The same steps above will apply to standard HTTP traffic for websites and device administration, meaning that the warnings that you have always been told about are indeed valid: always seek out an HTTPS address before trusting your credentials to the network.Īnalyzing a packet capture file PCAP is a matter of thinking about the problem logically, reasoning what information you are looking for, and then constructing search filters to suit your requirements. The same applies to any other connection that you are using to connect to any service, whether it be on your LAN, over the LAN, or across the WAN. It is best practice to use methods that encrypt traffic between you and the appliance that you are administering whenever possible. This is a pretty good example of what you can find when passwords are being transmitted in plain text, which is why Telnet is no longer as popular as it used to be. We can see the password as “ aPPTEXT” circled below. We right click on the entry, and then go to “Follow -> TCP Stream” See the part that says “ User Access Verification Password:”? That’s the plain text from the login prompt in our earlier step that we saw in Telnet. If we start looking through these packets we come across something very interesting in unencrypted, plain text. We can see a lot of Telnet data, but it doesn’t seem to tell us much. Now we need to look at Wireshark and see what we’ve managed to capture. Let’s log in and get to the prompt by entering our password: Your Telnet session then opens like this. In this instance, we know that the IP address of the Cisco is 192.168.30.1, so we enter it into Putty like so: This won’t be a problem, as we will apply a filter to our results and highlight only the results that we’re after. Because Wireshark is monitoring all traffic over Ethernet, it will detect all traffic on the connection and save it into the PCAP that we will be analyzing. Next, let’s fire up Putty, as it will let us connect to our Cisco 1751 router via Telnet over the local network. In our case this will be Ethernet, as we’re currently plugged into the network via an Ethernet cab. The very first step for us is to open Wireshark and tell it which interface to start monitoring. By using Wireshark, we will see what data we can find on the network relating to any network communications. Let’s look at an example using Telnet to log onto a Cisco Switch. Inspecting the contents of data packets.Isolating and identifying source and destination traffic.We can then open the capture results and see how we would go about capturing such information, as well as where we can find it in our results. Our example will show you how to reveal a plain-text password being transmitted over your network via Telnet, which will be intercepted by Wireshark. This is not an exhaustive or all-encompassing tutorial, but hopefully will help to shed light on the steps that most people might take when trying to pinpoint details about a particular application or packet stream on the network. What follows is a basic walkthrough of some of the steps you might follow when undertaking a preliminary investigation of a specific target on your network, and how it might benefit you depending on the objective in mind. It is a freeware tool that, once mastered, can provide valuable insight into your environment, allowing you to see what’s happening on your network. Wireshark is a very useful tool for information security professionals and is thought of by many as the de facto standard in network packet and protocol analysis.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |