Skip to main content

Fun With Wireshark: Packet Analysis and Ethical Hacking Part 1




This is David Bombal's course on Udemy. Screenshots will be scarcer because, hey, you didn't pay for this. I did. This covers the first 4 sections (Sans the OSI model):

  • Introduction
  • Setting Up
  • Using Filters


Setting Up: 




Setting up Wireshark, and the Npcap setup has an option for "Support raw 802.11 traffic( and monitor mode) for wireless adapters".

It seems like something I'd want to pick, but I will wait and follow the instructions...for now. I could click it, I already set a restore point.

My first thought was untagged VLAN traffic. I don't know enough about WS here to know what it may interfere with.

We now hav Npcap loopback adapter.

Be mindful of where we're telling WS to capture from; check your interfaces.

("Why can't I see http traffic?" ->
https://osqa-ask.wireshark.org/questions/37704/wireshark-not-showing-http-protocols)

"You're probably capturing on a protected network; the 802.11 header isn't encrypted, so Wireshark is able to dissect the encrypted traffic as 802.11 traffic, but the payload is encrypted, so Wireshark can't even dissect it as IP traffic, much less TCP or HTTP, so it shows up as "802.11"."


Ethernet frames are L2.



Those represent the levels of the OSI model from top to bottom - Physical, Data Link, Network, Transport. The last one combines Application, Presentation, and Session. You can open it and see the OS, browser used.

When the source is a server serving a webpage, you can click it and see the page in question the client received (provided it's in cleartext). Very cool.

But what if you're not capturing packets?


Remember; Double check what interface is capturing traffic; Span or Mirror a port on the switch.

Span? Mirror?


ON a Cisco switch:
config t
monitor session 1 source int [interface]
monitor session 1 destination int [int with  monitoring station]





Filters:


When you are using filters, sometimes the bar may turn red. Keep going, it will turn green when you're finished.







These are display filters.

Silly thing; Make sure to hit enter when you've filled out the filter.

Two filtering language

- Capture packets
- Display packets

Primitives: Filtering on a house IP add or name.

Putting in the protocol gives a different output than putting in the display filter (tcp.port == 23)





(Right click a packet and go to Follow > TCP Stream. This doesn't work with every packet)

Comments

Popular posts from this blog

What Do You Need? [AKA; List of Offered Services / My Next Role] (2020)

I am a trusted outsourced remote consultant for your company.   I enjoy having the flexibility to take on temporary projects from time to time! I start at part-time, temp work for now. If we like each other, we can renegotiate. If anything sounds weird, out there, or unusual - Feel free to e-mail me .  3 Services Offered Writing :      You want to pay me to write more of *waves hand* this blog? I am game .     I write B2C e-mails going out to over 280 people weekly. [ Example Job Description ]        Auditing :        Something doesn't work on your page or in your app. I can find it, or you can lose business. [ Here ] [ Example Job Description ]   I really enjoy testing apps and webpage concepts! I have an iPhone and Android phones ready. Technical: Still as-needed, always remote, contract, or temporary. IT Operations Tech [ Example Job Description ]     Hardware and SaaS support.     Cisco routing and switching (Networking). CCNA, A+, Sec+, Azure certified WORKING ON: Junos

Portfolio of UX/Product Feedback [Vol. 1]

I browse websites and apps, while making note of things I find frustrating for end users. You have probably been linked here from a form or my resume. If you have any questions about what I'm looking for in a role, click here .   This post is not to shame, but to point out errors and hopefully make my talent for finding and documenting such mistakes clear to someone hiring. Contents: Instances where I offer constructive feedback on someone's website, logo, or app. Actions that were taken by the developers or artists.  I'm glad you want your webpages to be the best they can be with my help; If you need your sites audited, e-mail me . Latest Update -  November 20th, 2020.   Vol. 2 is here .

Contactless Tech’s Role in the New Guest Experience ft. Intelity and The George

 Contactless hospitality technology is growing. You want to get away, and you'll be damned if a little thing like a deadly virus will stop you! But you still don't want to touch things. Ew. During the chat between INTELITY CEO Robert Stevenson and THE GEORGE Director of Operations Kerrie Hunter, you’ll learn how the historic boutique hotel has adapted a mobile-first guest experience in the wake of COVID-19—and how they see contactless technology affecting the future of hospitality. I don't remember how I found INTELITY (probably hoping to score a position with them), but I liked them enough to stay on the e-mail lists.