PCAP Analysis Basics with Wireshark

Wireshark is a very useful tool for information security professionals and is thought of by many as the de facto standard in network packet and protocol analysis. It is a freeware tool that, once mastered, can provide valuable insight into your environment, allowing you to see what’s happening on your network.

What follows is a basic walkthrough of some of the steps you might follow when undertaking a preliminary investigation of a specific target on your network, and how it might benefit you depending on the objective in mind. This is not an exhaustive or all-encompassing tutorial, but hopefully will help to shed light on the steps that most people might take when trying to pinpoint details about a particular application or packet stream on the network.

Our example will show you how to reveal a plain-text password being transmitted over your network via Telnet, which will be intercepted by Wireshark. We can then open the capture results and see how we would go about capturing such information, as well as where we can find it in our results.

What is Wireshark Used For?

  1. Capturing data packets
  2. Identifying and analyzing protocols
  3. Isolating and identifying source and destination traffic
  4. Inspecting the contents of data packets

Wireshark in Action

Let’s look at an example using Telnet to log onto a Cisco Switch. By using Wireshark, we will see what data we can find on the network relating to any network communications.

The very first step for us is to open Wireshark and tell it which interface to start monitoring. In our case this will be Ethernet, as we’re currently plugged into the network via an Ethernet cab.

Next, let’s fire up Putty, as it will let us connect to our Cisco 1751 router via Telnet over the local network. Because Wireshark is (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Graeme Messina. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/P5NYOBlrzeE/