HakTip 132 – Wireshark 101: Wireshark with HipChat

Today on HakTip, Shannon tests HipChat via Wireshark to see if her data is sent encrypted or plain text.

Download HD | Download MP4

HipChat is encrypted via SSL so you can work with your team on your network, and I want to make sure that information is for sure secure.

In my case, I decided to use the web browser login and send some photos, texts, and an Arduino code file to my coworkers to see if anything came up as straight HTTP.

Opening my file in Wireshark and I see a bunch of stuff happening in here. Some of these IP addresses belong to things such as my Dropbox syncing or our NAS, but a few belong to HipChat servers. I ran across a couple of HTTP Dropbox packets, but then notice all the TCP ones. Match up the IP address to the site in question to determine if it’s secure.

There are many common problems you may run into with connections, and I wanted to name off a few just to get your creative ideas flowing.

Let’s say your network printer keeps malfunctioning when you connect to it to do a print job. Sometimes it works, sometimes it doesn’t. In this case, you’d see a TCP ACK packet in Wireshark, then the printer would receive a bunch of packets with data. But if you see a TCP retransmission packet sent to the printer, that means there was a disconnect somewhere. In this case, you’d want to test several computers to see if they all have a problem sending the printer TCP packets, or just the one. Furthermore, then you can check the printer.

When I worked at a bank, we used an intranet for all of our local work. One of the branches couldn’t get to the intranet, but our main branch could where the server was kept. In this case, the branch would get server failure’s under their DNS packet header, showing that they couldn’t get to the intranet. The Intranet would show UDP packets sent to the branch, or TCP if the packet size is too big. If you’re seeing a SYN packet with no response in this TCP header, it may be because there is a zone transfer issue.

Let me know what you think. Send me a comment below or email us at [email protected]. And be sure to check out our sister show, Hak5 for more great stuff just like this. I’ll be there, reminding you to trust your technolust.

  • DomenicZCuzzo
    Reply

    hello there and thank you for your information – I’ve certainly picked up something new from right
    here. I did however expertise a few technical points using this web site,
    as I experienced to reload the website many times
    previous to I could get it to load correctly. I had been wondering if your web host is OK?
    Not that I am complaining, but slow loading instances times will sometimes affect your placement in google and
    can damage your high quality score if advertising and
    marketing with Adwords. Well I am adding this RSS to my email and can look
    out for a lot more of your respective intriguing content.
    Make sure you update this again soon.

  • MaragretWLaymon
    Reply

    Its like you read my mind! You appear to know so much about this, like
    you wrote the book in it or something. I think that you could do with a few pics to drive the message home a little bit, but other than that, this is
    wonderful blog. An excellent read. I’ll definitely be back.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>