Hi. Welcome back to the course. We just wrapped up our discussion on sniffing
in this video. We're just gonna talk about an introduction to our sniffing labs. Morris, I'm gonna go over just a very brief pre assessment and we'll talk a little bit of all things like wire shark and Max poofy.
So let's go ahead and get started.
So a pre assessment, I'm just gonna read over the questions, and then I'll pause a minute to let you have a chance to answer them.
And and you're also welcome Toe Paul's video as well. If you want to, we only have a couple of questions here. It's very, very simple here. So let's start with question number one. So all of the following our benefits of white shark, except which one of these?
All right, so if you said answers, see that wire shark hard codes? The Mac address you are. You're correct. That is not a benefit of wire shark. Now the hard coating of Mac addresses actually done by the manufacturer and not any particular tool that we have access to.
So why're shut? Does off the opportunity to capture packets, identify and analyze protocols and also can display the contents of packets. That's especially useful if we can grab some type of user credentials. So user name and password.
So Question number two as a penetration tester Mac spoofing could help you avoid attribution.
So, basically what that means is it will help you avoid getting car.
You're correct. Yes, yes. The answer is true. There s Oh, yes, Max. Boot spoofing is one tool in the arsenal. So there are a lot better ways of avoiding getting caught. But Mac spoofing and again, it's just one tool in the arsenal.
All right, So sniffing is something we've kind of touched on quite a bit in this module, basically at a very simplistic level, Sniffing has just used the log traffic on a network. So if you think it is in the aspect of I'm sitting on one side of the couch, you're sitting on the other. We have the family dog between us, and now I pass you a plate of
of a bunch of good food, right? So whatever it is, if you like cheeseburgers and pizza,
something like that. If you're like a vegan, maybe a salad or some type of vegan dish. Whatever it is, the smell is really, really good, right? It's a lot of different types of foods,
so I pass it along. I pass it over the dog to you. Now the dog is sniffing right, so the dog catches all those different scents. So think of it in the context of that of these air pack. It's going over the network. So each sent, you know, whether it's that cheeseburger or that slice of pizza or a piece of cake. Whatever it is, you know, if it's a salad or that certain salad dressing,
each one of those is a packet
that our dog or or let's name our dog wire shark. Our dog is picking up those packets and then analyzing them, right? So the dogs, sniffing all those sent packets of saying, OK, well, that one there, that's That's a cheeseburger. I know that send. And then that one there, that's a salad. I know that scent and,
you know, and that one over there that's that's a K a piece of cake. I I know that sent as well.
And then, of course, you know you eventually get the plate of food. You're you're the end. You're the destination
on that network. That couch network I just described. So
and it's really not things to catch Network, but anyways,
um, so again, I'm I start off on the source, right? I've got the plate of food. That's all this good food that you know everybody wants. Everybody likes.
So I take that that plate of food my, my, you know, set of packets, so to speak.
And I passed those to you. You're the destination of that food or those packets. And then again, the family dog sitting there in between us and the dogs, intercepting these packets and analyzing them. So they're Doc's collecting all those scents
from the different types of foods and then basically analyzing them in its head and saying, Hey, you know, that's cake that, you know, ice cream. That's pizza. That's a salad. You know, that's, you know, some zucchini bread. That's whatever. Whatever it is, whatever it is, you pick your foods. But that's essentially what we're doing. We're sniffing.
So then the Mac address. We talked about that in the preview in the pre assessment question there, so that's hard coded by the manufacturer. So when we get into this Mac spoofing portion of it were essentially just trying to obfuscate
the Mac address that's
put there by the manufacturer. And we want to put a fake one essentially and say This is really our Mac address so they can't trace it back to us again. That's one tool in the arsenal, cause there are ways to ah, figure out who the Mac address is really from.
So we talked about some of the wire shark benefits of capturing packets. They it allows you to identify and analyze different protocols. So things like T C p i p this evening a TCP UDP on distant, different browser protocols like http,
it allows you to identify and analyze protocols, identification of the source and destination of traffic. So if you think of our couch example with the dog so I'm the source of the packets of food, so to speak, and then the destination is gonna be you, right? So that the plate is traveling from me to you
displays the contents of the packet. So that's again especially useful if we're trying to capture like passwords on the network.
And so here I've just got a screenshot of some, and I've also got this as a downloadable document for you. But this is some common filters that you can manually type in wire shark. Now, you can also click on and set filters automatically as well with a click in your mouth. But these are some of the common ones that people use as
part of filtering just typing in manually.
So depending on what you're trying to do, you know, if you're trying to look at an I p. P for a dress, for example, you could check it and narrow down your search results based off that if you wanted to look at certain types of TCP flags, you can do so as well.
You could even get into I p v six udp packets. You could even go off different operators. You know, you could say this equals this or that is, you know this and this is greater than that, etcetera, etcetera.
So in this video, we just touched on a very high level of what you're going to go over this lab. So again, we're gonna start off with wire shark in the first part of the lab, and then we're gonna move into the Mac spoofing where we spoof that Mac address