I want to check if wireshark can capture packets during a cyber attack by experimenting a simulated cyber attack. The scenario is that the cyber attack was spotted at port 8080 using TCP protocol. The attacker is using a simple python script(the popchat.py).
So I immediately run wireshark and the result is astonishing, the packets was indeed captured live see image below.
I used my ip address as display filter to limit the packets being captured since my pc is capturing tons 0f packets. It was really easy to find the packets that I am interested in because I know the port number and the protocol used(TCP) and by clicking the row(both source and destination) I am able to capture the message exchange between the server and slave. The payload was the word "hi" and "hello", in actual hacking incidences, it could have been an instruction to delete a file, download a file, or upload a file(a ransomware perhaps).
Hacking can be done through using this method and it seems a network packet scanner can be created to prevent this from happening(just an idea).
No comments:
Post a Comment