CEH Practical Guide
  • Certified Ethical Hacker (CEH v12 and CEH V13) Practical Guide: Complete Study Resources & Tips
  • Module 2. Footprinting and Reconnaissance
    • 1. Footprinting through Search Engines
    • 2. Perform Footprinting Through Internet Research Services
    • 3. Footprinting through Social Networking sites
    • 4. Website Footprinting
    • 5. WHOIS Footprinting
    • 6. DNS Footprinting
    • 7. Network footprinting
    • 8. Email Footprinting
    • 9. Footprinting using footprinting tools
    • 10. Perform Footprinting using AI
  • Module 3. Scanning Networks
    • 1. Host Discovery
    • 2. Port and Service Discovery
    • 3. Perform OS Discovery
    • 4. Scan beyond Firewalls and IDS
    • 5. Network scanning using various tools
    • 6. Perform Network Scanning using AI
  • Module 4. Enumeration
    • 1. Netbios Enumeration (Port 137)
    • 2. SNMP Enumeration (Port 161,162)
    • 3. LDAP Enumeration (Port 389)
    • 4. NFS Enumeration
    • 5. DNS Enumeration
    • 6. SMTP Enumeration
    • 7. RPC, SMB and FTP Enumeration
    • 8. Enumeration using various tools
    • 9. Perform Enumeration using AI
  • Module 5. Vulnerability Assessment
    • 1. Perform Vulnerability Research with Vulnerability Scoring Systems and Databases
    • 2. Perform Vulnerability Assessment using Various Vulnerability Assessment Tools
    • 3. Perform Vulnerability Analysis using AI
  • Module 6. System Hacking
    • 1. Gain access to the system
    • 2. Privilege Escalation
    • 3. Maintain Remote Access and Hide Malicious Activities
    • 4. Clear Logs to hide the Evidence of Compromise
    • 5. Active Directory (AD) Attacks
  • Module 7. Malware Threats
    • 1. Gain access to systems with Trojans
    • 2. Infect the system using Virus
    • 3. Perform Static Malware Analysis
    • 4. Perform Dynamic Malware Analysis
  • Module 8. Sniffing
    • 1. Perform Active Sniffing
    • 2. Perform Network Sniffing using Various Sniffing Tools
    • 3. Detect Network Sniffing
  • Module 9. Social Engineering
    • 1. Perform Social Engineering using tools
    • 2. Detect a Phishing attack
    • 3. Audit Organization security for phishing attacks
    • 4. Social Engineering using AI
  • Module 10. Denial of Service
    • 1. Perform DOS and DDOS with various techniques
    • 2. Detect and Protect DOS and DDOS attacks
  • Module 11. Session Hijacking
    • 1. Perform Session Hijacking
    • 2. Detect Session Hijacking
  • Module 12. Evading IDS, antivirus and Honeypots
    • 1. Intrusion Detection using various tools
    • 2. Evade Firewall using Evasion Techniques
  • Module 13. Hacking Web Servers
    • 1. Footprint the Webserver
    • 2. Perform Webserver attacks
    • 3. Perform a Web Server Hacking using AI
  • Module 14. Hacking Web Applications
    • 1. Footprint the Web Infrastructure
    • 2. Perform Web applications Attacks
    • 3. Detect Web Vulnerabilities using using web application security tools
    • 4. Perform Web Application Hacking using AI
  • Module 15. SQL Injection
    • 1. Perform SQL Injection attacks
    • 2. Detect SQL Vulnerabilities using different tool
    • 3. Perform SQL Injection using AI
  • Module 16. Hacking Wireless Networks
    • 1. Footprint a wireless Network
    • 2. Perform Wireless Traffic Analysis
    • 3. Perform Wireless Attacks
  • Module 17. Hacking Mobile Platforms
    • 1. Hack Android Devices
    • 2. Secure Android Device
  • Module 18. IoT and OT Hacking
    • 1. Footprinting IoT and OT devices
    • 2. Capture and Analyze IoT traffic
    • 3. Perform IoT Attacks
  • Module 19. Cloud Computing
    • 1. Perform Reconnaissance on Azure
    • 2. S3 Bucket Enumeration
    • 3. Exploit S3 buckets
    • 4. Perform Privilege Escalation to Gain Higher Privileges
    • 5. Perform Vulnerability Assessment on Docker Images
  • Module 20. Cryptography
    • 1. Encrypt the Information using Various Cryptography Tools
    • 2. Create a self signed Certificate
    • 3. Perform Disk Encryption
    • 4. Cryptanalysis Using different tools
    • 5. Perform Cryptography using AI
  • Tips for exams
  • Additional Resources
Powered by GitBook
On this page
  • 1. Perform Password Sniffing using Wireshark
  • Remote Packet Capture
  • 2. Analyze Network using Omnipeek Network Protocol analyzer
  • 3. Analyze network using SteelCentral packet analyzer

Was this helpful?

  1. Module 8. Sniffing

2. Perform Network Sniffing using Various Sniffing Tools

An attacker can use sniffing tools such as Wireshark to sniff the traffic flowing between the client and the server.

Previous1. Perform Active SniffingNext3. Detect Network Sniffing

Last updated 2 months ago

Was this helpful?

1. Perform Password Sniffing using Wireshark

Important filters

http.request.method==POST

To find a packet, click on edit and select find packet.

Expand the HTML Form URL Encoded: application/x-www-form-urlencoded node from the packet details section, and view the captured username and password, as shown in the screenshot.

Remote Packet Capture

  1. In the Desktop window, click windows Search icon and search for Control Panel in the search bar and launch it.

  2. The Control Panel window appears; navigate to System and Security --> Windows Tools. In the Windows Tools control panel, double-click Services.

  3. The Services window appears. Choose Remote Packet Capture Protocol v.0 (experimental), right-click the service, and click Start.

  4. The Status of the Remote Packet Capture Protocol v.0 (experimental) service will change to Running, as shown in the screenshot.

  5. Close all open windows on the Windows 11 machine and close Remote Desktop Connection.

    If a Remote Desktop Connection pop-up appears, click OK.

  6. Now, in Windows Server 2019, launch Wireshark and click on Capture options icon from the toolbar.

  7. The Wireshark. Capture Options window appears; click the Manage Interfaces… button.

  8. The Manage Interfaces window appears; click the Remote Interfaces tab, and then the Add a remote host and its interface icon (+).

  9. The Remote Interface window appears. In the Host text field, enter the IP address of the target machine (here, 10.10.1.11); and in the Port field, enter the port number as 2002.

  10. Under the Authentication section, select the Password authentication radio button and enter the target machine’s user credentials (here, Jason and qwerty); click OK.

    The IP address and user credentials may differ when you perform this task.

  11. A new remote interface is added to the Manage Interfaces window; click OK.

  12. The newly added remote interface appears in the Wireshark. Capture Options window; click Start.

  13. Click Windows 11 to switch to the Windows 11 machine, and login using Jason/qwerty. Here, you are signing in as the victim.

  14. Acting as the target, open any web browser go to http://www.goodshopping.com (here, we are using Mozilla Firefox).

    Although we are only browsing the Internet here, you could also log in to your account and sniff the credentials.

  15. Click Windows Server 2019 to switch back to the Windows Server 2019 machine. Wireshark starts capturing packets as soon as the user (here, you) begins browsing the Internet, the shown in the screenshot.

  16. After a while, click the Stop capturing packet icon on the toolbar to stop live packet capture.

  17. This way, you can use Wireshark to capture traffic on a remote interface.

    In real-time, when attackers gain the credentials of a victim’s machine, they attempt to capture its remote interface and monitor the traffic its user browses to reveal confidential user information.

2. Analyze Network using Omnipeek Network Protocol analyzer

Paid tool

3. Analyze network using SteelCentral packet analyzer

Paid tool

Sniffing Passwords
Omnipeek | Network Protocol Analyzer - LiveActionLiveAction
SteelCentral Packet Analyzer
Logo
Certified Ethical Hacker (CEHv12) Practical hands on LabsUdemy
Logo
Logo