# 2. Perform Network Sniffing using Various Sniffing Tools
## 1. Perform Password Sniffing using Wireshark
**Important filters**
```
http.request.method==POST
```
To find a packet, click on edit and select find packet.
Expand the **HTML Form URL Encoded: application/x-www-form-urlencoded** node from the packet details section, and view the captured username and password, as shown in the screenshot.
{% embed url="" %}
Sniffing Passwords
{% endembed %}
### Remote Packet Capture
1. In the **Desktop** window, click windows **Search** icon and search for **Control Panel** in the search bar and launch it.
2. The **Control Panel** window appears; navigate to **System and Security --> Windows Tools**. In the **Windows Tools** control panel, double-click **Services**.
3. The **Services** window appears. Choose **Remote Packet Capture Protocol v.0 (experimental)**, right-click the service, and click **Start**.
4. The **Status** of the **Remote Packet Capture Protocol v.0 (experimental)** service will change to **Running**, as shown in the screenshot.
5. Close all open windows on the **Windows 11** machine and close **Remote Desktop Connection**.
> If a **Remote Desktop Connection** pop-up appears, click **OK**.
6. Now, in **Windows Server 2019**, launch **Wireshark** and click on **Capture options** icon from the toolbar.
7. The **Wireshark**. **Capture Options** window appears; click the **Manage Interfaces…** button.
8. The **Manage Interfaces** window appears; click the **Remote Interfaces** tab, and then the **Add a remote host and its interface** icon (**+**).
9. The **Remote Interface** window appears. In the **Host** text field, enter the IP address of the target machine (here, **10.10.1.11**); and in the **Port** field, enter the port number as **2002**.
10. Under the **Authentication** section, select the **Password authentication** radio button and enter the target machine’s user credentials (here, **Jason** and **qwerty**); click **OK**.
> The IP address and user credentials may differ when you perform this task.
11. A new remote interface is added to the **Manage Interfaces** window; click **OK**.
12. The newly added remote interface appears in the **Wireshark**. **Capture Options** window; click **Start**.
13. Click Windows 11 to switch to the **Windows 11** machine, and login using **Jason/qwerty**. Here, you are signing in as the victim.
14. Acting as the target, open any web browser go to **** (here, we are using **Mozilla Firefox**).
> Although we are only browsing the Internet here, you could also log in to your account and sniff the credentials.
15. Click Windows Server 2019 to switch back to the **Windows Server 2019** machine. **Wireshark** starts capturing packets as soon as the user (here, you) begins browsing the Internet, the shown in the screenshot.
16. After a while, click the **Stop capturing packet** icon on the toolbar to stop live packet capture.
17. This way, you can use Wireshark to capture traffic on a remote interface.
> In real-time, when attackers gain the credentials of a victim’s machine, they attempt to capture its remote interface and monitor the traffic its user browses to reveal confidential user information.
## 2. Analyze Network using Omnipeek Network Protocol analyzer
**Paid tool**
{% embed url="" %}
## 3. Analyze network using SteelCentral packet analyzer
**Paid tool**
{% embed url="" %}
{% embed url="" %}
