Dissection: Packet Sniffing

This lab will focus on the dissection of a network. We are tasked with using the program WireShark.exe which is a packet sniffing protocol analyzer which is used to track the network background processes. This is used by network administrators to get a snapshot of whats happening on the network behind the scenes.

Once WireShark is downloaded and executed you will need your ip address, for instance the ip address i had at the time is listed below. The ip can be found with Command prompt and the prompt “ipconfig”

the ip address i used with wireshark

You will need to go to the “apply a display filter” in WireShark and type in ip.addr == but you would need to type in your ip address not this computers ip. Then hit the arrow at the end of the box and it will execute.

Now that the filter is applied WireShark should only display the protocols that apply to your ip address. Ready up a website to link to, before hitting the capture button(shark fin in top left corner) on WireShark. We will be using Bill Genereux’s website.

techIntersect is Bill Genereux’s website the one we used for this example

Almost as fast as possible youll need to hit Capture on WireShark and go to the website and once there hit the red stop button on WireShark. This will now display all the protocols sources, destinations, etc. all that applied to your network in that little amount of time. Then just examine some of the information displayed.

FTP web server

A Server is set up with the Prompt “hack me” when using a combination of the programs wireShark, win-scp, and an internet browser you are able to see a password being enter through FTP in plain text even if it doesnt show the exact password being typed in the ftp program.

the ftp username in password
WireShark showing actual password in plain text.

with this information you are able to manipulate the html.doc on this webserver and i was able to put in the text “kilroy was here” and everyone in the class was able to view it.