6.2 Sniffing Wireshark EH

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with

Already have an account? Sign In »

9 hours 47 minutes
Video Transcription
I welcome back to the course in the last video we did our introduction toe are sniffing lab, so we talked a little bit more about wire shark and max poofy.
If you haven't seen that video yet, go ahead. Pause this one and go back to it just because it's gonna contain some good information you'll need to know to complete the slabs. You sexually.
So in this lab, we're gonna use a tool called wire shark Know where sharks available to capture traffic on the network. So helps us captured packets and then identify different information about those packets. So things like the source and destination I p address the protocol and use whether that's like Teepees, TCP, your UDP and also allows us to sniff for passwords if you can grab any of those
and then he does a lot more things.
So we're gonna do this lab in the cyber lab environment. But you're welcome to download wire shark on your own environment and use that as well. Now we're not gonna cover setting up your own lab in this particular video, but it's pretty easy if used to a few YouTube video searches, you should be all set.
for our lab here we go ahead and lock into the cyber relapse. So if you're not familiar with logging in there, just log into your cyber account and they'll be a little search box here just typing certified ethical hacker
and then just press the enter key that's gonna pull up all the available information. So we see that we have our labs here. We're gonna I'm gonna go ahead and, uh,
we don't really click on start now. Now, I've already actually open him up here. So once you click on start now,
it's gonna take you to this page right here
where you have a launch. But go ahead and click on that and that's gonna take you to this page where I'm out here now, we're not actually doing thes ethical hacker labs, so we're gonna back out of this. We're gonna click on this back to practice labs option. We're actually gonna click on this one right here. This ethical hacker lab here.
So once we click on that, we're going to see a sniffers option here. That's what we're gonna click on. We're gonna click on this differs one and they just click on the start button there.
That's gonna give us the machines that we need for this lab. So go ahead and just power up all those machines. If they're not already on,
we'll go back to our lab document here. So
we've come into the sniffers lap under the General Ethical Hacker Lab. So again, it's a different lab environment than we're used to with our previous videos. But it does contain the information we need Is far is completing this lab.
So we've done step number three. We turned on our virtual machines. Now we're gonna select P Lab win 701 So this top one here now, I already have it selected here.
Our next step is to open an Internet Explorer and it's gonna take us to the Internet page. So let's go ahead and do that scroll down here and just click on Internet Explorer.
You notice the Texas to the Internet page.
Now we want to go to tools and then hacking tools. So let's go ahead and do that. So tools go and click on that and then just scroll down until you see hacking tools. Then just click on that.
All right? Just gonna steal a lot of different files here. Let's click back on our lab document to see which one we want to get.
So we see that we want to get in Step seven. Wire Shark Dash, win 32-1 point 12.3 dot e x c.
So we're just gonna scroll down to wire shark,
you know, window here and we see it right there. That wire shark dash win 32-1 point 12.3 point E x c. So go ahead and click on that.
And down at the bottom is gonna ask you what you want to do. Just go and say Run.
All right, So what's that's gonna do that's gonna launch the wire shark installation wizard and step nine there.
So then we're gonna click next, and we're gonna agree to the license agreement, and then basically, we're gonna be clicking next, all the way through this letter, this install.
So let's go ahead and get started. We're gonna click next we get a license agreement. We're going to say I agree to that.
We're gonna leave this as a default here to say next.
At this next green, I actually want to create a desktop icon shortcut. So I'm gonna click the checkbox right there. You're welcome to go without it. Either way is fine.
And then just click on the next button.
Next again,
we're gonna install Wimpy Cap 4.1 point three. So go ahead and click. Install there and it's gonna start installing Wimpy Cap.
And then it's also gonna stop wire shark for us as well.
So it's going to take a moment of soda on package everything. So now we've got the wimpy cap set up Wizard. We're just going to say next there, same thing here. We agreed to the license agreement
and then just say installed.
Okay, He's gonna open that as well. And now we're gonna click this finish button here,
and that's gonna start installing wire shirts. So let's go back to our lab document here. So we launched the Wizard. We went through and click next and agreed to all the license shirt.
We checked the box to the do the desktop shortcut here.
We left all the other defaults alone. We just couldn't get basically, continue cooking next. An insult
then we came to that installed. When pea cap page, we select the install button, we said next
we agreed to the license agreement.
And then again, same thing that we have left all the defaults alone. We click next against all the way through and not weren't still like wire shark right now.
So this one says completely, we're just going to say next year,
and then we could either run it or show news. I'm gonna leave those blank there and just click on finish and that'll close wire shark installation wizard.
All right, so we just click the finish button. Now, I'm gonna go ahead and close Internet Explorer because we don't actually need it for the rest of this lab, so we'll go ahead and close that.
So just X out heads at the top, right here.
All right, let's go back to our lab document.
So now we see we have a wire shark shortcut in her just out. So we're gonna go ahead and double click on that wire shark icon,
and then it's gonna open it up for us.
Now, we might see a pop up, and we're more than likely we'll see a pop up. The state's a new versions available. We're gonna select the skip options. So skip the version option. So let's go and take a look at that. So we're gonna first, we're gonna double click underwire shark icon,
take a second or so, but it's gonna open it up for us. And you see this right here is our little papa box. I was mentioning. So we're gonna click to skip this version option.
And now we're at the wires wire Shark application screen.
So let's go back to our lab document here.
So our next appears we're gonna select capture, and then interface is at the top here. So we're gonna click on capture and then interfaces.
Okay, so let's go back to the lab document here.
So we've
done that and we've now we've got to capture interfaces, Papa box and then step 26 right here. We're gonna check the box to the left of the local area connection and then click on start.
And what that's gonna do is start analyzing packets for us. So we're gonna check this box to the left
of the local area connection and then just click on the start button
you'll start seeing here that is gonna start capturing packets for us.
So I'm gonna go ahead and make that a little larger here for us to see.
Yeah, I'm gonna shrink this down just a little bit to expand out our window there so we could see all those packets committed. All right. Good deal.
So let's go back to our lab document here.
So we've started after we selected a check box and left a local area connection. Now step 27. We do said that there's a bunch of packets getting analysed by wire shark.
So we've got quite a few in here, so we're gonna go ahead and click to stop it now. And that's that small little red square appear the top.
So let's go ahead and do that. Now we're just gonna click on this. Stop Lin. That's gonna stop the capture. You see, we still got a lot of information in here.
So our next step here, we want to select the edit button and then find packet.
Okay, So let's go and do that. So edit button and then find packet
so it gives us a pop a box here Let's go back to our lab documents. So we did edit Find packet.
Now we have the fine packet. Papa box. There it is.
And now we're gonna click on the filter option. So what you're gonna see is this Something is another window and gives us several different filters we could use to truncate the package. The packets to be able to see the information we're actually looking for
so we can choose different options here. I'm just gonna kind of click around in random ones and see what kind of sorting we can get going on there.
Now, Some of these may or may not be applicable and allow us to do it. So all this click on this one, for example, The I P. Address 1 91 6801 and I'll click. Okay. And then I'll try to click find. So you see here it does sort and again, some of them, when I was testing earlier, did not
allow you to filter with them. So just keep that in mind, just kind of play around with it and check out the different filter. So,
we filtered here by 1 92 16810.1 which is a I p address. So we're able to see all the packets, essentially, with that I p address and what types of issues we might see in those.
So I'm gonna leave that alone there. Let's move on to the next step in our lab. So we've used to filter option. We noticed that we had a lot of different options once we clicked on filter to choose how we wanted to sort out our packets,
and then we just selected okay, when we choose one or two or just, you know, maybe 22 or three total different want to see what they look like when they are applied.
So now we're gonna go ahead and save the capture into a log file Before we do that. I just want to talk about what we're capturing here. So this is kind of a generalized thing. So it's showing us to sequence. Number of the packets were going basically from one all the way to 200 some and probably up to 500. Looking at how far this,
uh, scroll bar is going,
it's God's gonna show us the time capture it's gonna show us the i p address. So the source i p address, where the packets coming from and then the destination where it's being sent to the protocol that's in place. So how's the packing coming to us?
Of course. The length and then a little more information about the packets. Whether it's, you know, it's something related d A GP and show us also like Acknowledgments as well, that sort of stuff.
So in this video, we're really touching a very high level wire shark. I want to stress that we're not diving into filters or anything that, like that, really at at a really low level. We're just hitting everything at a high level to show you the tool and show you how it works. So
all that being said, we're gonna move on to step 34 where we actually saved the capture into a log file. So pretty simple here. We're just gonna go to file and then say that. So let's do that now. So file and say that it's kind of like if you're saving a Microsoft Word document or something like that. So
now we gotta hear
we're gonna name the file P. L A b. And then we're gonna select the desktop over here to save it on the desktop. So let's go ahead and do that now. So we're gonna name her file for so P l A b
and then just like the desktop here, and then just click on the save button again. That's just gonna save this capture to our desktop screen for us.
So now, from close wire shark out, we're gonna see that new file on the desktop.
So let's go ahead and do that.
And actually, before we do that, let's answer these questions cause that'll be a lot easier on you
if you could just answer him with the screen capture in place. So
question number one do we see TCP traffic captured it all. So, yes, when we glassed at this, we see several different TCP packets. We could also searched by protocol,
and we'll be able to see all the TCP ones here. So, on our document,
you would just say yes here and then just choose maybe one or two different source and destination I p addresses. You don't have to put all these here when you do see that several of them are the same. So we might just put, you know, 10 44 24 60 and then 100 to 16802 And you see the restaurant communicating back and forth here
so we would just be able to job, like, basically two examples down there, and we'd be all set.
So question number two do we see any other protocols and use besides TCP? What? We just sorted by TCP and you'll see here. We also have art going on D A, T, p S and B two. If we kept scrolling on this, we might find some other protocols and uses well, like browser T p. K.
It looks like that's the only other one we have there.
All right, so yes, Question number two, we do see other protocols and use besides th e p. And so you were just jot down a couple of those men I would just shot down like R and D A t p. Or whatever the case might be.
So now we're gonna go back Thio Step 37 here and just basically go check to see if the files on her desktop now. So again we save the file as P L A. B s, a b to the desktop, and that was our screen capture of wire shark. So let's go ahead and close wire truck now
and then you see right here we do have the P lab documents, so let's go ahead and just double click it. Open it up, see what's in it. You see, it is our our screen capture there. So we see we have our information we need and we could scroll through and take a look at this if we needed to.
So in this video, we want over a tool called wire shark. We just basically did live in a packet, sending and capturing. And then we did, ah, screen capture of what we were looking at. We talked about the different areas that provide information so that, for example, the sequence number of the source i p. Destination on p address the protocol and used
and we also went over kind of filtering
and how to sort by a particular thing like, for example, how to sort by the protocol
and the next labyrinth over Mac spoofing. So Mac spoofing is something we want to do as a penetration tester because we don't want the anyone to traces back to either R I p or the Mac address of our machine we're using for the actual hacking.
Up Next
Penetration Testing and Ethical Hacking

If the idea of hacking as a career excites you, you will benefit greatly from completing this training here on Cybrary. You will learn how to exploit networks in the manner of an attacker, in order to find out how protect the system from them. Those interested in earning their Certified Ethical Hacker (CEH) will want to start by taking this course

Instructed By