Sign in to follow this  
Followers 0
DotKite

packet sniffing...then what

4 posts in this topic

Hey all i have been toying around with wireshark for the past few weeks. Just looking at my own network really. I was just wondering what can I do with all that info. Some of it is starting to make sense, but i still do not have a grasp on what is potentially *interesting about what I am seeing and what isn't. Any links to free lit on this particular topic would be greatly appreciated. Also share anything that you guys like to do with those cap'd packets. Thank you!

0

Share this post


Link to post
Share on other sites

The only thing you can really do with those packets is look at 'em. Depending on how the sniffer was used (e.g. mitm attack, wireless sniffing etc) you could find passwords, interesting urls, chat logs (afaik msn is unencrypted so they should be viewable. Havent tried with others IM protocols). Irongeek has a nice video on his site showing networkminer, a tool to parse pcap files. check it out here

0

Share this post


Link to post
Share on other sites

Your captures may contain authentication information such as hashes or even plain text credentials. Also, one can get a good idea of the network they're dealing with, such as its infrastructure and operating systems in use. Not to mention, one can learn a lot about their fellow employees web-browsing habits.

0

Share this post


Link to post
Share on other sites

Once you start scanning and check out what you have you'll eventually figure out what you're interested in. AIM conversations are always fun when you capture in a public place.

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0