Running head: WIRESHARK CAPTURE 1

Wireshark Capture

Raul Mendoza

University of San Diego

Network Visualization and Vulnerability Detection

CSOL 570

Mike Hallman

February 13, 2017

WIRESHARK CAPTURE 2

Wireshark Capture

Steps followed to configure and launch Wireshark:

1. Open VirtualBox and select your Kali VM.

2. Within Kali, Click on the Applications tab

3. Scroll to “09 Sniffing and Spoofing”

4. Select Wireshark

5. Wireshark will start at which point you will need to select an interface to begin

packet capture.
WIRESHARK CAPTURE 3

6. Select eth0

Screen captures of IP packets captured:

Once started, Wireshark will begin collecting traffic specific to Eth0

Note: No filters have been applied, therefore, all traffic will be seen.

Screen captures of TCP segments captured:

If we want to see specific traffic, we can apply different filters that will show only what

we want to see. In this instance, I applied a TCP filter showing only Web traffic captured on port

80 (tcp.port == 80)
WIRESHARK CAPTURE 4

Screen captures of encrypted messages captured:

In order to show encrypted traffic, I opened the Iceweasel browser and navigated to

www.navyfederal.org. Because Navy federal allows for online banking, encryption is used for

secure authentication. In this instance the traffic captured is reflected as TLSv1.2.

Summary

Wireshark provides administrators the ability to monitor traffic within a specific network.

As an open source tool, it has opened the door for multiple security experts to analyze packets

without having to spend a large sum of money. This tool enables Network administrators the

ability to troubleshoot network problems, security engineers to identify security problems,

developers to debug protocol implementations, and provides users an effective way to learn

about protocols. Wireshark is extremely powerful and should be included in any security experts

tool bag.