This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

How can I for example filter a password from I client that is loging on www.hotmail.com? Which filter do I use?

asked 23 Oct '12, 04:58

marsal's gravatar image

marsal
1335
accept rate: 0%

what do you want to achieve?

(23 Oct '12, 05:37) Kurt Knochner ♦

No at the school we got the work,nothing illegal at all. The qestion is if that is possible to see or not (using Wireshark). I have got my virtual clients I have to log on my own Mail account and see if these informations are noticed and readable (to human eye) by Wireshark!? Thanks

(26 Oct '12, 01:35) marsal

You probably can't, simply because - even if you manage to capture the relevant packets - they'll be SSL encrypted. You can decrypt them if you get the SSL encryption keys, but my guess is that you're trying to take a peek at passwords that are not your own, so you can't.

permanent link

answered 23 Oct '12, 05:04

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

No at the school we got the work,nothing illegal at all. The qestion is if that is possible to see or not (using Wireshark). I have got my virtual clients I have to log on my own Mail account and see if these informations are noticed and readable (to human eye) by Wireshark!? Thanks

(26 Oct '12, 01:35) marsal
1

yes if the protocol is unencrypted AND you are able to capture the packets (which can be tricky to do in switched networks). And no if the protocol is encrypted, like https or imap/s, smtp/s, pop3/s.

(26 Oct '12, 03:04) Jasper ♦♦

Can you tell me please which filter do I use?

(27 Oct '12, 00:24) marsal
1

It depends on the protocol used, but if it is HTTP (not HTTPS) you could filter on things like http.request.method=="POST" to see all data transfer requests that use the POST method (which is most common for forms being transmitted). Obviously, this won't work for encrypted HTTP.

After filtering on the POST requests you need to investigate if any of them contains password form details; usually this happens in one of the first posts since the login happens early in the process of receiving mails.

(27 Oct '12, 02:44) Jasper ♦♦

Thanks a lot!

(27 Oct '12, 04:59) marsal
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×26

question asked: 23 Oct '12, 04:58

question was seen: 3,367 times

last updated: 27 Oct '12, 04:59

p​o​w​e​r​e​d by O​S​Q​A