Admin Task #3: Utilizing Wireshark

Today’s task involves sniffing traffic using Wireshark to identify any signs of security issues or vulnerabilities.

December 4, 2017

About This Challenge

Wireshark is a widely-used network protocol analyzer. It lets IT professionals see what’s happening on their network at a granular level. We’ve seen it used across many commercial and non-profit enterprises, government agencies, and institutions.

Wireshark is a must-have tool for IT admins but it must be used with discretion. Sniffing traffic can be viewed as a hostile activity and should only be used in agreement with management and corporate policy.

Disclaimer: Ensure any activities undertaken on your work network are allowed by your corporate policy and approved by management at your organization.

Follow The Instructions To Complete Today’s Network Defender Task:

Feel free to download the PDF version of the directions for your review.

Download PDF

Download and install Wireshark from http://www.wireshark.org. If you are installing this on a work computer, ensure you check with management and corporate policy regarding software installation and network activity.

After installing Wireshark, follow these instructions:

1. Fire up Wireshark.

2. Choose the Interfaces option to see which interfaces are transmitting traffic.

3. Start capturing the traffic.

4. Open a command prompt.

5. Open an FTP session to ftp.cisco.com.

6. Enter “Testing” for your username.

7. Enter a complex password for Password, that you do not use anywhere else.

8. Stop the wireshark capture.

9. Review the results, identify the FTP traffic, and find your password in the data.

10. Determine the wireshark Display Filter to enter, to only show the FTP traffic in the display window.

11. Clear the filter: what other protocols did you see? (There are usually several, such as DNS, HTTP, DHCP, and ARP).

12. Rerun the steps above, and use a Capture Filter to only capture FTP traffic.

13. Repeat step 3: are any other protocols viewable?

Summary:

The initial capture above, captured all available traffic. The display filter (Step 2) modified what was viewable. However, we may want to limit the size of the traffic capture if we are looking for specific information. In this scenario, it makes sense to use a Capture Filter (Step 4) to limit what is captured. If you are capturing data over a long period of time as well, this can be useful, as packet captures can grow quickly in size.

The FTP protocol transmits data in clear text —this is insecure! Individuals with access to the data anywhere in the path between you, and Cisco, can possibly capture that password. Use secure protocols to protect yourself, such as SSH instead of Telnet, HTTPS over HTTP, or use SFTP, or FTP over a VPN connection, instead of FTP. Encrypting the data is our protection against insecure protocols like FTP, Telnet, and HTTP.

We can use a sniffer to identify weaknesses in configuration. Do you have sensitive data being transmitted in clear text? Use Wireshark to check.

Insider tip: another company, Tenable (makers of Nessus) has a tool referred to as a Passive Vulnerability Scanner — it sniffs traffic, looking for signs of security issues and vulnerabilities. Sniffing can make your network more secure in many ways!

Once you’ve followed these directions, scroll down to mark this challenge complete.

Once You’ve Completed This Task Click This Button.

I Completed This Task

If your company will not allow you to perform the above task. Please read this security article and click the button above.

IT Security Training To Prepare You For War

Loving The Challenge And Want More Great StormWind Content? Contact Us To Schedule A Security Training Consultation

First Name

Last Name

Email

Company

Job Role:

Phone Number

Why Over 100,000 Techs Believe In StormWind Studios

StormWind Studios is to IT training what George Lucas is to Star Wars. We take industry experts, add serious special effects, and deliver the most exciting, compelling live IT training on the planet – see for yourself during our Network Defender 5-Day Challenge

Signing up for Stormwind is one of the best education decisions I've made and I strongly recommend them to anyone interested in studying IT.

Jon Lincoln

One of the coolest parts about this course (CEH) was that lectures were recorded daily, so you could make up any missed time without a lot of headache or heartache. I just took the Certified Ethical Hacker test, and I’m pleased to say that I passed on the first try.

Dave Cork

I took StormWind classes and labs- absolutely OUTSTANDING! I did those just prior to going for my certification exam and passed it with a 923 out of 1000.

Ron Marx

It has made a sizable impact with our company, our offerings to our client base, and my personal career. I am looking forward to this new position with my employer in San Antonio, thanks to StormWind.

Mike Lind