Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
shooter27

HOMEWORK help needed

36 minutes ago, shooter27 said:

Hi, 
So I've got a homework to do. They gave me a pcapng file (constains wireshark packets)
The question is : Knowing that port 80 is usually used for the http protocol, show that this protocol was used to send sensible informations regarding a file containing passwords from machine 192.168.1.119 to a distant server

So I filtered my packets : tcp.port == 80 && ip.addr == 192.168.1.119 && http 
But now I still don't get how to show which packets contain those informations

I'm looking at the info column to try and figure out something but I don't get it...
Doing the homework on a kali linux vm if that helps
Any help is appreciated.

 

That should do it?

 

Cheers.

 

Andrzej

Recommended Posts

Posted · Original PosterOP

Hi, 
So I've got a homework to do. They gave me a pcapng file (constains wireshark packets)
The question is : Knowing that port 80 is usually used for the http protocol, show that this protocol was used to send sensible informations regarding a file containing passwords from machine 192.168.1.119 to a distant server

So I filtered my packets : tcp.port == 80 && ip.addr == 192.168.1.119 && http 
But now I still don't get how to show which packets contain those informations

I'm looking at the info column to try and figure out something but I don't get it...
Doing the homework on a kali linux vm if that helps
Any help is appreciated.

Link to post
Share on other sites

Maybe open up the packets and look at the payload?


Current Network Layout:

Current Build Log/PC:

Prior Build Log/PC:

Link to post
Share on other sites
Posted · Best Answer
36 minutes ago, shooter27 said:

Hi, 
So I've got a homework to do. They gave me a pcapng file (constains wireshark packets)
The question is : Knowing that port 80 is usually used for the http protocol, show that this protocol was used to send sensible informations regarding a file containing passwords from machine 192.168.1.119 to a distant server

So I filtered my packets : tcp.port == 80 && ip.addr == 192.168.1.119 && http 
But now I still don't get how to show which packets contain those informations

I'm looking at the info column to try and figure out something but I don't get it...
Doing the homework on a kali linux vm if that helps
Any help is appreciated.

 

That should do it?

 

Cheers.

 

Andrzej


"Introduce a little anarchy. Upset the established order and everything becomes chaos. I'm an agent of chaos. Oh, and you know the thing about chaos? It's fair."

 

/ Polak / Husband / Employee / Hetero / Carnivorous / Fugly / Geek / @$$hole / with ADD / Roman Catholic /

 

You can always buy me a cup of coffee if you feel like it...

Link to post
Share on other sites
Posted · Original PosterOP
24 minutes ago, Lurick said:

Maybe open up the packets and look at the payload?

well I'm tying but I dont see anything different than the other that would suggest one packet is sending a password file...

Link to post
Share on other sites

As http is a clear text protocol, the information you are looking for is in teh HTTP payload.  

If a cleartext file was transmitted in http  you should see the text contents of that file as its chunks are sent to the distant server.  Wireshark should reassemble for you and you woudl see it.

 

As far as the how to find it or where in teh flow it is.... Well... Its your homework, you wouldnt want to run afoul of academic codes of conduct and what not....

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


×