This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Verify a password is not sent in clear text

0

I'm totally new to wireshark so I need help in checking out, to verify a password is not sent in clear text. In the process of testing a powershell script which uses an AD account and password to connect to a vsphere server and carry out some tasks. I have used a powershell method which uses a secured way to protect the password but want to check and make sure it is working correctly in a test environment. Do I install wireshark on the computer which runs the powershell script? How do I search the entire capture to try and find the password of the account used in the powershell script? Thanks

asked 08 Jan '15, 05:04

dvenner's gravatar image

dvenner
1112
accept rate: 0%


One Answer:

0

For tasks like that it's acceptable to install Wireshark on the PC you run the Powershell script on. Easiest way to check for clear text passwords would be to start the capture, run the script and stop the capture after a while.

Then use the Statistics -> Conversation Statistics to filter on each conversation that talks to the vSphere server. Finally, use "Follow TCP stream" on each of them to see if there is plain ASCII anywhere.

You could also use the "find" dialog in string search mode to find the password directly - if you find nothing you can assume the password to be encrypted.

answered 08 Jan '15, 05:10

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

Thanks for the quick response and very useful. Just one further question on your last point use "find" in string search, how do I access this search feature?

(08 Jan '15, 06:57) dvenner

You can find the dialog for that choosing "Edit" -> "Find Packet" (or pressing CTRL-F). Make sure you select "by string".

(08 Jan '15, 07:04) Jasper ♦♦