Ethernet, FTP, Telnet, HTTP, Bluetooth - the basics of traffic analysis. Solving problems on a network with r0ot-mi. Part 1
In this article, the first 5 tasks, we learn the basics of traffic analysis of various network protocols.
Organizational Information
Especially for those who want to learn something new and develop in any of the areas of information and computer security, I will write and talk about the following categories:
In addition to this, I will share my experience in computer forensics, analysis of malware and firmware, attacks on wireless networks and local area networks, conducting pentests and writing exploits.
So that you can find out about new articles, software and other information, I created a channel in Telegram and a group to discuss any issues in the field of ICD. Also, I will personally consider your personal requests, questions, suggestions and recommendations personally and will answer everyone .
All information is provided for educational purposes only. The author of this document does not bear any responsibility for any damage caused to anyone as a result of using knowledge and methods obtained as a result of studying this document.
- PWN;
- cryptography (Crypto);
- network technologies (Network);
- reverse (Reverse Engineering);
- steganography (Stegano);
- search and exploitation of WEB vulnerabilities.
In addition to this, I will share my experience in computer forensics, analysis of malware and firmware, attacks on wireless networks and local area networks, conducting pentests and writing exploits.
So that you can find out about new articles, software and other information, I created a channel in Telegram and a group to discuss any issues in the field of ICD. Also, I will personally consider your personal requests, questions, suggestions and recommendations personally and will answer everyone .
All information is provided for educational purposes only. The author of this document does not bear any responsibility for any damage caused to anyone as a result of using knowledge and methods obtained as a result of studying this document.
FTP authentication
In this task, we are offered to find authentication data from a traffic dump. At the same time they say that this is FTP. Open the PCAP file in wireshark.
First we filter the data, since we only need the FTP protocol.
Now we will display traffic on flows. To do this, after right-clicking, select Follow TCP Stream.
We see the username and password of the user.
Telnet authentication
The task is similar to the previous one.
We pick up the username and password.
Ethernet frame
We are given a Hex presentation of an Ethernet protocol packet and are asked to find sensitive data. The fact is that the protocols are encapsulated one into another. That is, the IP protocol is located in the data area of ββthe ethernet protocol, in the data area of ββwhich the TCP protocol is located, in it is HTTP, where the data is located. That is, we only need to decode characters from the hex form.
The HTTP header contains Basis authentication data. Decode them from Base64.
Twitter authentication
We are asked to find a password to log into twitter from a traffic dump.
There is only one package. Open it by double-clicking.
And again we see the Basic authentication data.
We find the username and password.
Bluetooth Unknow file
They tell a story and ask to find the name and MAC address of the phone. Open the file in wireshark. Find the line Remote Name Request Complete.
Let's look at the fields of this package, where the MAC address and phone name are displayed.
We take the hash and hand it over.
On this task, we finish the analysis of easy tasks on the topic of networks (more for beginners). Further more and more complicated ... You can join us on Telegram . There you can propose your own topics and vote on the choice of topics for the following articles.
All Articles