Skip to main content

Fun With Wireshark: Packet Analysis and Ethical Hacking Part 1




This is David Bombal's course on Udemy. Screenshots will be scarcer because, hey, you didn't pay for this. I did. This covers the first 4 sections (Sans the OSI model):

  • Introduction
  • Setting Up
  • Using Filters


Setting Up: 




Setting up Wireshark, and the Npcap setup has an option for "Support raw 802.11 traffic( and monitor mode) for wireless adapters".

It seems like something I'd want to pick, but I will wait and follow the instructions...for now. I could click it, I already set a restore point.

My first thought was untagged VLAN traffic. I don't know enough about WS here to know what it may interfere with.

We now hav Npcap loopback adapter.

Be mindful of where we're telling WS to capture from; check your interfaces.

("Why can't I see http traffic?" ->
https://osqa-ask.wireshark.org/questions/37704/wireshark-not-showing-http-protocols)

"You're probably capturing on a protected network; the 802.11 header isn't encrypted, so Wireshark is able to dissect the encrypted traffic as 802.11 traffic, but the payload is encrypted, so Wireshark can't even dissect it as IP traffic, much less TCP or HTTP, so it shows up as "802.11"."


Ethernet frames are L2.



Those represent the levels of the OSI model from top to bottom - Physical, Data Link, Network, Transport. The last one combines Application, Presentation, and Session. You can open it and see the OS, browser used.

When the source is a server serving a webpage, you can click it and see the page in question the client received (provided it's in cleartext). Very cool.

But what if you're not capturing packets?


Remember; Double check what interface is capturing traffic; Span or Mirror a port on the switch.

Span? Mirror?


ON a Cisco switch:
config t
monitor session 1 source int [interface]
monitor session 1 destination int [int with  monitoring station]




Filters:


When you are using filters, sometimes the bar may turn red. Keep going, it will turn green when you're finished.







These are display filters.

Silly thing; Make sure to hit enter when you've filled out the filter.

Two filtering language

- Capture packets
- Display packets

Primitives: Filtering on a house IP add or name.

Putting in the protocol gives a different output than putting in the display filter (tcp.port == 23)





(Right click a packet and go to Follow > TCP Stream. This doesn't work with every packet)
Labels:

Comments

Post a Comment

Popular posts from this blog

Making KPI Dashboards with PowerBI

 While this is the free tier, I cannot share or collaborate with others, nor can I publish content to other people's workspaces, but they will not stop me from screenshooting and recording these self-taught adventures,so! I'm doing this because I idly searched "Mattel careers" and "Information Technology", and seeing a bulletpoint saying the following: Analytical and reporting skills such as creating dashboards and establishing KPIs such as experience with PowerBI, Cognos, Tableau, and Google Data Lake/AWS is preferred And thought "Well, I've used Tableau, and I've heard about PowerBI,  even if its in-demandness is questionable , so how similar is it? And can I write about it?"  First, PowerBI (PIB) does have a downloadable, local version, but apparently Windows-only. I could download the .exe but I couldn't run it / drag it to applications on my MacBook.  Not a problem, we'll use the online SaaS version, and a dataset found here, ...
Post a Comment
Read more

A 2-week Trial of T-Mobile Home Internet

     The Xfinity app showed usage of the past 3 months: We used less than 40% each month, for about $80 USD a month.   No thanks! That cuts into the movie budget! Before we save some money (about $15/mo), let's test how T-Mobile Internet unlimited data works for 2 weeks.    There are 15 devices for this test; Smart TVs: 4 Laptops: 4 Printer: 1 Smart Home Speakers: 3 Game Consoles: 1 Phones: 1 (There are other phones in the home but they stick with data) Other: 1 Total : 15  I made tables for 3 entries a day across 3 days to test the Xfinity service we have. Here's one;   Xfinity is pretty speedy - Download times are between 227 - 236 Mbps, Latency between 24.5 - 25.5, Jitter between 5 - 6.68, and 0 packet loss.  Let's quickly define the terms in the table;    Date/Time - The date and time of the data gathered. Download (Mpbs) - How fast your network gets data. Upload (Mbps) - How fast your network uploads data. Latency ...
Post a Comment
Read more

Recon and SSID - Mapping With VisiWave Site Survey

My laptop is refurbished. I've written about how there are a few ... quirks. Being a technology professional, I felt okay with adopting an older machine, knowing I had the skill to fix moderate issues. From dying drivers to monitor massacres, I've ID'd, solved, and documented a lot of issues.  The newest one was my Wi-Fi adapter dropping the connection to a specific extender. While troubleshooting, I was curious about doing recon of WiFi networks and broadcasting devices anyway. That issue? A power setting. It was so determined to save power, it would disconnect. The extender is also flirting with the older end of 6 years old.  The battery needs to be replaced, but that's new to me. As a Windows laptop, there are a plethora of options to pick. How do you decide which one is safest?  I am suddenly concerned about this despite having 3 unofficial, 15$ Macbook Air chargers from eBay, and no explosions. But let's move onto the Site Survey - Where can I find the stronges...
Post a Comment
Read more