Wireshark : A packets sniffer analyzer

March 28, 2008

When our computer was connected to the network, such as LAN. Then wireshark is an utility that enable you to see the packet that is running through the network. Wireshark just not let you see them but capture them.

Did you know, what does this means? what is the use of all those packets anyway?

well, I’d say it contain high value personal data. Like passwords, when somebody trying to log on to specific website, he/she sends data through the networks and to the modem adsl router and to the internet but when you use wireshark you can see the data when it pass your computer and decrypt it. If you are lucky then you didn’t have to decrypt the packets because some sites (e.g Friendster) don’t use encryption at all.

wireshark is available in all platform (windows, mac os and linux). And it’s easy to install. so I don’t think you would have problem during the installation and also wireshark has nice GUI .

well then, let’s get started right.

open your wireshark.

wire2.jpg

goto Capture->Options

a new window will pop up. click on the interface and it will bring a top down menu.

choose your network cards so that wireshark could function. In the picture below I use Nvidia as my network cards.

wire3.jpg

then click start button. And wireshark will start capturing packets through the network. When wireshark captures packets, the packets itself is so numerous that we need to use filter so that we only see the packet that contains specific data that we need to know. The data that we want to catch here is password. so go to filter and use this command to filter the packets data.

http.request.method==”POST”

and the packets will be capture just like the picture below.

wire4.jpg

you may be able to find password specific data by searching the packet that contain login in its packet. If you find those packets then click on line-based text data in wireshark and wireshark will show you the contents of those packets. You may be able to find some passwords though and I can guarantee you that.

there are other filter that you can use, namely :

http.request.method==”GET”   //to capture packets that people requests in the network
tcp  //to find packets that use tcp connection

you can also find other types of filter over the internet

Wireshark is the most popular tool in sniffing and has been used till today. There are other tools that you can use such as Cain & Abel, John the Ripper and etc. But for this I will explain in the next tutorial.

well then, happy sniffing everyone !!!

Posted by johnny64
Filed in Internet
Leave a Comment »