View original (French)

Wireshark password

Solved/Closed
zack -  
brupala Posted messages 111399 Registration date   Status Membre Last intervention   -
Hello everyone

As part of securing my VoIP network, I captured the packets (accessing the Trixbox server via the browser) using Wireshark. However, I can't seem to find the username and password I used to connect to the remote server among all these packets.
Please help me if you know an effective filter (to locate the username and password) or any other way to achieve this.

1 réponse

Réponse 1 / 1
Cooyoo Posted messages 727 Status Membre 229
 
À ton trixbox, t'y es connecté en http ou https ?
0
zack
 
in http
0
ciscowarrior
 
you filter on tcp and destination port and destination address, then you select one of the packets with right click and follow tcp stream.
0
zack
 
Thank you for the response, but even applying this filter combination (tcp.port == 80 and ip.dst == 192.168.1.140), I still have an overwhelming number of requests; and knowing that only one of them contains the password in question, following the TCP stream on each packet and scrutinizing the content would purely be like searching for a needle in a haystack.
Thanks again...
0
brupala Posted messages 111399 Registration date   Status Membre Last intervention   14 430
 
no, wrong,
when you do a tcpstream follow, you get the list of all the packets from a single conversation but especially the transferred content displayed in ascii and the login is necessarily at the beginning of the conversation, unless it is not done on the same tcp connection
on the other hand,
it's encouraging for the security of your system, if even the administrator can't find the passwords ;-)
0
zack
 
rest assured, the system is designed for educational purposes. thank you for the feedback and assistance. being away from my system, I'll check tomorrow and keep you updated.
thanks again...
0