Ph: (07) 8686516
Office Hrs: 7am to 6pm, Monday-Friday, NZ Std Time
After Hours Support by Arrangement
Blog
Using WireShark to ensure clear text user details aren't leaked
Using Wireshark to ensure that sensitive information, such as user details and passwords, is not being sent in clear text over the Internet is a good practice for network security. Here’s a step-by-step guide on how you can set up and use Wireshark for this purpose:
-
Install Wireshark
First, download and install Wireshark from the official website. Make sure you have the necessary permissions to install and run the software on your network. -
Capture Network Traffic
Open Wireshark.
Select the network interface that you want to monitor. This could be your local Ethernet or Wi-Fi connection.
Click on the "Start capturing packets" button to begin capturing traffic on the selected network interface. -
Filter Traffic
To specifically look for HTTP traffic, which could potentially contain unencrypted sensitive data, use a filter. For example:
- Enter 'http' in the filter bar and press Enter to apply the filter. This will show all HTTP traffic. -
Look for Sensitive Information
Now, sift through the filtered packets to see if any potentially sensitive information is being transmitted in clear text. Here are some steps:
- Click on individual packets and inspect the details in the middle and lower panes of Wireshark.
- Look for any GET or POST methods in the HTTP protocol which might contain clear text credentials or other sensitive information. -
Use String Matching
You can use string matching to look for specific keywords such as "password", "username", etc. Use the following filter:
- In the top bar, enter 'http contains "password"' or 'http contains "username"'
- Adjust the strings according to the data you expect might be transmitted insecurely. -
Analyze SSL/TLS Traffic
It’s also crucial to check encrypted traffic for secure handling of sensitive data. For this:
- Use the filter ssl or tls to view encrypted traffic.
- Check if sensitive information is being transmitted via secure protocols rather than plaintext HTTP. -
Set Up Alerts
Wireshark allows you to set up alerts if specific types of data are detected:
- Go to "Edit" -> "Preferences" -> "Protocols".
- Find HTTP and add a rule to highlight or log specific keyword findings like "password". -
Continuous Monitoring
For ongoing monitoring, consider setting up a dedicated system that continuously runs Wireshark or similar network monitoring tools. This setup can alert you to any potential leaks of sensitive information. -
Save and Analyze Packets
You can save your packet capture for further analysis or for an audit trail:
- Click on "File" -> "Save As" and save the packet data for later review. -
Follow Best Practices
Ensure that all sensitive information is sent over HTTPS or other secure protocols. Educate users and developers to use strong encryption practices.
Additional Tips
- Make sure to run Wireshark with appropriate permissions and in a manner compliant with your organization’s policies and regulations.
- Be aware of privacy issues; capturing packets might inadvertently capture personal or sensitive data from other users on the network.
Wireshark is a powerful tool for network analysis, but it requires careful handling to ensure that it is used effectively and ethically.