Snapshot 1 (Step 1)
Fig: Snapshot showing the homepage of the web site www.wireshark.org.The home page of wireshark, www.wireshark.org, was opened using google chrome browser. Once the page was loaded, wireshark 1.2.6 (windows installer 32 bit) was downloaded. On the completion of the download, the software was installed in the PC using the default settings. After the completion of the installation, the program was launched. (Textbook, Network Security, pg. 148)
Snapshot 2 (Step 6)
Fig: The main window of wireshark after launching the program.
After the program was launched, from the main menu, capture was clicked and interfaces was selected from the drop down menu. Since the computer was connected to the network using the wireless connection, the start button next to wireless interface, in the pop up window. As soon as the start button was clicked, wireshark started to capture the packets. (Textbook, Network Security, pg.149)
Snapshot 3 (STEP 7)
Fig: wireshark capturing the packets( background), cmd window (foreground)
After wireshark started to capture the packets, cmd was launched and ftp server1 was typed. After few seconds, cmd displayed a message "Unknown server host". This process was also captured by wireshark. (Textbook, Network Security, pg.149)
Snapshot 4 (STEP 8)
Fig: Snapshot showing the page https://www.bluehost.com/cgi-bin/uftp
The page https://www.bluehost.com/cgi-bin/uftp was opened
Snapshot 5 (STEP 9)
Fig:Snapshot of the page https://www.bluehost.com/cgi-bin/uftp
After the page was loaded, Domain name: Gerald and Password: happy was entered. Since the credential provided was not correct, the login process was failed. All these events should be captured by wireshark including the username and password. (Textbook, Network Security, pg.149)
Snapshot (STEP 14)
Fig: Snapshot showing the error message in wireshark.
After returning back to wire shark, find tool was used to find the word gerald as string value. But a error message appeared saying "no packet contained that string in the data". When the page https://www.bluehost.com/cgi-bin/uftp was examined, it was seen that the webpage was a secure page, which encrypts the credentials, thus preventing them from being captured by wireshark. It shows that the encryption is useful method to prevent the users data from being accessed by the attackers.
References:
Wireshark developer and User Conference (June 14-17 2010). Download Wireshark; retrieved on 10/02/10; retrieved from http://www.wireshark.org/
Bluehost (n.d.). Unlimited FTP account login; retrieved on 10/02/2010; retrieved from https://www.bluehost.com/cgi-bin/uftp
C.Mark(2009)Using the wiresharkProtocol Analyzer; retrieved on 10/02/2010; retrieved from Network Security Fundamentals
No comments:
Post a Comment