This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

I'm totally new to wireshark so I need help in checking out, to verify a password is not sent in clear text. In the process of testing a powershell script which uses an AD account and password to connect to a vsphere server and carry out some tasks. I have used a powershell method which uses a secured way to protect the password but want to check and make sure it is working correctly in a test environment. Do I install wireshark on the computer which runs the powershell script? How do I search the entire capture to try and find the password of the account used in the powershell script? Thanks

asked 08 Jan '15, 05:04

dvenner's gravatar image

dvenner
1112
accept rate: 0%


For tasks like that it's acceptable to install Wireshark on the PC you run the Powershell script on. Easiest way to check for clear text passwords would be to start the capture, run the script and stop the capture after a while.

Then use the Statistics -> Conversation Statistics to filter on each conversation that talks to the vSphere server. Finally, use "Follow TCP stream" on each of them to see if there is plain ASCII anywhere.

You could also use the "find" dialog in string search mode to find the password directly - if you find nothing you can assume the password to be encrypted.

permanent link

answered 08 Jan '15, 05:10

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

Thanks for the quick response and very useful. Just one further question on your last point use "find" in string search, how do I access this search feature?

(08 Jan '15, 06:57) dvenner

You can find the dialog for that choosing "Edit" -> "Find Packet" (or pressing CTRL-F). Make sure you select "by string".

(08 Jan '15, 07:04) Jasper ♦♦
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×26

question asked: 08 Jan '15, 05:04

question was seen: 7,151 times

last updated: 08 Jan '15, 07:04

p​o​w​e​r​e​d by O​S​Q​A