02 Wireshark Demo скачать в хорошем качестве

02 Wireshark Demo

Alright, in our first demonstration today for sniffers, we're checking out Wireshark. Wireshark is a free network protocol analyzer. It is mainly used to analyze and troubleshoot network issues, but it can also be used in a malicious way. Interesting, right? Just snip the traffic on a given interface, so we will check out a few options here to configure it. And then we'll try to capture the traffic now. We'll start here by checking the interface list. Namely, if you have more than one interface, it will all appear in this pop up here and you have to select which specific interface you want to capture on. Alright, so we'll go ahead and do that. Now if you go to capture options, the most important option is the promiscuous mode. Now by default Wireshark is using promiscuous mode on all interfaces. What this allows you to do is to capture all the traffic on a given network through your interface. We have to do some RP poisoning before that. So in this chapter we will see how to perform a RP. And when we poison the network and use promiscuous mode to sniff on a given interface, we will be able to capture all the traffic directed from all the other computers on the network directed to our interface. So Wireshark is able to capture the traffic of all other computers on your network. If you are poisoning that network using art. Will keep promiscuous mode enabled and we will start to capture. Now remember, we always have to specify the interface that we want to capture on. So start capture at the end when you want to stop the capture, you can save all this information or all the packets to a file and then analyze that later on. Typically we will see all the communication that's happening on that interface. So why don't we go ahead and try to? Website and navigate over to Google and will see somewhere here the HTTPS and the ARP messages are doesn't actually stop on windows so you will always see our messages on Windows computers and any other network device. ICMP V6 is still enabled here and SSDP protocol. Now as you can see, it's pretty clear we are capturing all the communication that's now happening on this interface. And the trick here is if you are running any unprotected protocol like FTP or TELNET or if you log in on HTTP session not HTTPS session, you will be able to see all the information in cleartext. So we will be able to capture. The username and password used to log into that session. Now remember, I'm only talking about unprotected protocols like Telnet, HTTP or FTP as examples like I mentioned. So when we use a protected protocol with encryption like HTTPS, SFTP or SSH instead of TELNET we will not be able to see the username and password. We will be able to see the session running on Wireshark. Using Wireshark, but again we will not be able to see much of the data. So now we know about how Wireshark works in a basic way. Will come back and continue with our poisoning in just a little bit. Often network protocols need to transport large chunks of data which are complete in themselves. For example, when transferring a file, the underlying protocol may not be able to handle that chunk size like a limitation of the network packet size or is stream based online. TCP which doesn't know data chunks at all and that this vedio is for educational purposes