Wireshark

Wireshark

Wireshark-Wireshark is a network analyzer program that is very popular now, but strangely this program is mostly known not because of its main function but because it is often used for beginner hacking purposes. Because of this malfunctioning function, HackCast feels very interesting to discuss the functions and understanding of Wireshark and how to use Wireshark.

What is Wireshark?

Wireshark is a complete Network Protocol Analyzer program, aka network protocol analyzer. This program can record all the packages that go through and select and display the data as much as possible, for example, posting your comments on a blog or even a username and password.

Actually Wireshark is not designed for hackers. The main function is not intended for hacking. Wireshark is primarily made for Network Administrators to be able to track what is happening in their network or to make sure the network is working properly, and no one is doing anything bad on the network.

How Wireshark Works

How does a Wireshark work? Broadly speaking, the workings of Wireshark consist of two stages
  1. Record all packets that pass through the selected interface (Interface is a connecting device between networks, can be via WiFi or Ethernet / LAN card)
  2. The recordings can be analyzed. here we can filter protocol what we want like tcp, http, udp and so on. Wireshark can also record cookies, posts and requests.
The package recorded by Wireshark is a package that passes through our interface only. That is why you cannot record a friend's data package next to you even though both are connected on the same network. This happens very often because many do not know how to work wireshark.

If we run wireshark while opening a browser on our own computer the data can be captured completely. Why ? Because the data is definitely through our interface instead.
So once again the package is stored only if only through the specified interface.

Strategy Hackers use Wireshark.

Because wireshark works under certain conditions described above. So, hackers need to do a specific strategy. that is, running man in the middle attack, or arp spoof, or making honey pot so that the data received by the target turns its current through their interface first.

When hackers make fake point access, all packets received and sent by people connected to the fake point access will be recorded in wireshark. If the trap is successful, hackers just choose the interface they use to make access to the fake points on the wireshark application.
Unlike mitmf, which only stores data, Wireshark stores everything like photos, pictures, videos. all. it's not dangerous. but not really. Why ?

because to find the data data that we want is often like looking for a needle in a haystack. because there is a lot of data. in this case hackers need high diligence and skillful filtering of data data (filtering) in Wireshark.
Wireshark can also be used to open data from other programs. for example, the airdump linux program.
example of simulation like this. Elliot in the film Mr Robot only carries a smartphone (Wireshark cannot be used on the smartphone because of the many limitations), but the smartphone can run airdump. So Elliot records it via a smartphone with an airdump program and then the data recordings are taken and opened at home using a wireshark. well, something like that can be done.
So clearly Wireshark does not analyze in realtime, when recording we actually make a file containing all the data, then the file is analyzed.

Wireshark Download:

Wireshark 3.0.1
Free Download Win 64-Bit
Wireshark 3.0.1
Free Download Win 32-Bit
Wireshark 3.0.1
Free Download Win Portable 32-Bit
Wireshark 3.0.1
Free Download Mac OS

Wireshark Filtering.

like the admin said, our ability to filter information is very necessary in Wireshark because there will be thousands of data packages. Fortunately the keywords in Wireshark filtering can be combined so that they can display more specific data. for example, we can use the logic or and & not gate on this Wireshark filtering.

Filters that are often used:

http

Only the http package will be displayed.

ip.addr == x.x.x.x

Only showing the ip address in question, changing xxxx to ip address.

ip.addr == x.x.x.x && ip.addr == x.x.x.x

Display the ip address with logic and, meaning that the packet is displayed only if the condition is that there are two IP addresses in the package.

http.request

Display http packages with post or get status. make it easier to search passwords like the example above.

tcp contains XXX

Display the tcp package containing the word xxx.

! (arp or icmp or dns)

Read not arp or icmp or dns. This means that arp or icmp or dns packages will not be displayed.

Wireshark uses for Network Administrators.

If previously we learned Wireshark by sniffing passwords, which means wireshark is used on the hacker side. So this time we will discuss a little about how Wireshark is useful for network administrators even against hackers.
  • Network loopback, in wirehark you can find unnatural number of packets due to network loops, for example, suddenly there are thousands of packets in seconds.
  • Detect problematic http packages (usually not reaching the server) by looking at the black package.
  • Malware that continuously sends data, in this case we can see ip ip that feels strange, for example during recess and no one accesses the computer but it turns out that in the wireshark it appears that the computer is sending data to a suspicious address.
  • WireShark can also see activities such as Copy Files that have been shared by other computers, the protocol used by the data package is SMB2
  • Detects a dhcp server that is not wanted. even though in your office the network is in a static setting but it turns out there is an active dhcp server. the dhcp server broadcast data will be visible in Wireshark.
  • Can detect ARP Poisoning and ARP Spoofing, which means that someone is screwing up the ARP table (usually someone is running Man in The Middle Attack

Incoming Search Terms :

  • SFTP Port
  • SFTP Server
  • SFTP Client
  • SolarWinds
  • FTP Server
  • FTP Client
  • Putty Download Windows
  • SSH Keys
  • Core FTP
  • Solar winds software
  • Netflow solarwinds

Discussion: