jastechnologies.blogg.se

We can see the password as “ aPPTEXT” circled below. We right click on the entry, and then go to “Follow -> TCP Stream” See the part that says “ User Access Verification Password:”? That’s the plain text from the login prompt in our earlier step that we saw in Telnet. If we start looking through these packets we come across something very interesting in unencrypted, plain text. We can see a lot of Telnet data, but it doesn’t seem to tell us much. Now we need to look at Wireshark and see what we’ve managed to capture. Let’s log in and get to the prompt by entering our password: Your Telnet session then opens like this. In this instance, we know that the IP address of the Cisco is 192.168.30.1, so we enter it into Putty like so: This won’t be a problem, as we will apply a filter to our results and highlight only the results that we’re after. Because Wireshark is monitoring all traffic over Ethernet, it will detect all traffic on the connection and save it into the PCAP that we will be analyzing. Next, let’s fire up Putty, as it will let us connect to our Cisco 1751 router via Telnet over the local network. In our case this will be Ethernet, as we’re currently plugged into the network via an Ethernet cab. The very first step for us is to open Wireshark and tell it which interface to start monitoring.

By using Wireshark, we will see what data we can find on the network relating to any network communications.

Let’s look at an example using Telnet to log onto a Cisco Switch.

Inspecting the contents of data packets.

Isolating and identifying source and destination traffic.

We can then open the capture results and see how we would go about capturing such information, as well as where we can find it in our results. Our example will show you how to reveal a plain-text password being transmitted over your network via Telnet, which will be intercepted by Wireshark. This is not an exhaustive or all-encompassing tutorial, but hopefully will help to shed light on the steps that most people might take when trying to pinpoint details about a particular application or packet stream on the network. What follows is a basic walkthrough of some of the steps you might follow when undertaking a preliminary investigation of a specific target on your network, and how it might benefit you depending on the objective in mind.

It is a freeware tool that, once mastered, can provide valuable insight into your environment, allowing you to see what’s happening on your network. Wireshark is a very useful tool for information security professionals and is thought of by many as the de facto standard in network packet and protocol analysis.