Friday, July 19, 2013

Sniffing to see who done it.. on the network

So, is it a big deal if someone hops on your wireless network? Yes, kind of. It is more of a security risk for someone to be on your wireless network than to plug into a port on your switch. One of the reason is because the wireless access point, like hubs, acts as a single collision domain. Each computer connected to the wireless will be broadcasting all transmissions to one another and using CSMA/CD to control the traffic. Switches are smart enough to only broadcast traffic associated with the MAC so you will have a as many collision domains as you do ports.

With all that being said, those connected to your wireless network can see all the information you send and receive (unless layer 2 isolation is configured on the AP).

Since we installed Backtrack last time we will use it again. It comes pre-loaded with Wireshark so open it up


Configure the wireless networking interface you plan on using to capture the packets and click start.


It should start recording all the information, which is a lot of data so we will need to filter out only the information we need, log in and passwords. Click Expression and scroll down to find what you need. This example I will use HTTP filtering and type in the value "username" to find any information where a username is transferred over clear text


If you want to gather information on a website you can type in the URL, if you know the IP of the workstation you can filter out by IP as well

Once I applied my filter results came up with a HTTP form log in for web mail access that did not use SSL. Expanding the results below displayed the username and password used on the webpage.


If the page was encrypted the user name would have probably been hashed.

No comments:

Post a Comment