WireShark and packet capture unsecure sites on network

Is it possible to use the tool wireshark to capture packets and unencrypted credentials on a local network? Would like to see if this is can be done as part of a pen test against local network web servers not using ssl security.
GR JNAsked:
Who is Participating?
 
Austin TexasSystems EngineerCommented:
Yes and no. You have two obstacles to overcome:
1. Your network card needs to be in promiscuous mode. Not all cards will work. Google WinPCap drivers.
2. Your card has to be presented with the network traffic. This was easy when most LAN were networked together with Hubs. In today's world, most LANs are switched networks meaning only the addressed devices get the packets presented to them. There are a couple ways around this though:
 a. Some upper end switches can be programmed to send a copy of all traffic to a specific port (for this specific purpose).
 b. Google ARP Poisoning attacks.
1
 
Giovanni HewardCommented:
Regarding 2(a) above, you'll want to look for "mirror" or "span" port capability.  For Internet bound traffic, you could also use a tap at your firewall.

AppLC_SlimTap.png
That being said, if gaining access to the web server(s) themselves is in scope, tcpdump may already be installed on them (linux servers), or if windows servers you can capture packets natively using netsh.  Additionally, if you gain access to the web server(s) using meterpreter, there are packet capture modules available as well.  Just make sure it's within your rules of engagement to install your own tools should you take that route.
1
 
pgm554Commented:
Most newer switches have a spanning or mirroring capability these days.
Netgear smart switches (even the cheapies) have that capability.

https://www.amazon.com/NETGEAR-ProSafe-5-Port-Gigabit-Unmanaged/dp/B002YK8WMC?th=1/

As for capturing credentials ,not real sure about Wireshark,but I know Wildpackets can capture passwords.
It's a pretty easy filter to apply.
0
 
Austin TexasSystems EngineerCommented:
Thanks Gr!  Good luck with your pen testing. If you want to experiment with sniffing wireless traffic, let me know.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.