Scribd
Upload
4 views

Experiment No 8

Uploaded by

20co08
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
4 views

Experiment No 8

Uploaded by

20co08
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 6

Experiment No 8

Aim: Implement packet sniffing using wireshark.

Apparatus: Wireshark analyzer tool, PC, and Internet connected Wi-Fi.

Theory: Wireshark is a popular open-source packet analyzer that offers a wide


range of convenient features for network analysis, troubleshooting, education, and
much more. People who want to use Wireshark for the first time and those who
already have experience with it often wonder about reading HTTPS traffic.

What Is HTTPS?

Hypertext Transfer Protocol Secure (HTTPS) represents a secure version of HTTP


that guarantees safe data transfer and communication between a web browser/Web
server and a website.

HTTPS ensures security and prevents eavesdropping, identity thefts, man-in-the-


middle attacks, and other security threats. These days, any website that asks you to
enter your information or create an account features HTTPS to protect you.

HTTPS shields from security threats and malicious attacks by encrypting all
exchanges between a web browser and a server. It’s important to clarify that HTTPS
isn’t separate from HTTP. Rather, it’s an HTTP variant that uses specific encryption
like Secure Socket Layer (SSL) and Transport Layer Security (TLS) to secure
communication. When a web browser and a web server communicate through
HTTPS, they engage in an SSL/TLS handshake, i.e., an exchange of security
certificates.

How can you tell if your communication to a website is secured with HTTPS? Simply
look at the address bar. If you see “https” at the beginning of the URL, your
connection is secure.

Transport Layer Security (TLS) is a cryptographic protocol that protects Internet


communications. TLS replaced SSL in 1999.
TLS (Transport Layer Security) is the upgraded version of SSL(Secure Sockets
Layer). TLS has moved through versions 1.0, 1.1, 1.2, and 1.3.

Observation Process:
Wireshark How to Read HTTP Traffic:

Follow these steps to read SSL and TLS packets in Wireshark:


Step 1: First of all, open your Wireshark tool in your window or in
Linux virtual machine. and start capturing the network. suppose I
am capturing my wireless fidelity. As we can see in below POC
(Proof of concept)that Wi-Fi2 is getting signal that means my
system is connected to Wi-Fi.Now Click on Wi-Fi2.

Step 2: In the below Proof of Concept (POC) provided, it can be


observed that Wireshark is capturing all packet/traffic transmitted
through Wi-Fi2.
Step 3: After starting the packet capturing we will go to the
website and login the credential on that website as we can see in
the POC (Proof of concept).

Step 4: Now after completing the login credential we will go and


capture the password in Wireshark. for that we have to use some
filter that helps to find the login credential through the packet
capturing.

Step 5: Wireshark has captured some packets but we specifically


looking for HTTP packets. so in the display filter bar we use some
command to find all the captured HTTP packets. as we can see in
the below POC (Proof of concept) the green bar where we apply the
filter (HTTP filter).

Step 6: So there are some HTTP packets are captured but we


specifically looking for form data that the user submitted to the
website. for that, we have a separate filter

As we know that there are main two methods used for submitting form data
from web pages like login forms to the server. the methods are-

 GET
 POST

Step 7: So firstly for knowing the credential we use the first


method and apply the filter for the GET methods as you can see
below.
http.request.method == "GET"
As you can see in the image there are two packets where the login
page was requested with a GET request as well, but there is no
form data submitted with a GET request.

Step 8: Now after checking the GET method if we didn’t find the
form data, then we will try the POST method for that we will apply
the filter on Wireshark as we can see.
http.request.method == "POST"
As we can see we have a packet with form data click on the packet with user info and
the application URL encoded. and click on the down-

HTML form URL Encoded where the login credential is found. login credential as it
is the same that we filed on the website in step 2.

Conclusion: The implementation of packet sniffing using Wireshark


successfully enables the monitoring and analysis of network traffic, facilitating
insights into data transmission and network behavior.

You might also like