search

2. Perform Network Sniffing using Various Sniffing Tools

An attacker can use sniffing tools such as Wireshark to sniff the traffic flowing between the client and the server.

hashtag
1. Perform Password Sniffing using Wireshark

Important filters

http.request.method==POST

To find a packet, click on edit and select find packet.

Expand the HTML Form URL Encoded: application/x-www-form-urlencoded node from the packet details section, and view the captured username and password, as shown in the screenshot.

Sniffing Passwords

hashtag
Remote Packet Capture

  1. In the Desktop window, click windows Search icon and search for Control Panel in the search bar and launch it.

  2. The Control Panel window appears; navigate to System and Security --> Windows Tools. In the Windows Tools control panel, double-click Services.

  3. The Services window appears. Choose Remote Packet Capture Protocol v.0 (experimental), right-click the service, and click Start.

  4. The Status of the Remote Packet Capture Protocol v.0 (experimental) service will change to Running, as shown in the screenshot.

  5. Close all open windows on the Windows 11 machine and close Remote Desktop Connection.

    If a Remote Desktop Connection pop-up appears, click OK.

  6. Now, in Windows Server 2019, launch Wireshark and click on Capture options icon from the toolbar.

  7. The Wireshark. Capture Options window appears; click the Manage Interfaces… button.

  8. The Manage Interfaces window appears; click the Remote Interfaces tab, and then the Add a remote host and its interface icon (+).

  9. The Remote Interface window appears. In the Host text field, enter the IP address of the target machine (here, 10.10.1.11); and in the Port field, enter the port number as 2002.

  10. Under the Authentication section, select the Password authentication radio button and enter the target machine’s user credentials (here, Jason and qwerty); click OK.

    The IP address and user credentials may differ when you perform this task.

  11. A new remote interface is added to the Manage Interfaces window; click OK.

  12. The newly added remote interface appears in the Wireshark. Capture Options window; click Start.

  13. Click Windows 11 to switch to the Windows 11 machine, and login using Jason/qwerty. Here, you are signing in as the victim.

  14. Acting as the target, open any web browser go to http://www.goodshopping.com (here, we are using Mozilla Firefox).

    Although we are only browsing the Internet here, you could also log in to your account and sniff the credentials.

  15. Click Windows Server 2019 to switch back to the Windows Server 2019 machine. Wireshark starts capturing packets as soon as the user (here, you) begins browsing the Internet, the shown in the screenshot.

  16. After a while, click the Stop capturing packet icon on the toolbar to stop live packet capture.

  17. This way, you can use Wireshark to capture traffic on a remote interface.

    In real-time, when attackers gain the credentials of a victim’s machine, they attempt to capture its remote interface and monitor the traffic its user browses to reveal confidential user information.

hashtag
2. Analyze Network using Omnipeek Network Protocol analyzer

Paid tool

LogoNetwork Protocol Analyzer | Omnipeek - LiveActionLiveActionchevron-right

hashtag
3. Analyze network using SteelCentral packet analyzer

Paid tool

LogoSteelCentral Packet Analyzersupport.riverbed.comchevron-right
LogoExam Prep & Training for CEH Practical (Unofficial Course)Udemychevron-right
Previous1. Perform Active SniffingNext3. Detect Network Sniffing

Last updated