Category: Sniffing

All about Sniffing!

Sniffing, Wireshark

Sniffing email passwords with Wireshark

> Open Wireshark.   > Select an interface and start capturing in promiscuous mode.   > To capture credentials from POP apply this filter: pop.request.command == "USER" || pop.request.command == "PASS"pop.request.command == "USER" || pop.request.command == "PASS"   > To capture credentials from IMAP apply this filter: imap.request contains "login"imap.request contains "login"   > To …

Proxy, Sniffing, WEB

Fiddler – web debugging proxy

I discovered recently this tool. I’d like to share with you.   Fiddler is a Web Debugging Proxy which logs all HTTP(S) traffic between your computer and the Internet. Fiddler allows you to inspect traffic, set breakpoints, and “fiddle” with incoming or outgoing data.   Fiddler is freeware and can debug traffic from virtually any …

Metasploit, Passwords, Sniffing

Password sniffing with Metasploit

A packet sniffer is a computer program that intercepts and logs traffic passing over a network. The sniffer captures each packet, decodes the packet’s raw data, showing the values of various fields in the packet, and analyzes its content. If network communications are not encrypted (ssl) then it is possible to intercept communications and capture …

Linux, Sniffing, Wireshark

Run Wireshark as a user rather than root – Ubuntu

Messages from wireshark: Running as user “root” and group “root”. This could be dangerous. Lua: Error during loading: [string “/usr/share/wireshark/init.lua”]:45: dofile has been disabled To fix them and run wireshark as normal user and not as root which is very dangerous do the following: sudo chgrp adm /usr/bin/dumpcapsudo chgrp adm /usr/bin/dumpcap sudo chmod 750 /usr/bin/dumpcapsudo …

Sniffing, Wireshark

Capturing snmp traffic with wireshark

1. Open wireshark with root privilleges. sudo wiresharksudo wireshark 2. Select Capture->Interfaces from the menu. 3. A window will open. Click Options on your desired interface, for ex. eth0. 4. Type udp port 161 or udp port 162 (default ports). 5. Click Start. If you are capturing the whole traffic, type snmp in filter field.

Sniffing, Tools, Wireshark

Wireshark capture filters examples

Capture only traffic to or from IP address host xxx.xxx.xxx.xxxhost xxx.xxx.xxx.xxx Capture traffic to or from a range of IP addresses net xxx.xxx.0.0/24net xxx.xxx.0.0/24 Capture traffic to or from a range of IP addresses net xxx.xxx.0.0/24net xxx.xxx.0.0/24 Capture traffic from a range of IP addresses src net 192.168.0.0/24src net 192.168.0.0/24 Capture traffic to a range …

Sniffing, Wireshark

Capturing HTTP traffic using Wireshark

1. First of all download and install Wireshark from here. 2. Run Wireshark as administrator or root. 3. Select from the menu Capture > Interfaces. 4. Choose your interface and click options. 5. In the capture filter textbox type: tcp port http. 6. Select a file to save the traffic by clicking the browse button. …