Today’s task involves sniffing traffic using Wireshark to identify any signs of security issues or vulnerabilities.
December 4, 2017
About This Challenge
Wireshark is a widely-used network protocol analyzer. It lets IT professionals see what’s happening on their network at a granular level. We’ve seen it used across many commercial and non-profit enterprises, government agencies, and institutions.
Wireshark is a must-have tool for IT admins but it must be used with discretion. Sniffing traffic can be viewed as a hostile activity and should only be used in agreement with management and corporate policy.
Disclaimer: Ensure any activities undertaken on your work network are allowed by your corporate policy and approved by management at your organization.
Follow The Instructions To Complete Today’s Network Defender Task:
Feel free to download the PDF version of the directions for your review.
Download and install Wireshark from http://www.wireshark.org. If you are installing this on a work computer, ensure you check with management and corporate policy regarding software installation and network activity.
After installing Wireshark, follow these instructions:
1. Fire up Wireshark.
2. Choose the Interfaces option to see which interfaces are transmitting traffic.
3. Start capturing the traffic.
4. Open a command prompt.
5. Open an FTP session to ftp.cisco.com.
6. Enter “Testing” for your username.
7. Enter a complex password for Password, that you do not use anywhere else.
8. Stop the wireshark capture.
9. Review the results, identify the FTP traffic, and find your password in the data.
10. Determine the wireshark Display Filter to enter, to only show the FTP traffic in the display window.
11. Clear the filter: what other protocols did you see? (There are usually several, such as DNS, HTTP, DHCP, and ARP).
12. Rerun the steps above, and use a Capture Filter to only capture FTP traffic.
13. Repeat step 3: are any other protocols viewable?
The initial capture above, captured all available traffic. The display filter (Step 2) modified what was viewable. However, we may want to limit the size of the traffic capture if we are looking for specific information. In this scenario, it makes sense to use a Capture Filter (Step 4) to limit what is captured. If you are capturing data over a long period of time as well, this can be useful, as packet captures can grow quickly in size.
The FTP protocol transmits data in clear text —this is insecure! Individuals with access to the data anywhere in the path between you, and Cisco, can possibly capture that password. Use secure protocols to protect yourself, such as SSH instead of Telnet, HTTPS over HTTP, or use SFTP, or FTP over a VPN connection, instead of FTP. Encrypting the data is our protection against insecure protocols like FTP, Telnet, and HTTP.
We can use a sniffer to identify weaknesses in configuration. Do you have sensitive data being transmitted in clear text? Use Wireshark to check.
Insider tip: another company, Tenable (makers of Nessus) has a tool referred to as a Passive Vulnerability Scanner — it sniffs traffic, looking for signs of security issues and vulnerabilities. Sniffing can make your network more secure in many ways!
Once you’ve followed these directions, scroll down to mark this challenge complete.
IT Security Training To Prepare You For War
Loving The Challenge And Want More Great StormWind Content? Contact Us To Schedule A Security Training Consultation
Why Over 100,000 Techs Believe In StormWind Studios
StormWind Studios is to IT training what George Lucas is to Star Wars. We take industry experts, add serious special effects, and deliver the most exciting, compelling live IT training on the planet – see for yourself during our Network Defender 5-Day Challenge
Signing up for Stormwind is one of the best education decisions I've made and I strongly recommend them to anyone interested in studying IT.Jon Lincoln
One of the coolest parts about this course (CEH) was that lectures were recorded daily, so you could make up any missed time without a lot of headache or heartache. I just took the Certified Ethical Hacker test, and I’m pleased to say that I passed on the first try.Dave Cork
I took StormWind classes and labs- absolutely OUTSTANDING! I did those just prior to going for my certification exam and passed it with a 923 out of 1000.Ron Marx
It has made a sizable impact with our company, our offerings to our client base, and my personal career. I am looking forward to this new position with my employer in San Antonio, thanks to StormWind.Mike Lind