A) Scan DNS & HTTP packets
By eliminating traffic protection, Wireshark can decrypt it and tell which devices are currently in the Wi-Fi network.
1) DNS queries
To see the packages we are interested in, let's start with DNS queries. With their help, applications verify that the IP addresses to which they should connect have not changed. They are directed to domain names, which usually contain the name of the application. From this, you can understand which applications are running on the smartphone.
2) To see application requests, we will use two capture filters, dns and http. This allows you to see the most obvious traces of applications on a Wi-Fi network. First, type dns in the filter and press enter. If this does not work, try several times in a row to switch in real time between the password and the PSK. Perhaps after that everything will work.
>Using Signal is a good idea, but it’s even better to use a VPN. Why? Just launching the Signal application creates the following traces, allowing you to understand that a person is chatting with someone in an encrypted program.
B ) HTTP packets
Next, we use the http filter to look at insecure web requests. Capture filters contain information like useragent, from which you can learn about the type of connecting device. We click on the packages and open the tab “Hypertext Transfer Protocol”.
1) In this example, you can see insecure HTTP requests to the chat server. What is it? Studying the package and domain name gives the answer that this is a WeChat application. It is installed on this smartphone and communication is not fully encrypted.
2) If you want to see all the decrypted data, you can click on the menu tab called “Statistics” and see the allowed addresses. This will show all the decrypted domains during the capture. This should be a long list of services to which the device connects through applications.
3) Wireshark makes it harder to trust Wi-Fi networks
This kind of monitoring seems intrusive, but you need to remember that your Internet provider saves the same information and can sell it or transfer it to law enforcement agencies upon request. If you want to protect yourself from such provider actions, you can use VPN services to hide local traffic through strong encryption. If you need to hide especially during certain actions, it is advisable to use mobile traffic instead of Wi-Fi.
written by undercode
Enjoy! Follow us for more...
No comments:
Post a Comment