COMM Wireshark

[Heretic]

Wireshark was mentioned in a recent post, so I brought my spare laptop in to the library. No battery, XP with too small a hard file and too little RAM to be useful for much more then reading text and loaded Wireshark on it.

Folks if you post from a public palce with shared WiFi you may want to download a copy and run it. It is amazing how few people properly implement any security much less good security.

The library offers a secure setup but it damn sure looks like my wife and I are the only ones to use it!

Of course I am getting some weird glances with two laptops and my near constant giggling. I suspect they think I am looking at porn....

Damn! I was joking about the porn but I found a stream where someone is watching something naughty.....


Terry

 

[hammerhead]

If you like wireshark, you'll love airpwn: http://airpwn.sourceforge.net/Documentation.html

 

[Heretic]

If you like wireshark, you'll love airpwn: http://airpwn.sourceforge.net/Documentation.html

I will check it out.
While I knew, intellectually, there are 'sniffer' programs out there, I haven't used any.
Until now.

All I can say is the sheep have no idea how easy their comms are to intercept....

It looks to be a linux only app....

I am running XP (sort of)

Terry

 

[OddOne]

I have Wireshark running at work and frequently pick up open hotspots from travelers - smartphones can act as tether points for on-the-go Internet access if you have a suitable data plan. You can be hacked as you drive by.

 

[Weps]

@Terry

Firesheep is a browser based sniiffer for FireFox, so it can be used on any OS and any Mozilla based browser such as Pale Moon, IceWeasel, ect... Cain & Abel, which I've used extensively is pretty amazing. The only caveat is it's Windows only, no Linux. You can sniff packets, poision the network, poision a particular MAC/IP's packets, ect... pretty neat stuff.

I've used Wireshark somewhat, it comes pre-installed on most Linux distro, so it's a givin'. However, I don't have it on my netbook (which I'm on), mostly because CrunchBang OS didn't come with it pre-installed. That's a small issue though, just open up terminal, little sudo-apt-get magic and tada! You can always hotload Linux on a USB drive, something like BackTrack, which comes loaded with pre-installed software for Network and System Penetration Testing.

Recently I've been working with my Android and various apps, such as Wifi Tracker.

 

[Sportsman]

Wireshark is available for Windows and OSX. But for linux, you can save a sniff file from tcpdump and then analyze it on a windows machine using Wireshark.

Terry, spend more time with Wireshark. I use it at least weekly in network troubleshooting and it is an awesome program. For example, there are decoders bult-in or add-on for most all protocols. You can save the sniffed data into a file for later decoding as well. If you're into Linux, you can also run TCPDUMP and save the file to analyze later using Wireshark.

In addition to monitoring standard web stuff, it can be used to sniff AND DECODE common SIP VOIP phone streams, video streams, SCADA protocols, etc. Another plus is the overal statistics and network analysis capabilities.

It's quite a useful troubleshooting tool.

~Sportsman

 

[Ice Guy]

am I understanding this correctly? Wireshark is some sort of "Scanner" for computer/handheld broadcast data, similar to a police scanner, just detecting different info on different frequencies?

 

[Sasquatch]

Ice Guy good question. I'm wondering if that means I need to be "logged on" for my phone to be hack, or if just driving by can be a problem.
Seems like all people want to do now days is screw with others.

 

[Weps]

am I understanding this correctly? Wireshark is some sort of "Scanner" for computer/handheld broadcast data, similar to a police scanner, just detecting different info on different frequencies?

Bare with me, I'm not an "IT expert", but...

Wireshark is a "packet sniffer", packets are data that pass over a network (traffic). In a wireless network a networked device (laptop, netbook, PC, smartphone, tablet, ect...) exchanges packets back and forth over the network (to other devices) and with an access point (router/modem).

What Wireshark does is picks up on the packets being passed, if the network isn't protected in some way, than the data on the packets can viewed. The basic way that it works, for instance if you're using a local WiFi source that is unprotected, like at a coffee shop or a Mcy D's. All the packets on that network are unprotected, at least as far as the network itself is concern. With a program like Wireshark, the data is intercepted and is viewable in a UI. (it is possible to obscure and bury data that passes over the network from your end). If you're like the average person, you're not using anything like Tor, JonDoFox, VPN, HTTPS, SFTP, SSH tunnel, ect...

With other programs, like Cain & Abel or if you use Firesheep, the data is broken down into an even more user-friendly interface. Such as if you had logged into Facebook on an unsecured network without any follow-on security, those programs will actually provide the "user" with the direct ability to log-in as you. Cain & Abel provides the ability to directly collect data, to access secure networks, pick-up on VoiP conversations, ect...

 

[onetimer]

I run some commercial version of sniffers, commview and commview for wifi. Being able to actually reconstruct the session and view the exact webpage a user is on is pretty crazy.

 

[Weps]

Ice Guy good question. I'm wondering if that means I need to be "logged on" for my phone to be hack, or if just driving by can be a problem.
Seems like all people want to do now days is screw with others.

If something like Bluetooth is active or your using WiFi connection that's unsecured than yes it is susceptible to intrusion.