In this article, there are 5 first tasks, we will learn the basics of traffic analysis of various network protocols.
organizational informationEspecially for those who want to learn something new and develop in any of the areas of information and computer security, I will write and talk about the following categories:
- PWN;
- cryptography (Crypto);
- network technologies (Network);
- reverse (Reverse Engineering);
- steganography (Stegano);
- search and exploitation of WEB vulnerabilities.
In addition, I will share my experience in computer forensics, malware and firmware analysis, attacks on wireless networks and local area networks, pentesting and writing exploits.
So that you can find out about new articles, software and other information, I created ΠΈ in the area of ββIIKB. Also your personal requests, questions, suggestions and recommendations .
All information is provided for educational purposes only. The author of this document assumes no responsibility for any damage caused to anyone as a result of using the knowledge and methods obtained as a result of studying this document.
FTP authentication
In this task, we are asked to find authentication data from a traffic dump. At the same time they say that it is FTP. Open PCAP file in wireshark.
First of all, we will filter the data, since we only need the FTP protocol.
Now let's display the traffic by streams. To do this, after clicking the right mouse button, select Follow TCP Stream.
We see the username and password of the user.
Telnet authentication
The task is similar to the previous one.
We take the login and password.
Ethernet frame
We are given a Hex representation of an Ethernet protocol packet and asked to find sensitive data. The matter is that protocols are encapsulated one in another. That is, in the data area of ββthe ethernet protocol, the IP protocol is located, in the data area of ββ\uXNUMXb\uXNUMXbwhich the TCP protocol is located, in it HTTP, where the data is located. That is, we only need to decode characters from hex form.
The HTTP header contains Basic authentication data. We decode them from Base64.
Twitter authentication
We are asked to find the twitter login password from a traffic dump.
There is only one package. Open it by double clicking.
And again we see the Basic authentication data.
We find the username and password.
Bluetooth Unknown file
They tell a story and ask them to find the phone's name and MAC address. Let's open the file in wireshark. Find the line Remote Name Request Complete.
Let's look at the fields of this packet, where the MAC address and phone name are displayed.
We take the hash and hand over.
On this task, we will finish the analysis of easy tasks on the topic of networks (more for beginners). Further more and more difficult ... You can join us at . There you can propose your topics and participate in voting on the choice of topics for the following articles.
Source: habr.com