Skip to main content

Packet capturing of different protocols using Wireshark

Wireshark is the world’s foremost and widely-used network protocol analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education.

It is a free and an open-source packet analyzer.It is cross-platform.

  • To trace the packets first of all download and install Wireshark in the windows operating system.


  • Open Wireshark and then choose the interface.

1.Tracking FTP Packets


Step 1: $sudo apt-get install vsftpd command on Ubuntu terminal


Step 2: Start Wireshark and open command prompt in windows.
In the command prompt enter the IP address of Ubuntu Machine.

It asks for username and password authentication for the Ubuntu machine.

Step 3: Start capturing by clicking the green button in Wireshark.

 Step 4: In the filter of Wireshark,  enter ftp followed by IP address to track.

Step 5: Press the red button to stop capturing.




This server is not secure because packet transmission was captured in plain text as given by the user and even the password was captured unencrypted.


    2.Tracking Telnet packets


Step 1:$ sudo apt-get install telnetd ( on Ubuntu Machine)
Step 2: $ sudo /etc/init.d/openbsd-inetd restart  (on Ubuntu Machine)
Step 3: Now on the windows machine,
In the command prompt enter telnet followed by the IP address of Ubuntu Machine.

It asks for username and password authentication for the      Ubuntu machine.

Step 4: Start capturing by clicking the green button.

 Step 5: In the filter of Wireshark,  enter telnet followed by IP address to track.


Step 6: Press the red button to stop.


Here the password given for authentication is visible in plain text so it is not secure like ftp but gives a little security than ftp as the packets are not transmitted in plain text but under the name ‘Telnet Data’.


      3.Tracking on OpenSSH Server

 Step 1: $sudo apt-get install openssh-server (on Ubuntu Machine)

Step 2: Install putty on the windows machine and enter the host IP address(Ubuntu IP address) in it to connect

 Step 3: open Wireshark and search using the filter “tcp.port == 22 and ip.addr == <ip address of Ubuntu Machine>”,  22 is the port number of SSH




The telnet or ftp, are insecure and transmit the user's password in cleartext when used. OpenSSH provides a server daemon and client tools to facilitate secure, encrypted remote control and file transfer operations, effectively replacing the legacy tools.Here the packets are transmitted in encrypted form.

Comments

Popular posts from this blog

Configuring 2 backend servers and a load balancer with HAProxy

A load balancer is a device that distributes the traffic across a cluster of servers. In computing, load balancing improves the distribution of workloads across multiple computing resources, such as computers, a computer cluster, network links, central processing units, or disk drives.As a result, it improves responsiveness and increases the availability of applications.  For load balancing, we need to install LAMP server on backend servers and HAProxy on the load balancer. HAProxy is a free, open source software that provides a high availability load balancer and proxy server for TCP and HTTP based applications that spread requests across multiple servers. Here we will make two backend servers and one load balancer. At two backend servers enter the following commands— $sudo apt-get install apache2 $sudo apt-get install mysql-server $sudo apt-get install php libapache2-mod-php php-mysql $sudo gedit /var/www/html/index.html (Mak...

Network Connection verification and Troubleshooting commands in Windows

To ensure the proper network connection in the system, we do the following three types of checking: ---   Check the NIC card --- Check whether we have an IP or not or our gateway is active or not by a ping test -----  Check if the port no or the service is active or not To check the connection go to command prompt and enter the commands >ping localhost  then NIC  working. >ping 172.29.0.1 then gateway working >ipconfig In computing, ipconfig (internet protocol configuration) is a console application (command line tool) in Microsoft Windows used to control the network connections on windows.It displays all current TCP/IP network configuration values and can modify DHCP and DNS settings. Usually, ipconfig command is used with the command-line switch  /all. > ipconfig /all This command shows the various network configurations, MAC address, default gateway and IP addresses of different servers on the ne...

Fundamental Concepts of Arrays

  An   array   is a collection of elements of the same data type stored in   contiguous memory cells . It has a   fixed size   and is by default   passed by reference   to a function.  Eg. int arr[6] = {4, -3, 8, 5, -1, 6}; It initializes an integer array 'arr' storing 6 elements.  Assuming the size of an integer to be 4 bytes and base cell address to be 2000. It can be represented as -  A  dynamic array  is similar to a static array but it has the ability to  automatically resize  itself when an element is inserted or deleted.  They are available as  vectors in C++  and likewise l ists in Java .  Eg. list<int> l;      vector<int> v; Vectors are slightly less efficient than static arrays due to the occasional resizing and copying of elements.   The amortized time complexity of insertion in a dynamic array is O(1).  [Amortized Time complexity ...