Network Analysis with Wireshark – Emmanuel Dal Canto

Network Analysis with Wireshark: Unveiling Packet Dynamics and Security Measures

In this project, I’m delving deep into the realm of network scanning using Wireshark. I’ll guide you through the process of capturing packets, dissecting conversations, and filtering data to uncover vital insights into network dynamics. Together, we’ll explore the nuances of TCP SYN flags, examine HTTP and HTTPS traffic, and learn how to conceal protocols for enhanced security. Join me as I unravel the intricacies of network analysis with Wireshark, empowering you to understand and secure your network like never before.

1. Overview of Wireshark, capturing packets.

Analyzing data packets in Wireshark reveals a multi-pane interface tailored for in-depth inspection. The Packet List, situated at the top, offers a comprehensive view of all captured packets. Upon selecting a packet, the remaining panes dynamically update to unveil specific packet details. Each column in the Packet List furnishes key information: packet order, capture time, source and destination addresses, packet protocol, length, and additional packet insights. The middle pane, Packet Details, presents readable packet information, facilitating further analysis. Users can easily create filters based on highlighted text, streamlining the investigation process.

2. Stadistics - Conversations (viewing all the PCAPs just captured)

3. One thing for look for is if the computer's IP address, is having any long conversation with any unknown device.

4. Streamlining Analysis: Efficient Packet Filtering in Wireshark

5. Refining Filters: Tailoring Packet Views in Wireshark

Once a filter is applied, it will be positioned at the top. However, if the filter contains a port number, which may not be necessary for the current scenario, it can be removed. This adjustment allows for the examination of packets sent to or from the specified IP address.

6. Unveiling Vulnerabilities: Analyzing HTTP Traffic in Wireshark

Capturing unsecured data (HTTP) – In this instance, I simulated loading several HTTP websites for testing purposes. Upon halting the process, we observed the capture of 11082 packets. (The color indicator in the bar turns green to signify an accepted filter equation, while red indicates its rejection.)

7. Viewing packet contents for the HTTP

8. Unveiling Phishing Techniques: Exploring TCP Streams in Wireshark

If we select the initial packet and proceed to right-click, followed by selecting “Follow” and then “TCP Stream,” we essentially simulate the workings of a phishing attempt. For instance, individuals may craft links resembling bank account pages over an HTTP connection. In this scenario, the perpetrator conducting the phishing attack can intercept and view all details entered, as observed through Wireshark.

9. Secure Traffic Filtering: Understanding HTTPS Protocols in Wireshark

To examine secure traffic, specifically HTTPS, we need to utilize TCP, typically through a designated port, commonly port 80. However, alternative ports such as 8000, 8001, or 8002 may also be employed. This process is illustrated in the accompanying image.