Here we come with a new awesomeness of computer-cyber technology.
Thanks to Mr h4ck0d3r for supporting me and he given a opportunity to start a new series of Computer Hacking Forensics.
Cyber Security & Its Growing Significance
It’s very important to have a secured environment in our living nature and also it’s very important to have a secured and safe Cyber-security while browsing over Internet communication.
Communication is very important to our life. Indeed there are many social networks, E-Commerce websites and more.. There are many threaten situations on the Internet like hacking, Spam-emails, phishing, data breach and many more. So to get rid of the all this various malicious and obscene things we must have to have a good cyber security.
But sometimes the security fails because of various development bugs or any software failure. or it may be a DDOS by attackers, XSS. So to find out what exactly happened in as such situations the Computer Forensic is very important as well as helpful.
Here in this first article of this series we’ll discuss about sniffing data traffic from wire-wireless network source and we’ll see the tool Wireshark. There are many other tools. Network analysers are there. But indeed the wireshark is the best tool for network packet analysis.
Wireshark : Network Anazlyer & Packet-Monitoring Tool
Wireshark (Go Deep) is a tool used by many forensic investigators and hackers for analyzing data traffic and manipulating the packets getting useful information from the network traffic.
The current stable release of Wireshark is 2.2.5.
If you want to get this tool it is freely available on the Official Site of Wireshark. Click here.
It’s a open source tool. There is many distributions for windows, Macintosh and for Linux as well. Linux users can download and install this tool just by typing a command
sudo apt-get install wireshark
In Kali-Linux distributions the Wireshark will come with it pre-installed.
So by starting the Wireshark on your system you can turn your computer NIC (Network Interface card) into Promiscuous mode to get all the traffic (Packets, Frames, Beacons) on your system you can analyze it.
Some of the Web-Applications doesn’t have SSL (Secured Socket Layer) or TLS (Tunneling Layer Security) with it’s operations so we can get the HTTP-POST & HTTP-GET cookies information or about sessions in it.
We can immobilize such packets and decode it’s data to get such information (username or password). So there are inbuilt tools for doing that. You can convert the provided BASE64 or any kind of encoding system and you can decode it with several applications or some websites provide such facility. You can select any kind of packets right click on it and you’ll get a option menu that shows many operations that can be performed on basis of it’s protocol of that particular packet or stream.
Getting Hands At It!
Here are some Screen shots caught while analyzing HTTP-POST form-data(JSON) encode strings
so this site doesn’t had SSL-TLS so we easily got the login information through Wireshark.
Some time the API of certain web applications encrypt the data with Base64 such kind of coding
so you can decode it with some websites. You can go to base64Decode and paste your Base64 code and get result in string and remember the base64 code ends with ‘==’ at the last letter of last line.
We can also analyze the GSM traffic by getting the particulate device configured with our system
and also we can analyze the data-traffic caught by any other devices .pcap extension file.
We can also save the traffic for further analysis in .pcap file extension thats available is wireshark.
This is just a little about Wireshark. We can also capture whole TCP streams and we can get the streams of VOIP(Skype Voice-Call) and we can decode it to certain media file and listen through it.
If you are more interested with it you can download the official documentation of Wireshark and you can go through it.
To download wireshark please visit Here
I hope this article of the Cyber security/Computer Forensics was helpful to you.
Please write comments if you’ve any query . Stay tuned with our site.
Please check all the articles from this new series of computer forensics.