Skip to main content

Packet capturing of different protocols using Wireshark

Wireshark is the world’s foremost and widely-used network protocol analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education.

It is a free and an open-source packet analyzer.It is cross-platform.

  • To trace the packets first of all download and install Wireshark in the windows operating system.


  • Open Wireshark and then choose the interface.

1.Tracking FTP Packets


Step 1: $sudo apt-get install vsftpd command on Ubuntu terminal


Step 2: Start Wireshark and open command prompt in windows.
In the command prompt enter the IP address of Ubuntu Machine.

It asks for username and password authentication for the Ubuntu machine.

Step 3: Start capturing by clicking the green button in Wireshark.

 Step 4: In the filter of Wireshark,  enter ftp followed by IP address to track.

Step 5: Press the red button to stop capturing.




This server is not secure because packet transmission was captured in plain text as given by the user and even the password was captured unencrypted.


    2.Tracking Telnet packets


Step 1:$ sudo apt-get install telnetd ( on Ubuntu Machine)
Step 2: $ sudo /etc/init.d/openbsd-inetd restart  (on Ubuntu Machine)
Step 3: Now on the windows machine,
In the command prompt enter telnet followed by the IP address of Ubuntu Machine.

It asks for username and password authentication for the      Ubuntu machine.

Step 4: Start capturing by clicking the green button.

 Step 5: In the filter of Wireshark,  enter telnet followed by IP address to track.


Step 6: Press the red button to stop.


Here the password given for authentication is visible in plain text so it is not secure like ftp but gives a little security than ftp as the packets are not transmitted in plain text but under the name ‘Telnet Data’.
      3.Tracking on OpenSSH Server

 Step 1: $sudo apt-get install openssh-server (on Ubuntu Machine)

Step 2: Install putty on the windows machine and enter the host IP address(Ubuntu IP address) in it to connect

 Step 3: open Wireshark and search using the filter “tcp.port == 22 and ip.addr == <ip address of Ubuntu Machine>”,  22 is the port number of SSH




The telnet or ftp, are insecure and transmit the user's password in cleartext when used. OpenSSH provides a server daemon and client tools to facilitate secure, encrypted remote control and file transfer operations, effectively replacing the legacy tools.Here the packets are transmitted in encrypted form.
Labels:

Comments

Post a Comment

Popular posts from this blog

Configuring 2 backend servers and a load balancer with HAProxy

A load balancer is a device that distributes the traffic across a cluster of servers. In computing, load balancing improves the distribution of workloads across multiple computing resources, such as computers, a computer cluster, network links, central processing units, or disk drives.As a result, it improves responsiveness and increases the availability of applications.  For load balancing, we need to install LAMP server on backend servers and HAProxy on the load balancer. HAProxy is a free, open source software that provides a high availability load balancer and proxy server for TCP and HTTP based applications that spread requests across multiple servers. Here we will make two backend servers and one load balancer. At two backend servers enter the following commands— $sudo apt-get install apache2 $sudo apt-get install mysql-server $sudo apt-get install php libapache2-mod-php php-mysql $sudo gedit /var/www/html/index.html (Mak...
Post a Comment
Read more

Network Connection verification and Troubleshooting commands in Windows

To ensure the proper network connection in the system, we do the following three types of checking: ---   Check the NIC card --- Check whether we have an IP or not or our gateway is active or not by a ping test -----  Check if the port no or the service is active or not To check the connection go to command prompt and enter the commands >ping localhost  then NIC  working. >ping 172.29.0.1 then gateway working >ipconfig In computing, ipconfig (internet protocol configuration) is a console application (command line tool) in Microsoft Windows used to control the network connections on windows.It displays all current TCP/IP network configuration values and can modify DHCP and DNS settings. Usually, ipconfig command is used with the command-line switch  /all. > ipconfig /all This command shows the various network configurations, MAC address, default gateway and IP addresses of different servers on the ne...
Read more

Application Layer

Application Layer(Layer 7): This layer lies at the top of the OSI model. It enables the user, human or software to access the network. It is responsible for providing services to the user. High-level APIs including resource sharing, remote file access. Services provided by Application layer: Network Virtual terminal: A network virtual terminal is a software version of a physical terminal. This layer is responsible for facilitating the user to log on to a remote host through setting up network virtual terminal. File transfer, access, and management: It allows a user to access files    in a remote host(to make changes or read data), to retrieve files from a remote computer for use in the local computer 
Post a Comment
Read more