201814thInternational ConferenceonNatural Computation,Fu zzy SystemsandKnowled ge Discovery (ICNC-FSKD)

Analyzing thewebmail using Wireshark

Pimjai Navabud Chin-LingChen
Department of Information Technology Department of Information Management
RMUTT National Pingtung University
Nun .pimnava@gmail.com clchen @mail.nptu.edu.tw

protocol.In[9] , SSLlTLS(SecureSocketsLayer /Transport

Abstract-- Wefocuson penetrating test comparison of Layer Security) hasbeenbuiltinwebserver of HIS(hospital
use ofhttp andhttpsonthewebsiteapplying Wireshark tool. informationsystem)toguardbiometric information whichis
TheresultshasshownthatHTTPSprovidesamuchmore transmitted betweena smartphone toHIS.Thisstudyhas
securechannelovernetworkthanHTTP . applied Wireshark tovalid ate the transmission security.
Wireshark toolenactstheethicalhackertodisclosethe
Keywords: Wireshark, security , mailservice . securitydefectsinthesystem . This approach of identifying
vulnerabilities is considered toberapidandisprovedtobe
I. Introduction effective[10].HTTPshasthesamemethodsyntaxtothe
HTTP.However , HTTPSenablesthe browser toapplyan
extra encryption of SSLlTLSto encrypt thetraffic.
Usually Wireshark is introduced intonetworkrelated
classesforitssplendid characteristic of analysis of network Thispaperapplies Wireshark to penetration testing
traffic. Wireshark notonlyhelpsstudentstodeeply campuswebmailandtrytofindits vulnerability.
understand the abstract concept of TCP/IP stack, butalso Therest of thepaperisorganizedasfollows.SectionII
providesa measurement toolto effectively deducethe describes the experiment andresults . SectionIII concludes
networkproblem [I]. thispaper.
Recently, the techniques of topology discovery and
networkanalysis of complex businessnetworkand II. Experiment and Results
distributed networkriseto prominence. Muozet.alhavedealt
with distributed network analysisbyusing Wireshark to Weapply Wireshark to penetration testingwebmail of
examinethepackets exported by Netflow devices[2].With NationalPingtungUniversitycalledwww.http: //stmail.
properly configuration, monitoring devicesonly export the nptu.edu .tw.
dataneeded.One of thefamouscomplexbusinessnetworkis
Thetest procedures haveshownasfollows:
PROFINET. Sahinet.alhaspresentedtousethe Wireshark
add-onto discovery the topology ofPROFINET network[3]. I. Start Wireshark fromWindowandOpenWireshark
In[4] , BlUST campusnetworkhasbeen analyzed by installedonwindow(Figure1).
applying bothWiresharkandMATLAB.As expected, most
of the available bandwidth of BlUST campusnetworkhas ~ I M lII _ _ .....,...~_ I ,UI.l~nroII l

1M !iIt !N'Ioo I"""""J: '0010 1_ !!II,

beenusedupby non-research based applications.
~ ~ t-.~ ~'"

0' 11 x 2 C\ ••• l l . r. ,, :II

';l ~ .. c """ 1M

In[5],twofamousopensourcepacket analyzer tools,

WiresharkandTcpdump , aremeasuredto compare interm of

. ___--- .
functionality and performance. Daset.alhaveshownthatthe 0 InltrfitCtUrt
__• _
-H·; · If
~ Welnitt

unsecuredpackets transferring betweennetwork cameras and

serverscanbeeasily captured by Wireshark [6]. .. .. __
::':'::....__.-
p,,_ otl'Jj
~ _ O\ _,, ~ "' _·,

--
l ' , _, \Io.oo&oIot.' _\l l" _~ "!
~_tIII _ "... _ , O',.... ,,\I-&M.' .. tlli ..
"' _ _ w.- _
Wireshark alsoisusedtoanalysisthenetwork behavior -,
O"_ '~ '_-...... IU·""
l "' _ ~' _ ""'l ""-"ll[ ll lll
O" _' ~, -'-"""l t l}l l$!

afterthe backdoor exploitable hasbeenfound[7]. lf ~

I \'wI. '
_ e- "
O'..... ',\oo.oAA "" _',i<H< .......l ..
t', _·, ~_ JoQ .,.....lll l "

Furthermore, Wireshark canbeusedto calculate theresponse

1l'. _, ~· _ """,. _Il11 1i1
I USIP,.,l ll',_'\-oLIn._..l.,w\.{...~I "" '"
I UIW,.,1
time of web server by measuring theflowbetweentheweb 1US8P'"

serverandtheclient[8].
HyperText Transfer ProtocolSecure(HTTPs)is
considered tobemuchrobustthanHTTP.HTTPsencrypts
thetrafficbetweenyourbrowserandthewebsite.Theuse of
. ..." ...............
• !lWJJ.

SSLlTLSdefendsthetrafficbetweenthewebsite of HISand Figure1:Interface of Wireshark

aweb /smartphone browserencodedwiththeHTTP

978-1-5386-8097-1/18/$31.00 ©2018I EEE 1237 +IEEE

 2.Wechooseinterface "Wi-Fi 2" andstartlivecapture ' '''''
- - - .....
f,lfLlll ~_""'-_~~_'-Ho,

, •• ~ J; e ~ .il : = ' ~ l\ !!
(Figure2).

[
~
11 •. ' _ 1'1.111.1.11 \)1.111 .111.7 """ NIOS1 1<11"IOf_,II . . -U.,l ,,",,11.1
11. , _ 1•. 11'.111.7 tll.IA.t.1l ..,. ~"""I.I.OJ (. .. t~l

... ,
I • •. _ 1t/.III.I.1l UI,I-lI.IIt .I I<fI·.*"' _ _ ~ t 1 _ ~lkrt.-....~ .lf<_I ·._Il ta- ~
n.,'l_ llIUIt,II1 ,1 ltl .IM.I.ll 1:10,,",11,1_01 (' ",, /lItlII1
)1 •. ' _ 11,1.111,1.11 ut.III.IIt .1 .,. •• , •••' _ Ul ....., ~ .x. I • .CIl1_,T'..I'I_l I _ .II . ..../ I. 1
".,'jJOfoI U'.l1I.W.I 1'1.1".1.1.1 IU",",II.l_OI (.:.... j
1oI.,IIU11 ItJ .I.II.l ,ll UI.U' .lU,l .,." ' _ Il/ ~ ~ >Itoo Ul. C tll _ , .. .. lti<oool!..1*- ,Jlf ,U
~1"'_Goc.,.... Wpor\blota~_l"""" ~.,III." It.I .III,I ,1l U'.II'IIt ,1 ..,. 17.IiIIT I '_ llI ~ l.-f1 .x. I • . (Iol_,T'oIlIw..I!Iu._,.,.' ,I .1

- -
VQo i • . CII1_ •• ' ..I.~
4 • •· ·~ :te q "' ' fi T l::~a.~ ~ . . . . .11.11
U .,"lI)o It.l ,III,I.1.I UI. l l ' l l I ,l or",
. , •• 1
1Tl., I ' _
,i _ I I! IOtp</
llI '"""'
~
~ .ltoo lJl. c . _ " ..... uo.I!
I! I.J1 ' .....' 1.•
....,.,J1f.. ""I ,1

'1._
~ - _~

l'._ " UA.HI l J'.)Ss.m.nI SSDO "'II-Sf,IJI(~·-mIt.1

1',IllJH
Ill.I6t.l.l.l
1Il .1U.l.l1
m.m.IS1.N
11.11.17.'
1'1.IU.I.II
WI"
\lO,
fI7
Iltll-SUC!l"lOTTJll,1
" [Mt,...... ,.lliJt.
"' .. J.'Klll [a )IOot-I ...... IWl..llllf....

" .l.l_
,0, 1nUl lUI .P.1 1tl.1M .I,11 TlSool.l llJ""U<alIooOoti
)1.U ,P .1 1'1.1'1 .1.1) fLSol.l llJ ...Il<tlitlllloU
J' .~ m .I''-1.11 J1.U.P .1
:'1.2 ~ =< :,~~ ~ J ~I

I
....,tJ _liS..-
1•. 5:l1Jt1 IN .I6I.1,lJ n .U.I7.1
tun,,' II.U.P.1 1'1.1".1_11 fLlowl.l ,. .... Ue.r:."'OfU
lI'.~ ItJ .lU.l.lJ II .U.I1.1 10' WKlO6 . ..I [1Illl lqomAdl.:"~l"-
t , " ,.
, . ,_ I: Jli ijt•• '" Oi" {IJ~ ~ I • • Iii ij1 .. '~_ (l1JI lit) .. I f'f.,,' ,.P ••••• ,., a .. "
,., ""411) • • •1 dill .. "".
I f l _IIl, Src, Llt_"_19, " dJ ()f,",.,:2t," ,lll, Ill" 1 _.ot]I:I';I. ('I' . : \ot,7f"U.l
.. "' 1IIM . ) O I l l l H " . U t
I l.. ......t -..-.' ...... 1000 I, $<"<,W.Ut.l .ll. 0>1: l".m.m.$ '10""'7:1111&1'" JOI. . . . U 111'1'"
: ....... Dot. ... - ' 1 , Src I'ln-t: M~, ht ..... : 1tII )1'1"".""11 .ulll .. n ... ~
................. n1'ltln_
~ .... "'."'''1:1 .. lito.) "N.·
~tlttl!lllll.l litO ..

, ~

" ~....
~'. JlII
".V •• "t
_" M
IlK.
ti ~

,_..
(1 7 =_:;-;
_ 11_
= = u;<, _; ; ~ ; : _:::;--------------------------

Figure4:FilterHTTP

5.Weusethe "http.request.method = = POST"tofind

UsernamePassword(Figure5)andcontents ofthe e-mailsent
(Figure6).
Figure2:Startcapture

3.Accessthewebmail http://stmail.nptu.edu.tw.Loginis
verifiedwithvalidusernameandpassword.Wesendanemail 4 _ •
..
~ :lt: r: q, . If,Tt :; '' 'll. €l.El !:!

.... -
~

totherecipient. Whenever loginand email-sending are

~

successful, thelivecaptureisstopped.(Figure3) .

f-
;:' lI
C Q)\'..w.
a 'o " .:t Il 'aalxc*:
£l"j!fp..!CWw
* l lOC:lJ.
q-on.
, T ~ 5e-
~
""' ~ "oL
~
~ ~
~
:r

@
pen
c i
__ 1ccnII~ ·~ :l P" ,. ~ ..~ ~ ... I ~ . •· 9 ur..-
! tr S

-
Webm ~ :::::::: ~5E~E~E?
1In7)Jl ....... '. 101""'''"''101''
lll",,,,,,,"nu_
" 1~ 1'I .f ,.

..,. ..... ,.11101 .. n .. "" n"'"

Figure5:Find "username" and "password"

f- C G:lP"Ji lMl~u.tN cg {lf\ ~ ' tlE'l .l !t l'1 ....llW'leswll j OP. I'lJllestr'al."{t.lI.eiI\II'slJr~rn~1""~ ~ ~36o%~ =~~ ='&b- 11' S
~ Irt It I.u"'~ . -s. :I P".,:e.1rv_ P.I tr~5 I- R ·r.,t'i 9 u >r

• 1,3 ~
id : T ~ lS , liJ ~2 Dl1 ID 5 1; 7 <iJ 5tG Q
.......
L H '.llmf
-1».I~.Ill.~
--
!lUI•. n,",
-~
,.,-yp
.....
'IiJOST 1~1"1"'~tV~II·...-4.p'H
. _ ·,..Iool~ ·.....-.,
O<t~~'!!I!! .. "I"I!1loJ'lf!"'Il.!f!...... tw'II..i1.....

1fH ~ @ >lIU l lIl*I ~ lr t. c.

~ 'C pfn i @ ;lIr ,j I , " dl lJ
Ka.1:~
J.:!,l~ "'lS'Irl

..
123J5e
18'llJ

Tlil re ssa \l! N s ~ ~ I:r~ e; rl d

:
, , __ II:
=.:~~
' '''lo' ·1I·lIolo, _ _1
~~'''..t~

=~o
(' * biu). ~

: JO:. (11:0':":"")&:11). D.. :

¥ Ol <1PI0n4 (MIl bllO)" \.01
Id"_ .I~:Cli
di~~ Olm;nt t,VoiI~ l Cis
, 1_, _ , _ _1 .... 11.. . , Yt: 1101> 1•• m.m.1

:;:.. .~ : : :
!l;w."tdtb:tF.,n 111.1 '1.1ll.~,

.1,3 ~ ~ : ~ : o : : n~ '-:' :S:i':;.':;t~)~~~ ~ :; l

rili lir ! ': ~ ~
, nt .. _, tee 1' " , , " " " " 11.. ""fl'"
"»M"
' _ I ' ol< ~ _lo 1.. _1.. 1<>0. '''': ..llt,vtll.... ...... - . r, ' . 11 kI ld" 'I '.11" . " 'I""I<IJI"
1)IIMI111"'II' JJ . . . IiI""UJI
nlil"UUUHHH""U."ntl
Ill1 .. UlIlS .... 11 1J""JSIlMM

... :::~:~::~
A.fn .... II JI)I ' 1 1 ' n " " " " , ,
_ U
~
"""' ..
U li H U ldldtl

"")1)1
. I - U _ .. ,. . . "liu

III" >!""
II 1"1 1'1 "MIlJO""'I'1
······...1Il1""
.....,_~

:~::::::::
Figure3:Logintoemail of NationalPingtungUniversity ts'll
_ H lII .. litlJ .. " "
tsJl . 11l .. U . . .IHU
l:T " .. "
"1... "",,./1 ..
nit'"
.1I",n .. nU ll
l'I)q6o< .. c.rt ..
, ·DI_llloo :1 "UllU.f .. "JI
lJlt . " J l I l " " Ill./l nMnn l
1• •

..
::i:~ ~ :.~ " I I 1Itb .... )1 II Jl)l" M 11)1 tfll

(www.http: //stmail.nptu.edu.tw)
_ IIU 1&littl"'ll " " " ' ....
ISM 1)1)1111.,,, ldHldldHldSI" .. ..... . ... .. -1/1 . . . . . . . . . . H1' HlII1'H"""I.
_ UoOb0,. " .. 1"1" U 'flS .. .. lllJJ't 'dt -.....,
_ JlnllMMlIIlIU .... II Jl7101l11 :::::::::::::~::
llll ",. ts " ., "'IJI
IUM 1'11qGo<
fkt ....
tWI
_
010"",,)0." 11 .. H .. 11 1&11
JloJt .. II".SNIJ n " .. ,,"nlSsl
nH",,"1) •."",.. t·OIl9tJ
it ...: , ........
,_'~ .

4.PerformHTTPfiltering.Thisresultsdisplayalist of all 0"_!Ili~

7 _ 1 C I ' (Wl...-o!
~ .... ~)O+<_

HTTPpackets.However,onlyHTTPtrafficisneededtobe
furtheranalyzed(Figure4). Figure6:Find content of email.

1238
 on Advanced Computing and Communication Systems
III. Conclusion (ICACCS), pp1-4 ,2017.

Inthispaper , weuse Wireshark to penetration testing the

HTTPandHTTPswebmailsite, individually. Wecanuse
Wireshark to capture the content information of HTTP
webmail , aswellasusernameand password. Ifusers wantto
keepdatasecure,theusershouldusewebmailwhichis
encrypted byHTTPS protocols indata transmission.

References
[I]. S. Wang, D.S.XuandS. L. Van," Analysisand
Application of Wireshark inTCP /IP Protocol
Teaching," 20I0 International Conference on E-Health
Networking Digital Ecosystems and Technologies,
vol.2 , pp 269-272, 2010.
[2].G.Muoz andG.Carle ," Distributed Network Analysis
Using TOPAS and Wireshark," 2008IEEE Network
Operations andMan agement Symposium Workshops,
pp161-164 ,2008.
[3].V.H.Sahin , i. Ozcelik, M.BaltaandM. iskefiyeli,
"Topology discovery of PROFINET networks using
Wireshark," 20I3 International Conference on
Electronics Computer and Computation, pp88-9I ,
2013 .
[4].T.Solomon,A.M. Zungeru andR . Selvaraj ," Network
Traffic Monitoring inanIndustrial Environment," 2016
International Conference on Electrical Electronics
Computer Engineering and their Applications, pp133-
139,2016.
[5].P . GoyalandA . Goyal ," Comparativestudy of two
most popular packet sniffing tools-Tcpdump and
Wireshark," 20I79th International Conference on
Computational Intelligence and Communication
Networks (CICN), pp77-81 , 2017.
[6].R . DasandG . Tuna ," Packettracin g and analysis of
network cameras with Wireshark," 20I75th
International Symposium onDigitalForensicand
Security (ISDFS), pp1-6 ,2017.
[7].V.K.Gudipati , A.Vetwal , V.Kumar , A.Adeniyi , and
A. Abuzneid, " Detection of TrojanHorsesbythe
Analysis of System Behavior andDataPackets, " 2015
LongIslandSystems Applications and Technology, pp
1-4,2015.
[8].P.P.DeyandH.K . Kalita ," EndUser Response to
Web-server Access -Calibration Method ," 2015Fifth
International Conference on Communication Systems
and Network Technologies, pp 1020-1024,2015.
[9].J. -r. Lee, Y.-H.KimandJ . -K. Lee," SSL Application
for Managed Security between theMobileandHIS
Biometric Information Collection Client, " 2014
International Conference on Advanced Information
Networking and Applications Workshops, pp55-60,
2014.
[10].S. Sandhya, S. Purkayastha, E. Joshua andA.Deep ,
"Assessment of website security by penetration testing
usingWiresh ark," 20174thIntern ational Conference

1239