I'll do here is open up a web browser and go to this website, ox.ac.uk. This is the University of Oxford. Now this is really bad, websites today shouldn't be using HTTP, they should be using encrypted HTTPS traffic. So what I'll do here is exit out of the switch and just to show you the IP address of that website, I'll use nslookup, so nslookup ox.ac.uk. Notice the IP address here, this is the IP address of the server. So I should be able to filter for 129, there it is over there. So I'll right click on this and I'll select this as a filter so I see just the traffic to that server. Now I don't have an account on the server but if I was asked to login to the server and it was sending the traffic via HTTP, I'd be able to see those passwords. Notice when I clicked on staff, it took me to another domain name and this one is encrypted, HTTPS, but if I go back, notice ox.ac.uk is in clear text. It's bad practice today to use clear text for your websites, they should be encrypted. So let's do another example just so that you can see a login. I'm gonna connect to that switch again and notice here I'm asked for a user name and password. So I'll use my user name of Wireshark, password of Cisco. That will log me into that switch. So let's just search for that IP destination equals 192.168.1.254. So now what I'm doing is I'm looking for traffic to that server, which is the switch. And what I could do is filter that for HTTP. So let's go and HTTP. So I filtered that right down. Notice authorization here is displayed and notice there's my user name, wireshark, and Cisco. But what I want you to see is you can see the user name and password in clear text because HTTP is clear text. Okay, so I hope you enjoyed this video. If you did, please like it and please subscribe to my YouTube channel, that really does help me. I'm David Bombal. I want you wish you all the very best. (techno music)
Info
Channel: David Bombal
Views: 210,532
Rating: undefined out of 5
Keywords: Wireshark, Sniffing, network, networking, network security, packets, ip, tcp, http, network scanner, software, cyber security, security, Computer SecuritY, Technology, Tutorial, Telnet, SSH, FTP, images, HTTP, Packet Analyzer, usernames, passwords, davidbombal, udemy, udemy course, udemy wireshark, wireshark, cybersecurity, ccna, wireshark tutorial, ethical hacking, ethical hacking course, kali linux, kali, kali linux tutorial, gns3, CCNA, INE, CBT Nuggets, cisco ccna, gns3 wireshark, ccnp
Id: 4_7A8Ikp5Cc
Channel Id: undefined
Length: 11min 25sec (685 seconds)
Published: Sun Aug 18 2019
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.