This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

how to confirm encrypted data using WIRESHARK ?

0

I am new to WIRESHARK have installed it.

WIRESHARK provide many useful features but in start I want to just capture my required data. Can you please guide me how I can capture data relevant to a particular web site ? I want to confirm my user id and password are encrypted.

I highly appreciate your guidance on it.

Thanks

asked 08 Oct '12, 17:23

Haansi's gravatar image

Haansi
6113
accept rate: 0%

edited 09 Oct '12, 05:44

Bill%20Meier's gravatar image

Bill Meier ♦♦
3.2k1850


One Answer:

1

1) have the browser ready to go but don't hit ENTER after typing in the URL.

2) Open Wireshark.

3) Hit CTRL-K and pick the interface (use the IP address under the interface name to choose the correct one).

4) Click on START.

5) Switch to your browser, and hit ENTER.

6) After typing in the username/password, switch back to Wireshark.

7) Stop the Capture.

8) In wireshark, got to Statistics, Conversations, TCP. Find your web traffic.

9) Right click on the conversation, Apply as filter, Selected, A <-> B

10)Rick click on any part of the packet, and use Follow TCP Stream option.

You will see the data displayed as text. Save it and see if you can find your username.

You can do all of the above using other (quicker) ways, but based your question and lack of experience with Wireshark, I wanted to provide a step by step method. Good luck

hsb

answered 08 Oct '12, 19:13

hansangb's gravatar image

hansangb
7912619
accept rate: 12%

edited 08 Oct '12, 19:14

Also, after you capture the traffic, you can type in the following into the FILTER bar: http contains "YourUserName"

(08 Oct '12, 19:17) hansangb