All right. So we're gonna start Russia to Cold War. Sure,
you should be called a burial.
And hopefully that error is not a big problem. I recently moved from
1.0 point checks to 1.0 point nine and
never underestimate the ability to break something. When there's this many tools being configured in one place, probably that won't be a problem.
We want to capture traffic like he's just gonna do is first solution on the wire with wireless and
see what package it can see. I want to go to capture, appear at the top,
It is going to try and monitor all traffic where she don't want to do that.
I'm what we want to dio. We go back to interfaces
We want to make sure we have anonymous or anonymous for Miss us turned all
who use promiscuous my O'Donnell interfaces. We actually want to turn that off.
And the reason for that
we need to pretend that we're not in Veum, where basically of'em where they're all using this day of network interface port. So it'll actually able to see more than it would if it were a ton of different machines that we want to pretend like we have an actual network here.
We should only be able to see traffic
to and from our machine or to the broadcast
in our switch network, like
the printer is around here somewhere
doing broadcast. So if I, for instance, would say
I came 192.168 wonders of the six
should be able to see that.
So I see MP echo request see something called an AARP.
We'll talk about that
so we should see anything from the broadcast of the 255
at the end, as well as anything to or from our own machine, but in a switch network. And this is why we turned off the promiscuous
because in a switch network, we should not be able to see traffic to him from other machines that don't have anything to do with us,
but in our VM or network, because they're all using the actual same interface on the machine, we will be able to see him if we look in promiscuous mode. But again, we want to make it look like an actual networks, which meant that off.
All right, so it's just pinging forever. Similarly, we should stop that.
So also, for instance, brought you an FTP two
The X p machine. I know it has enormous on
The cool thing about FTP well, not pulled from a security perspective is that
it will allow us to actually see the traffic in plain text. So, for instance, I've had clients where I have done like reviews of their software and distancing sensitive data to and from server using FTP. So not only do I see their log in credentials that air like embedded in it,
you have to reverse engineer it to get those. But if I just listen
with wire shark, I can see those. So I don't have to reverse engineer it to get the credentials and just watch it. But also then the data being sent over is also in Plant Oaks. Unless they encrypt it before they send it,
I can just see it in plain text. It'll actually can grab it off the wire. I'm like
thes hex bites down here like dump them into
and actually recover it. So done that for a few customers. But in this case, I'm going to see
user name and password like since I just used anonymous. It's password Georgia a bulb security dot com
We can filter. Should we come up here to the filter you like a GP
on and apply a little shows only F C P stuff
kpp and and to say, And
You got 1 68 that wound up 76. So that will only show us FTP traffic that is destined her 1 91 sexy that won the 76
the only stuff we're sending
I peed a source equal equal 1 90 that want to say that six
that'll show us both sides.
went on to dote on 68
that 1 76 or prominent
will come to us, so there's lots of different filters you could do encourage you to.
I read the manual on that. There's a lot of different things you can do. What you can also do
is where you can see like the role data here
didn't, like, break it down like yours either. Not TCP
really breaks down the protocols. And also you can do
follow TCP streams of This is
the whole conversation, if you will. So you could do a fair amount with wire shark. But
And if we come over to,
that's a demand control.
Mayor. And I'll have a DU MIDI controller. Uh, don't require it, but I'll show a couple things with the domain controller.
You can set up the domain controller if you like.
So if I was on a bun, too, and I did ftp when I don't want to see it wound up from the six.
So then how about I give it like, a real passwords to reject and password? You don't know that yet,
but that's actually a legitimate username and password for that. But we'll see that during password cracking.
So it looks like there's something called credit cards Don't text in there.
So maybe I'm giving a few things away, but
mostly had to do it properly. But if I come over here,
I get a filter for FTC.
The last thing we saw was that anonymous and Georgia at both security dot com. We did not see that Georgia and password that just came through.
Since it was neither to or from our machine, we were not able to see it.
Of course, we'd like to be able to see it. That would probably be helpful to us that could have, in this case, been valid user name and password that we could use to log in impossibly get credit cards. Don't text out of there. So
definitely maybe something we'd like. So I wonder if there is something we can do
make that happen. So that is going to be our next goal.