Solved

WireShark and packet capture unsecure sites on network

Posted on 2016-10-19
4
55 Views
Last Modified: 2016-10-21
Is it possible to use the tool wireshark to capture packets and unencrypted credentials on a local network? Would like to see if this is can be done as part of a pen test against local network web servers not using ssl security.
0
Comment
Question by:GR JN
  • 2
4 Comments
 
LVL 5

Accepted Solution

by:
Austin Texas earned 250 total points
ID: 41851253
Yes and no. You have two obstacles to overcome:
1. Your network card needs to be in promiscuous mode. Not all cards will work. Google WinPCap drivers.
2. Your card has to be presented with the network traffic. This was easy when most LAN were networked together with Hubs. In today's world, most LANs are switched networks meaning only the addressed devices get the packets presented to them. There are a couple ways around this though:
 a. Some upper end switches can be programmed to send a copy of all traffic to a specific port (for this specific purpose).
 b. Google ARP Poisoning attacks.
1
 
LVL 14

Assisted Solution

by:Giovanni Heward
Giovanni Heward earned 250 total points
ID: 41851256
Regarding 2(a) above, you'll want to look for "mirror" or "span" port capability.  For Internet bound traffic, you could also use a tap at your firewall.

AppLC_SlimTap.png
That being said, if gaining access to the web server(s) themselves is in scope, tcpdump may already be installed on them (linux servers), or if windows servers you can capture packets natively using netsh.  Additionally, if you gain access to the web server(s) using meterpreter, there are packet capture modules available as well.  Just make sure it's within your rules of engagement to install your own tools should you take that route.
1
 
LVL 30

Expert Comment

by:pgm554
ID: 41851279
Most newer switches have a spanning or mirroring capability these days.
Netgear smart switches (even the cheapies) have that capability.

https://www.amazon.com/NETGEAR-ProSafe-5-Port-Gigabit-Unmanaged/dp/B002YK8WMC?th=1/

As for capturing credentials ,not real sure about Wireshark,but I know Wildpackets can capture passwords.
It's a pretty easy filter to apply.
0
 
LVL 5

Expert Comment

by:Austin Texas
ID: 41854248
Thanks Gr!  Good luck with your pen testing. If you want to experiment with sniffing wireless traffic, let me know.
0

Featured Post

Free camera licenses with purchase of My Cloud NAS

Milestone Arcus software is compatible with thousands of industry-leading cameras for added flexibility. Upon installation on your My Cloud NAS, you will receive two (2) camera licenses already enabled in the software. And for a limited time, get additional camera licenses FREE.

Join & Write a Comment

Some time ago I was asked to set up a web portal PC to put at our entrance. When customers arrive, they could see a webpage 'promoting' our company. So I tried to set up a windows 7 PC as a kiosk PC.......... I will spare you all the annoyances I…
Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now