[Wireshark]How to detect clear-text traffic using Wireshark.

Objectives

Takahiro Oda
4 min readDec 30, 2021

You will learn how to detect sensitive data flowing via the network in clear text format.

Why you need to know

Some of the applications allow their users to communicate via protocols like HTTP, FTP, Telnet. These protocols transfer data over TCP in clear text. As a network admin, you need to know how determine if there is any sensitive info flowing via the network.

Network Topology

Demo

1: Login Domain Controller

2: Start WampServer.

3: Make sure that windows firewall is off

4:Login DHCP server

5: install Cain&Abel + WinPcap

6:To configure Ethernet card, Configure from menu bar. Leave the settings set to default. Click OK

7:Click Start/stop sniffer tab and Sniffer tab

8:Click the plus (+) icon. The mac address scanner window appears, select Range button, enter the scan range 10.0.0.101–10.0.0.254. Check All Tests, then OK

9:Cain& Abel starts scanning for MAC address and lists all those found.

10: Click ARP bottom left and plus icon

11: Select 10.0.0.101 (domain controller) from the left and 10.0.0.200 (windows 10) from the right

12: Select the added IP address in the configuration/routed packets, and click Start/Stop ARP.

13: Open WireShark and choose the Ethernet

14: Go to windows 10 and open browser. Type http://10.0.0.101/wordress/wp-login.php

*If you get 403 error message like this
https://stackoverflow.com/questions/23382627/wamp-cannot-access-on-local-network-403-forbidden/23385021

Go to WampServer > Apache > httpd-vhost.conf

When you open it, it looks like this

You change it to

So that you can see the login console (Sorry it’s Japanese)

You type username:admin, password:test and click login

15: Go back to domain controller and see WireShark

16: type “http contains wordpress”

17: Choose the HTTP post packet from the filtered list and right-click on its HTML form encoded and click Follow → TCP Steam

18:Wireshark -Follow TCP Stream window appears. This window contains the POST form data, along with the password used to log in to the wordpress website.

Conclusion

You learned how to detect sensitive data flowing via the network in clear text format.

--

--

No responses yet