Solved

WireShark and packet capture unsecure sites on network

Posted on 2016-10-19
4
104 Views
Last Modified: 2016-10-21
Is it possible to use the tool wireshark to capture packets and unencrypted credentials on a local network? Would like to see if this is can be done as part of a pen test against local network web servers not using ssl security.
0
Comment
Question by:GR JN
  • 2
4 Comments
 
LVL 5

Accepted Solution

by:
Austin Texas earned 250 total points
ID: 41851253
Yes and no. You have two obstacles to overcome:
1. Your network card needs to be in promiscuous mode. Not all cards will work. Google WinPCap drivers.
2. Your card has to be presented with the network traffic. This was easy when most LAN were networked together with Hubs. In today's world, most LANs are switched networks meaning only the addressed devices get the packets presented to them. There are a couple ways around this though:
 a. Some upper end switches can be programmed to send a copy of all traffic to a specific port (for this specific purpose).
 b. Google ARP Poisoning attacks.
1
 
LVL 15

Assisted Solution

by:Giovanni Heward
Giovanni Heward earned 250 total points
ID: 41851256
Regarding 2(a) above, you'll want to look for "mirror" or "span" port capability.  For Internet bound traffic, you could also use a tap at your firewall.

AppLC_SlimTap.png
That being said, if gaining access to the web server(s) themselves is in scope, tcpdump may already be installed on them (linux servers), or if windows servers you can capture packets natively using netsh.  Additionally, if you gain access to the web server(s) using meterpreter, there are packet capture modules available as well.  Just make sure it's within your rules of engagement to install your own tools should you take that route.
1
 
LVL 30

Expert Comment

by:pgm554
ID: 41851279
Most newer switches have a spanning or mirroring capability these days.
Netgear smart switches (even the cheapies) have that capability.

https://www.amazon.com/NETGEAR-ProSafe-5-Port-Gigabit-Unmanaged/dp/B002YK8WMC?th=1/

As for capturing credentials ,not real sure about Wireshark,but I know Wildpackets can capture passwords.
It's a pretty easy filter to apply.
0
 
LVL 5

Expert Comment

by:Austin Texas
ID: 41854248
Thanks Gr!  Good luck with your pen testing. If you want to experiment with sniffing wireless traffic, let me know.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question