Wireshark Demo

Hey, everyone, welcome back to the course. So in this video, we're gonna go over a brief demonstration of a tool called wire shark. Now, wire shark is a tool that you might use as a network administrator. You might use it also in the stock analyst Instant responder realm, even as a sys admin and also has a pen tester. So it's a very versatile tool. We're gonna go ahead and launch the buoy version here using pseudo wire shark from our terminal window. We'll get a little air message. We're just gonna say, OK, two that we know what that air messages and it's expected in this particular lab. So first things first, we're gonna go ahead and set our capture options we're just gonna go to capture and then options at the top here, we're going to specify are E T H zero or Ethernet zero interface, and then we're just gonna uncheck these boxes at the bottom right here, and then we're gonna go ahead and select, start to start our capture of packets.

‍

Now, we actually need to generate traffic to do so. So we're gonna just gonna use the Ping command here against our i p address soaping 10 0.10 12. Now, that's going to generate some ICMP traffic for us and we'll be able to capture that using wire shark. And I'm just gonna expand this house so we can actually see the packets as they're captured. Alright, so let's go back to our terminal window here. We're also gonna We got the ping traffic ICMP traffic coming through. We're gonna go ahead and generate some http traffic as well. We're gonna just to control see here to cancel out that ping and we'll go ahead and do our w get command with that same i p address a 10.0 dot 10 12. Now, that's just gonna generate some http traffic for us and you'll see it on the back part of the screen there. Right next. We're just gonna launch a web browser and we're just gonna navigate to that same i p address at 10.0 dot 10 12 and it's gonna pull up a simple web page for us.

‍

We're not worried about that. We simply just wanted toe. See the traffic coming through in wire shark from using this command, and you could see here. The http traffic coming through from that browser search we just did with the i P address. So now we're just gonna use a tool called Net Cat at the terminal. So? Well, do N c that same I p address we used before and then pour 444 And then we're just gonna enter in some random information here, for example, enter in pretending we're entering our user name and password. So admin and password, and what it should do is wire. Shark's gonna capture that information in from the packet. I will be able to see it since it's not encrypted and you'll be able to see here the admin right there.

‍

It's been captured in that packet and same thing. If we go look at that other packet that came through, you notice the push command there in the pack of the psh to push. So we see password there as well. So basically the admin and password that we entered in us our credentials, that information was captured by wire shark. And so if we were a attacker, we could see that information and get your log in credentials next. Well, to stop the traffic capture, and we're gonna go ahead and open an existing capture file that we have on this particular system. So let's go to file open. It's gonna ask us if we want to save. We're just gonna continue without saving. We'll navigate to the desktop and then our folder, which is captures where the captured file is, and so to pull that capture for us.

‍

The next thing we want to do is what we want to navigate to a specific packet that we know. Now this is in this particular lab. We're gonna go to go and then go to pack it, and we're gonna choose packet number 22 86. So you notice here in that packet number, it shows us a password. So we see that the password here is my secure pass. So if you wanna learn a little bit more about this particular packing like what's going on, we can click on the follow TCP stream option, and you notice in here we see that the user names student and the password is my secure passed. Now, the reason we're seeing this is that it looks like they're using pop three here and pop three by default is does not have encryption enabled. What that means is that an attacker can see any credentials that you're entering in or sending through this.

‍

So, for example, we see here student was captured as well as the password of my secure pass. And if we enabled encryption with pop three So like TLS, for example, we could protect our log in credentials. So in this video, we just took a brief look at wire shark. We looked at some packet captures, and we also went ahead and ran a few commands just to generate that traffic again, keeping in mind here that if the traffic is not encrypted, there is a potential that an adversary can get your log in information.