Solved

WireShark and packet capture unsecure sites on network

Posted on 2016-10-19
4
122 Views
Last Modified: 2016-10-21
Is it possible to use the tool wireshark to capture packets and unencrypted credentials on a local network? Would like to see if this is can be done as part of a pen test against local network web servers not using ssl security.
0
Comment
Question by:GR JN
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 5

Accepted Solution

by:
Austin Texas earned 250 total points
ID: 41851253
Yes and no. You have two obstacles to overcome:
1. Your network card needs to be in promiscuous mode. Not all cards will work. Google WinPCap drivers.
2. Your card has to be presented with the network traffic. This was easy when most LAN were networked together with Hubs. In today's world, most LANs are switched networks meaning only the addressed devices get the packets presented to them. There are a couple ways around this though:
 a. Some upper end switches can be programmed to send a copy of all traffic to a specific port (for this specific purpose).
 b. Google ARP Poisoning attacks.
1
 
LVL 15

Assisted Solution

by:Giovanni Heward
Giovanni Heward earned 250 total points
ID: 41851256
Regarding 2(a) above, you'll want to look for "mirror" or "span" port capability.  For Internet bound traffic, you could also use a tap at your firewall.

AppLC_SlimTap.png
That being said, if gaining access to the web server(s) themselves is in scope, tcpdump may already be installed on them (linux servers), or if windows servers you can capture packets natively using netsh.  Additionally, if you gain access to the web server(s) using meterpreter, there are packet capture modules available as well.  Just make sure it's within your rules of engagement to install your own tools should you take that route.
1
 
LVL 30

Expert Comment

by:pgm554
ID: 41851279
Most newer switches have a spanning or mirroring capability these days.
Netgear smart switches (even the cheapies) have that capability.

https://www.amazon.com/NETGEAR-ProSafe-5-Port-Gigabit-Unmanaged/dp/B002YK8WMC?th=1/

As for capturing credentials ,not real sure about Wireshark,but I know Wildpackets can capture passwords.
It's a pretty easy filter to apply.
0
 
LVL 5

Expert Comment

by:Austin Texas
ID: 41854248
Thanks Gr!  Good luck with your pen testing. If you want to experiment with sniffing wireless traffic, let me know.
0

Featured Post

Easy, flexible multimedia distribution & control

Coming soon!  Ideal for large-scale A/V applications, ATEN's VM3200 Modular Matrix Switch is an all-in-one solution that simplifies video wall integration. Easily customize display layouts to see what you want, how you want it in 4k.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question