Analyzing clear-text traffic
First up we will look at the clear-text traffic that traverses our network. The biggest security issue with such traffic is the human-readable and understandable format it is in, even sensitive information as user credentials. Clear-text traffic can be easily understood by human beings without any additional processing, as we will see under this section. Many common protocols in our networks communicate in such a manner. The following is the list of commonly used protocols:
- FTP
- Telnet
- HTTP
- TFTP
- SMTP
- POP3
Viewing credentials in Wireshark
Now, we will look at how to view credentials for these clear-text protocols individually.
FTP
File Transfer Protocol (FTP), is used to transfer files over TCP and by default runs over port 21, unless customized to use a different port. It is one of the most common protocols used for file transfer. The following is a capture of an FTP communication showing user credentials in the packet lists pane of Wireshark:
FTP credentials in clear...
