Sniffing

Course
Time
1 hour 12 minutes
Difficulty
Beginner
CEU/CPE
2

Video Transcription

00:01
everyone. So in the last video, we went ahead and logged into our lab environment. So again we logged into are Abou to lab environment, specifically research for the wire shark lab inside of the cyber lab environment. Now, if you haven't coming into this lab, then you want to go ahead and process video, go back to the previous video because that'll walking through up into the point where we're at right now.
00:19
So we've gone ahead and launched our wire shark tool launching terminal window and they were basically just gonna run a ping scan and see what kind of information is being captured by where, Sure.
00:29
So let's go ahead and do that now. So we're gonna open the terminal window again. We can do that by clicking the terminal icon here.
00:39
Yeah, I'm gonna go ahead and just right click on and actually say new terminal that's gonna make our lives a little easier. So go and do the same thing. So just right. Click on the terminal window and just say new terminal. That'll give you a new option there.
00:49
Now,
00:51
once we do that, we're gonna go ahead and we're down here. Step 22. Now, we're gonna go ahead. We're on a ping command, and we're gonna let the run for, you know, roughly 10 to 20 seconds. You could let it run longer if you want to. You we basically just want to get a good amount of traffic that we've captured there. So once I run the command on Paul's a pretty video briefly while that run on my end, and then I'll pick things back up One side.
01:10
No.
01:11
Gotten to the point where I feel like it's captured enough packets, at least on my end again. You can let this run as long as you want to. If you want to let it run for, like, five minutes, by all means, you're free to do so. But if you just want to go along with what I'm doing than 10 to 20 seconds or so, it's probably all all due to capture the traffic.
01:26
All right, let's go and type in. Our Ping command now is we're gonna type in
01:30
Ping. So all their case there,
01:32
and then we're gonna put a space and then our i p address that we're pinging. So we're actually gonna be pinging Tenn 0.0 dot Tenn 0.12 again, of course, we're in a lab environment here If we were using, like, an external source. So, for example, if I was trying to pick your Web servers offline data may use something, you know, Maybe it's like a 1 92.168
01:51
got 01 or something like that.
01:53
If I'm internal on your network and I just wanna sniff traffic from a pen tester and maybe have gotten access to some like that or if I know particular internal I P addresses like this one here, I might be able to ping those and sniff the traffic on those keeping in mind that if I'm doing this is a pen tester.
02:08
Uh, that's a good way for someone to notice that I'm doing something. If I start pinging
02:14
internal I p addresses. So just kind of F II on that again, it's just another tool in the arsenal that we can use to take a look at what's going on with this particular network.
02:23
So once we talked in the Ping command there and we talked it R P address, just type the enter key on your keyboard you'll see, it'll start generating. Generating. Excuse me, The traffic there, as I mentioned before, I'm gonna go ahead positive now, Let it go for, you know, 10 or 15 seconds or so, maybe 20 seconds, and then I'll come back on the video will take a look at the rest of our lab.
02:45
All right, so we're back now and you'll see my skin still running the background. That ping command there. I've got over 100 or so, you know, packets roughly captured. So I'm gonna go ahead and stop mine again. If you want to let us run longer, you're welcome to You can just pause this video and lectures. Run as long as you want to, but to stop. If you want to go and stop it with me,
03:02
just make sure you're clicked into the command, prompt there, and then just you hold on controlling the keyboard.
03:07
Impressive letter C as in cat at the same time. So control C and you'll see that will stop the ping scan for us.
03:15
All right, So if we go back to our lab document here,
03:20
the next thing we're gonna do is basically interact with the A c t p server. So specifically, there's a program that's listening on port for 44. So we're gonna use w get to go ahead and do that. So same I p address. Here's the same server that were touching here. We just want to run a different command against it. So here's the command. Prompt his type. And
03:38
don't you get now you could talk clear if you want to go and clear the screen here
03:40
if you want. Teoh, I'm not gonna go ahead and do that. I'll just go ahead and run with the command here. So w yet
03:46
space. And then again, it's the same i p address. So that 10
03:50
0.0
03:52
doc, turn dark 12
03:53
and then just press enter to keyboard there.
03:59
All right, so the next thing we're gonna do is actually use net cats. So once we do net cattle, we establish this connection to port for 44. What we want to do is just type in some random words here. I just chose cat, dog and bird. You're actually welcome to choose whatever you want to just after each one you type in your press. The enter key on your keyboard, and specifically the thing you're gonna be looking for
04:18
is
04:19
in the background. Here. You'll notice that some of the packets will be highlighted. Generally speaking, there, normally that kind of a purplish or pinkish color, they may be a different color, just kind of depends. I've noticed this lab environment sometimes changes on me, but in most cases has been purplish type of color, like a violent color. So
04:36
now keep an eye out for those. Once you see those
04:41
after you type these things in and hit, enter these words and impressed. Enter right, click on the packet, select Follow TCP stream. And then we wanna just take a look in here in question everyone to see if any of these words actually show up in the TCP stream that we're taking a look at. So ah, lot of steps here. A lot of things I just mentioned there,
05:00
but basically what we're doing is we're gonna type in this and cat on cat receiving net cat
05:04
command here on, then, once we cut that and we're gonna type in these random words so again, you can use whatever you want to. I'm just gonna use cat, dog and bird, and I'll press interact for each one. And then I should be seeing some different packets coming through. It's, um, differentiating packets will say like that where the coloring is different. I'm gonna right click on those select follow TCP Stream
05:24
And then from there, I just want to see if any of the words I typed in
05:27
are actually showing up in the packets that I'm capturing.
05:30
So let's go ahead. Just get all that done here for this one. I'm excited to go ahead and take that. We're clear just to clear out my screen there so it's a little easier for everyone to see, and then we'll just type in and see
05:41
space 10.0 dark 10 12 Again, we're using that same I P address for the server will put a space and then for 44 for a port number.
05:50
And that is press enter. Now you'll see that like nothing seems to be happening in the terminal window there, just typing like the word cat or whatever you've chosen. Press enter, you know, dog press. Enter bird press, enter whatever the case might be. Almost when I mentioned there in the background that the packets are kind of purplish. Go ahead, nurse. Right Click on any of those that follow TCP Stream.
06:10
And what you want to look for is what I'm seeing right there. So
06:13
question number one here, at least on my end Do I see the words that I've typed in? The answer is yes. I see that I've typed in cat, dog and bird. All those show up right there. So you noticed that we're actually capturing whatever's been typed in the terminal window s. So, for example, if we were, you know, sniffing on someone else's machine pretend potentially there typing in a password or user name,
06:31
we could potentially grab that information,
06:33
which is one of the reasons, or one of the main reasons we would use a tool like wire shark or even TCP Top.
06:41
All right, so let's move on with our lab here. So now we're gonna go ahead, just close the TCP stream here, and then we're gonna stop net cats. I just click the close button here. We'll go back to our terminal window,
06:51
and we're just gonna stop Net cap. I just called it now. Control, then pressing C isn't cat like we did before. So, control. See? You'll see That will take us back to our command prompt. There.
07:02
All right, I'm gonna go in. Paul's video here will pick things back up and finish out the lab in the next field.

Up Next

Sniffing

This course covers basic sniffing as part of a penetration test. Attackers and penetration testers use sniffing to analyze network packets for information.

Instructed By

Instructor Profile Image
Ken Underhill
Master Instructor at Cybrary
Master Instructor