Wireshark

Examine Layers captured by Wireshark

Basically, when a user opens an application for sending or receiving Data then he directly interacts with the application layer for both operations either sending or receiving of data. For example, we act as a client when use Http protocol for uploading or Downloading a Game; FTP for downloading a File; SSH for accessing the shell of the remote system. While connecting with any application for sharing data between server and client we make use of Wireshark for capturing the flow of network traffic stream to examine the OSI model theory through captured traffic. From given below image you can observe that Wireshark has captured the traffic of four layers in direction of the source (sender) to destination (receiver) network

Here it has successfully captured Layer 2 > Layer 3 > Layer 4 and then Layer 7 information.

Ethernet Header (Data Link)

TCP Header (Transport Layer)

TCP follows Three-Way-Handshakes as describe below

• A client sends a TCP packet to the server with the SYN flag

• A server responds to the client request with the SYN and ACK flags set.

• Client completes the connection by sending a packet with the ACK flag set

Different Types of TCP flags

Password Sniffing

Because clear text protocols do not encrypt communication, all data, including passwords, is visible to the naked eye. Anyone who is in a position to see the communication (for example, a man in the middle) can eventually see everything.

1. Capture HTTP Password

• Hypertext Transfer Protocol (HTTP). It usually works on port 80/TCP

Capture HTTPS Password need a RSA Key To Dencrypt Application Data over TLS or SSL