Wireshark is a free and open source package parser, which is used for network troubleshooting, analysis, software and communication protocol development, and training. While instant network traffic can be monitored on the computer where the application is installed, Wireshark can also be used to examine previously recorded files.
First we need to install the Wireshark program on our computer. For this, we need to download the version suitable for our operating system from its own site and there are versions of Windows, MacOS, Linux, Unix. We need to choose the network to be analyzed every time we open the application.
After selecting the network to be listened, the application records the packets on the network and instantly lists the network traffic to us.
The most common interface used in local networks is Ethernet. It is easily connected to local networks with network cards that have an Ethernet interface. These interfaces use 48-bit physical addresses (mac address) given to them during production to send packets to each other. TCP / IP protocol uses 32-bit IP addresses to send and receive data. In order to communicate in the local network, the physical address of the device to be exchanged must be known. The protocol used for this process, that is, the protocol for learning the physical address of the device whose IP is known, is called the Address Resolution Protocol. In our network, we can find the ip addresses of the devices on the network by looking at the frames of the arp packets made by the router.
HTTP, which stands for Hyper Text Transfer Protocol, has the characteristic of processing the information shared between the transmitter and the server without applying any encryption. In other words, the information you will share with a website with http: // at the beginning of its address, and your computer in general, are not protected by security protocols and become open to external threats. Although it did not cause any problems since the first release of HTTP in 1990 because of the lack of wireless internet connections, the need to protect the packages has emerged with the widespread use of wifi modems today. For this, the encrypted package was transported to https. I signed up for a site using http from a computer connected to the same network to learn how to learn data such as passwords that are important to users from within Http packages. After logging in I examined the http packages captured by wireshark
To find the http package to which my mail and password information was sent, I examined the info summary information and found a package called login. I chose the package to examine it in detail and started to read the package information. I saw that the information sent in html form in this package information can be read clearly
As seen in the picture, the user's email and password are clearly visible. To prevent this, many sites use the https protocol today. In addition, cyber security experts warn against transactions where our important information is sent, such as online shopping on public wifi networks.
As can be understood from its name, it is a protocol that enables file transfer between two computers connected to the internet and the name given to the application that serves this process. For example, files requested to be placed on a website can be transferred to servers via FTP. I connected to the ftp server of the mcafee site from the cmd window of my computer to find out whether the data can be read from the FTP package. I entered username and password while connecting.
Then I stopped the wireshark search and started to examine the package transfer. While reviewing the created FTP and DNS packages, I noticed that the contents of the ftp requests and responses can be seen clearly.
In the packets, the login successful message sent by the server, the user name and even the password that is not printed on the screen for security can be clearly read in the terminal.