1 / 25

Wireshark

Wireshark. Daniel Compton, Auburn University. Overview. Wireshark Overview General Overview and Uses GUI Introduction Wireshark Exercise 1: Reading HTTP Traffic from PCAP file Wireshark Exercise 2: Extracting Images from PCAP file Defeating Wireshark Conclusion. Wireshark Overview.

duane
Download Presentation

Wireshark

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Wireshark Daniel Compton, Auburn University

  2. Overview • Wireshark Overview • General Overview and Uses • GUI Introduction • Wireshark Exercise 1: Reading HTTP Traffic from PCAP file • Wireshark Exercise 2: Extracting Images from PCAP file • Defeating Wireshark • Conclusion

  3. Wireshark Overview • Wireshark (originally Ethereal) is an open source packet analyzer • Packets can be captured and analyzed on a live network or saved in PCAP format for later analysis • Useful for network troubleshooting, software and communications protocol development, malware/digital forensics, and education • Also utilized for network snooping and information gathering

  4. Wireshark Overview: GUI

  5. Wireshark Overview: GUI • The capture interfaces panel displays the available network cards capable of capturing/analyzing packets on the network. • The IP, number of packets seen per second, and total number of packets seen on the interfaces are displayed in the far right columns.

  6. Wireshark Overview: GUI • The capture options panel allows for enabling promiscuous mode • Additionally, a PCAP output file can be selected in the Capture Files(s) section

  7. Wireshark Overview: GUI • Capture Filters allow for filtering of specific protocols in capture and search.

  8. Wireshark Overview: GUI • In the sample capture above, note the time of successive captures, along with the protocol and info columns.

  9. Wireshark Exercise 1: HTTP Traffic • A search on www.yahoo.com was performed, using the keywords “auburn information assurance group” • A PCAP file containing all internet traffic captured while the Yahoo search was performedis located on the Desktop

  10. Wireshark Exercise 1: HTTP Traffic • Open Wireshark, Click on File and Open

  11. Wireshark Exercise 1: HTTP Traffic • Click Desktop, click on file “ia_http_cap.pcapng” • Click Open

  12. Wireshark Exercise 1: HTTP Traffic • Type in “http” in Filter text field • Press Enter

  13. Wireshark Exercise 1: HTTP Traffic • Filtered results will include HTTP and HTTP-derived network activity, which narrows our search

  14. Wireshark Exercise 1: HTTP Traffic • To find the packet containing our Yahoo search • Hold down ‘control’+’f’, Choose String, type “information” • Click on Find

  15. Wireshark Exercise 1: HTTP Traffic • The packet containing our Yahoo search will be highlighted in the packet capture window

  16. Wireshark Exercise 2: JPEG Extraction • When images are transmitted via the HTTP protocol, they are spit up into packets, which form a HTTP stream. • Objects (e.g. JPEG Images) from this stream can be extracted via the Object Extraction Tool, located under “File”, “Export Objects”, “HTTP” • We begin by opening a PCAP file from the Desktop.

  17. Wireshark Exercise 2: JPEG Extraction • Open Wireshark, Click on File and Open

  18. Wireshark Exercise 2: JPEG Extraction • Click Desktop, click on file “ia_img_cap.pcapng” • Click Open

  19. Wireshark Exercise 2: JPEG Extraction • In order to extract images searched online,we use the HTTP Object Extractor • Click Open

  20. Wireshark Exercise 2: JPEG Extraction • Scroll through extracted objects to find Packet #533, which consists of an image/jpeg object

  21. Wireshark Exercise 2: JPEG Extraction • Select Desktop, type in desired file name, • Click on Save

  22. Wireshark Exercise 2: JPEG Extraction • From the Desktop, Double-click on the image file

  23. Defeating Wireshark • Wireshark provides anyone on your network with an easy way to snoop on network traffic • To help ensure data confidentiality, always utilize secure protocols, like HTTPS, such that your data is encrypted. • Never utilize unencrypted wifi without a VPN or similar service • Always, ensure physical security over your network. Ethernet cables can be tapped.

  24. Conclusion • Wireshark is a useful tool with a wide range of malicious and non-malicious uses. • Any unencrypted traffic sent on a given network can be sniffed. • Ensure that you utilize secure protocols and/or a VPN service when interacting on questionable networks!

  25. Questions?

More Related