Sniffing

Course
Time
14 hours 16 minutes
Difficulty
Beginner
CEU/CPE
2

Video Transcription

00:00
everyone Welcome back to the core. So in the last video, we went ahead and ran our net cat command. So we went ahead and took a look at the words I typed in. So the dog, cat and bird. But we noticed that when we clicked and followed the TCP stream that the words that I typed in actually showed there we were able to successfully capture them, and he just should have had similar results on your end.
00:19
Now we're at step 34 of the lab documents, so we're gonna go ahead and stop our traffic capture inside of wire shark. So basically, we're just gonna click this Red Square icon at the top here. And then once we do that, we're gonna locate any packet that has an acknowledgment flag with it on. Then we're just gonna take a look and look for the source and destination I p address here in question number two.
00:39
Let's go ahead and do that now. So just click on the stop capture there,
00:41
so that red square there, once you click it, it's gonna grow kind of great out. So, you know, you were successful at that,
00:47
and then I just find any packet that's got an acknowledgment flag with it. I'll just pick on this one right here.
00:53
I see that I have a notion. A flag. And so again, question number two in our lab document was basically just once a source and destination i p address.
01:00
So we see here on my end, at least that my source, the source i P excuse me is $10.0 dot Tenn 0.0.10 and then my destiny destination I p addresses tend not zero dot Tenn dot
01:12
All right, so that was a pretty easy question there for everyone.
01:15
All right, so the next thing we're gonna do is actually open up a pre saved packet capture, and we're gonna take a look at the the information in that.
01:23
So the way we do that, we're just gonna select file at the very top left here of wire shock and then select open.
01:30
It's gonna ask us to, you know, Do you want to continue without saving? You want to save what you're doing right now? Essentially, the scans that were running, we're just going to select and continue without saving option. We don't care that we're losing that data.
01:41
Our next up here were to select desktop on the left side. You'll see mine has defaulted in there already, but we're to select desktop on the left side. And then we're gonna go to the Captures folder and then select the Actually, the file I have highlighted here the capture two dot pea cap.
01:57
So that's gonna be steps 39 through 41.
02:00
So let's go ahead and do that. Now, we're just gonna like desktop on the left side there double click on captures. And in the very top option there, the capture of two dopey cap. Just go ahead and make sure that's highlighted and then just say open.
02:13
You'll see it's gonna open it up in the background there, and sometimes you'll see a filter typed into wire shark here specifically related to TCP. If you see that, just make sure you click the clear option to clear it out. Just like mine looks right there. So you just want a blank boxer that way, it shows you all the packets that are in that capture.
02:31
First, let's go back to our lab. Dr.
02:34
The next thing we're gonna do is actually look for this packet right here. So packet number 20 to 86. So the way we're gonna do that, we're gonna select go at the top here and then go to pack it.
02:46
Once we do that, it gives us a little search box here. Just type in 20 to 86. So again, that's right here in step 43 over lab document. And then we're in selecting Jumped to option. So it's gonna be this bottom right button right here.
02:59
Once you select that, you'll see, it'll jump to as the name implies. Talking number 20 to 86.
03:05
Let's go back to the lab document. We have a few questions we want to answer based off this particular packet. So questions three or four are related to the source. I pian i p address import number. So if we take a look here, what do we see?
03:21
All right, So we see that packet 20 to 86. We see it's running on. Ah. Source I P address of 122.168 dot 251.
03:30
We also see that the destination I p address here is one attitude on 168.200. 200. And then, of course, our source port. If we look here at the bottom is 1062 in her destination 110 or pump three.
03:45
Let's go back to our document here. So you'll see We've answered questions. 345 and six. So let's move on to step 44 here. So this is our last step for this particular lab. So we're just gonna write quick, just like we had done before, where we follow the TCP stream and we just want to right click on this package. I just take a look at the information that we see in this particular packet. So question number seven year.
04:03
What information do you actually see on your?
04:06
So all we have to do again. Just right. Click on that packet. Follow TCP stream, but we could take a look here.
04:15
All right, So what I see on my ended, you should actually see the same thing since we're all using the same packet number here, you should see that. It looks like somebody logged in here with a username, a student and a password of my secure path. So again. One of the main things that we try to capture here using wire shark is gonna be credential information. So specifically, usernames and passwords
04:33
could also be past phrases or something like that,
04:36
or even even keys in some situations. But in most cases using the process, we're gonna be The things that we try to capture
04:44
are so in this lab, we just took a little look at wire shark again. We're gonna be using wire shark quite a bit through these four different labs and we'll do hands on a CZ well as TCP dump.
04:53
So the next video, we're just gonna go over some more packet sniffing.

Up Next

Sniffing

This course covers basic sniffing as part of a penetration test. Attackers and penetration testers use sniffing to analyze network packets for information.

Instructed By

Instructor Profile Image
Ken Underhill
Master Instructor at Cybrary
Master Instructor