Solved

WireShark and packet capture unsecure sites on network

Posted on 2016-10-19
4
146 Views
Last Modified: 2016-10-21
Is it possible to use the tool wireshark to capture packets and unencrypted credentials on a local network? Would like to see if this is can be done as part of a pen test against local network web servers not using ssl security.
0
Comment
Question by:GR JN
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 6

Accepted Solution

by:
Austin Texas earned 250 total points
ID: 41851253
Yes and no. You have two obstacles to overcome:
1. Your network card needs to be in promiscuous mode. Not all cards will work. Google WinPCap drivers.
2. Your card has to be presented with the network traffic. This was easy when most LAN were networked together with Hubs. In today's world, most LANs are switched networks meaning only the addressed devices get the packets presented to them. There are a couple ways around this though:
 a. Some upper end switches can be programmed to send a copy of all traffic to a specific port (for this specific purpose).
 b. Google ARP Poisoning attacks.
1
 
LVL 15

Assisted Solution

by:Giovanni Heward
Giovanni Heward earned 250 total points
ID: 41851256
Regarding 2(a) above, you'll want to look for "mirror" or "span" port capability.  For Internet bound traffic, you could also use a tap at your firewall.

AppLC_SlimTap.png
That being said, if gaining access to the web server(s) themselves is in scope, tcpdump may already be installed on them (linux servers), or if windows servers you can capture packets natively using netsh.  Additionally, if you gain access to the web server(s) using meterpreter, there are packet capture modules available as well.  Just make sure it's within your rules of engagement to install your own tools should you take that route.
1
 
LVL 30

Expert Comment

by:pgm554
ID: 41851279
Most newer switches have a spanning or mirroring capability these days.
Netgear smart switches (even the cheapies) have that capability.

https://www.amazon.com/NETGEAR-ProSafe-5-Port-Gigabit-Unmanaged/dp/B002YK8WMC?th=1/

As for capturing credentials ,not real sure about Wireshark,but I know Wildpackets can capture passwords.
It's a pretty easy filter to apply.
0
 
LVL 6

Expert Comment

by:Austin Texas
ID: 41854248
Thanks Gr!  Good luck with your pen testing. If you want to experiment with sniffing wireless traffic, let me know.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
This program is used to assist in finding and resolving common problems with wireless connections.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Suggested Courses

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question