4/11/2011

Wireshark





Wireshark is a packet analyzer, one of the best and easiest to use. Its got a beautiful GUI that's really user friendly and you can learn a lot of things by just analyzing the packets by using it.
It is available for windows and linux. Like all cool tools, its pre-installed on Backtrack.



The first thing to do is go to Capture-Interfaces and select the interface that you are using.
You will probably see a lot of info. Go to Filters on the top, and type in Telnet. I am using my Backtrack machine to telnet into the XP machine,


                                           
My Wireshark should have captured the packet. Lets take a look at the wireshark console. Right click on the packet with Telnet Retransmission description, select Follow TCP stream as in the pic below.


You can see the the username and password I entered. (sometimes the info is a bit messed up, like in this case). But you can appreciate the power of the tool.


No comments:

Post a Comment