# 2. Perform Network Sniffing using Various Sniffing Tools

## 1. Perform Password Sniffing using Wireshark

**Important filters**

```
http.request.method==POST
```

To find a packet, click on edit and select find packet.

<figure><img src="/files/1FGLznL3JyYswQ4sP5m2" alt=""><figcaption></figcaption></figure>

<figure><img src="/files/zA0kV6QVAFtWx06Ocqk3" alt=""><figcaption></figcaption></figure>

<figure><img src="/files/Fu5xTVKB9khXMJDzhH1Z" alt=""><figcaption></figcaption></figure>

Expand the **HTML Form URL Encoded: application/x-www-form-urlencoded** node from the packet details section, and view the captured username and password, as shown in the screenshot.

<figure><img src="/files/LyO8bV76C1LMQepO4iBq" alt=""><figcaption></figcaption></figure>

{% embed url="<https://youtu.be/2T4KHc21ugM>" %}
Sniffing Passwords
{% endembed %}

### Remote Packet Capture

1. In the **Desktop** window, click windows **Search** icon and search for **Control Panel** in the search bar and launch it.
2. The **Control Panel** window appears; navigate to **System and Security --> Windows Tools**. In the **Windows Tools** control panel, double-click **Services**.

   ![](https://labondemand.blob.core.windows.net/content/lab168801/screens/sjvpuumm.jpg)
3. The **Services** window appears. Choose **Remote Packet Capture Protocol v.0 (experimental)**, right-click the service, and click **Start**.

   ![](https://labondemand.blob.core.windows.net/content/lab168801/screens/n1kcwi2i.jpg)
4. The **Status** of the **Remote Packet Capture Protocol v.0 (experimental)** service will change to **Running**, as shown in the screenshot.

   ![](https://labondemand.blob.core.windows.net/content/lab168801/screens/2ytva0sl.jpg)
5. Close all open windows on the **Windows 11** machine and close **Remote Desktop Connection**.

   > If a **Remote Desktop Connection** pop-up appears, click **OK**.
6. Now, in **Windows Server 2019**, launch **Wireshark** and click on **Capture options** icon from the toolbar.

   ![](https://labondemand.blob.core.windows.net/content/lab168801/instructions255478/23ddd.jpg)
7. The **Wireshark**. **Capture Options** window appears; click the **Manage Interfaces…** button.

   ![](https://labondemand.blob.core.windows.net/content/lab168801/screens/kjvquqqb.jpg)
8. The **Manage Interfaces** window appears; click the **Remote Interfaces** tab, and then the **Add a remote host and its interface** icon (**+**).

   ![](https://labondemand.blob.core.windows.net/content/lab168801/instructions255478/12121.jpg)
9. The **Remote Interface** window appears. In the **Host** text field, enter the IP address of the target machine (here, **10.10.1.11**); and in the **Port** field, enter the port number as **2002**.
10. Under the **Authentication** section, select the **Password authentication** radio button and enter the target machine’s user credentials (here, **Jason** and **qwerty**); click **OK**.

    > The IP address and user credentials may differ when you perform this task.

    ![](https://labondemand.blob.core.windows.net/content/lab168801/screens/mzvx5r5n.jpg)
11. A new remote interface is added to the **Manage Interfaces** window; click **OK**.

    ![](https://labondemand.blob.core.windows.net/content/lab168801/screens/k1dzy1th.jpg)
12. The newly added remote interface appears in the **Wireshark**. **Capture Options** window; click **Start**.

    ![](https://labondemand.blob.core.windows.net/content/lab168801/screens/lknirpth.jpg)
13. Click Windows 11 to switch to the **Windows 11** machine, and login using **Jason/qwerty**. Here, you are signing in as the victim.
14. Acting as the target, open any web browser go to **<http://www.goodshopping.com>** (here, we are using **Mozilla Firefox**).

    > Although we are only browsing the Internet here, you could also log in to your account and sniff the credentials.

    ![](https://labondemand.blob.core.windows.net/content/lab168801/screens/u5sl1fio.jpg)
15. Click Windows Server 2019 to switch back to the **Windows Server 2019** machine. **Wireshark** starts capturing packets as soon as the user (here, you) begins browsing the Internet, the shown in the screenshot.

    ![](https://labondemand.blob.core.windows.net/content/lab168801/screens/aidg42tr.jpg)
16. After a while, click the **Stop capturing packet** icon on the toolbar to stop live packet capture.
17. This way, you can use Wireshark to capture traffic on a remote interface.

    > In real-time, when attackers gain the credentials of a victim’s machine, they attempt to capture its remote interface and monitor the traffic its user browses to reveal confidential user information.<br>

## <mark style="color:red;">2. Analyze Network using Omnipeek Network Protocol analyzer</mark>

**Paid tool**

{% embed url="<https://www.liveaction.com/products/omnipeek-network-protocol-analyzer/>" %}

## <mark style="color:red;">3. Analyze network using SteelCentral packet analyzer</mark>

**Paid tool**

{% embed url="<https://support.riverbed.com/content/support/software/steelcentral-npm/packet-analyzer.html>" %}

{% embed url="<https://www.udemy.com/course/ethical-hacker-practical/?referralCode=289CF01CF51246BCAD6C>" %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://ceh-practical.cavementech.com/module-8.-sniffing/2.-perform-network-sniffing-using-various-sniffing-tools.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.