B@mA bamasean

Capturing Remote Network Traffic With WireShark

This will be the first in a series of documents that keeps track of the things that were learned while practicing ethical hacking activities. Mind you, I have little networking knowledge and is more comfortable working with software-engineering tasks compared to infrastructure related tasks. However, I hope to be able to branch-out by writing this series.

The first thing that we'll learn to do is to capture network traffic with WireShark. WireShark is a tool that can be used to capture network packets in order to analyse them later. A lot of my colleagues who have dabbled in the infra / networking domain are pretty well acquainted with WireShark, and might also think that I'm a total beginner by writing a "beginner-friendly" tutorial note like this (but I'm willing to put up with their teases in the pursuit of knowledge). Lets dive-in and start swimming with the fishies!

Environment Topology Setup

In order to keep things si

github recently switched to an https scheme as the default for cloning repos. as a side effect you may suddenly be prompted for a 'Username' and 'Password' when you push where, previously, you were able to do so without typing in credentials. the solution is to cause git to cache https credentials which is easy, since git uses curl under the covers

in your home directory create a file called '.netrc', for example

/Users/ahoward/.netrc

in it put these contents

	2g
	2.php
	2.tar
	2.tar.bz2
	2.tar.gz
	2.txt
	2.zip
	3
	30
	300

	{
	"conversations": [
	{
	"conversation": {
	"conversation_id": {
	"id": "UgzmMCnsNq4s-JZDJLV4AaABAQ"
	},
	"conversation": {
	"id": {
	"id": "UgzmMCnsNq4s-JZDJLV4AaABAQ"

	admin account info" filetype:log
	!Host=. intext:enc_UserPassword=* ext:pcf
	"# -FrontPage-" ext:pwd inurl:(service \| authors \| administrators \| users) "# -FrontPage-" inurl:service.pwd
	"AutoCreate=TRUE password=*"
	"http://:@www” domainname
	"index of/" "ws_ftp.ini" "parent directory"
	"liveice configuration file" ext:cfg -site:sourceforge.net
	"parent directory" +proftpdpasswd
	Duclassified" -site:duware.com "DUware All Rights reserved"
	duclassmate" -site:duware.com

	#!/usr/bin/env python
	import os
	from oauth2client import client, tools
	from oauth2client.file import Storage

	SCOPES = 'https://www.googleapis.com/auth/calendar https://mail.google.com/ https://www.googleapis.com/auth/drive https://www.googleapis.com/auth/groups https://www.googleapis.com/auth/admin.directory.user'

	def get_credentials():
	credential_dir =os.getcwd()
	client_secret_path = os.path.join(credential_dir, 'client_secrets.json')

	node=cdh4flumevm1 type=DAEMON_START msg=audit(1342114506.467:9723): auditd start, ver=1.7.18 format=raw kernel=3.2.0-26-generic auid=4294967295 pid=1054 subj=unconfined res=success
	node=cdh4flumevm1 type=CONFIG_CHANGE msg=audit(1342114506.571:24): audit_backlog_limit=8192 old=64 auid=4294967295 ses=4294967295 res=1
	node=cdh4flumevm1 type=CONFIG_CHANGE msg=audit(1342114506.571:25): audit_failure=2 old=1 auid=4294967295 ses=4294967295 res=1
	node=cdh4flumevm1 type=CONFIG_CHANGE msg=audit(1342114506.579:105): audit_enabled=1 old=1 auid=4294967295 ses=4294967295 res=1
	node=cdh4flumevm1 type=LOGIN msg=audit(1342114506.751:106): login pid=1104 uid=0 old auid=4294967295 new auid=104 old ses=4294967295 new ses=1
	node=cdh4flumevm1 type=LOGIN msg=audit(1342114517.503:107): login pid=1447 uid=0 old auid=4294967295 new auid=1000 old ses=4294967295 new ses=2
	node=cdh4flumevm1 type=SYSCALL msg=audit(1342114517.511:108): arch=c000003e syscall=87 success=no exit=-2 a0=e273d0 a1=0 a2=e22620 a3=7ffffcd967e0 items=1 ppid=1447 p