Son : Yes Papa !
Dad : Shall we go to cinema today?
Son : Sorry Papa. I have to reply lot of emails. By the way dad, is it possible to steal my email password by some of my classmates?
Dad : If your computers are interconnected in a LAN using HUB, then there are more chances for stealing.
Son: In my computer practical class room, there are about 12 computers interconnected by LAN using HUB. Our network diagram will look like this image:
Dad: That is fine. Which email you are is using? Whether gmail,yahoo,rediff or hotmail ?
Son: I am using gmail.
Dad : OK. Observe the screen shots of Gmail,Yahoo and Rediff I have given here. Carefully watch the address bar. Gmail and Yahoo are using HTTPS but Rediff is using HTTP. HTTP means data will be transmitted in PLAIN TEXT and HTTPS means data is encrypted and sent.
Son: You mean to say, if a page is having https then the data is more safe.
Dad : Exactly.
Son: Let us suppose, it is HTTP. In that case what method the culprits will follow to capture the password?
Dad : For that they will install PACKET CAPTURING SOFTWARE ( normally known as PACKET SNIFFER or PROTCOL ANALYZER) such as WIRESHARK in their computer and catch the information which they need.
.Son: Dad. We have Internet and Wireshark also already installed in our computer. Shall we capture the password now?
Dad: Ofcourse. Let us do the following four steps.
STEP-1 : Start the wireshark program to capture the packets.
STEP-2 : Open Rediff.com or any other web mail which is not using https.
STEP-3 : Type the username and password and press the Submit Button.
STEP-4 : Look into the list of captured packets and select the packet which is supposed to have the username name and password ( This you can do by trial and error.) That is all. Please see the screen shot. The captured password is red-circled.
Son: Wah Yes ! From now onwards I will be very careful while I type my password. By the way Dad, You told something about Hub and Switch. What is the difference between these two ?
Dad :Let us see how the hub works . Have a look at these images. PC1 is transmitting password to PC3. But the password information goes to PC2 and PC4 also because the hub will transmit the data to ALL THE COMPUTERS connected to it. Becasue of this the wireshark sitting at PC2 will catch the password.
Dad : But is quite intelligent.It reads the destination MAC address of the frame and INTERCONNECTS (ie SWITCHES) PC1, only to PC3. So the wireshark in PC2 cannot capture the password.
Son: Very good. I will ask our Principal to replace our Hub by Switch immediately .Whether Switch is very costly?
Dad: Some years back it was costly. But nowadays, there is no difference in cost between hub and switch. Infact Hub is getting obsolete.
Son: Dad. What is HTTPS?
Dad: HTTPS stands for HTTP OVER SECURED SOCKET LAYER. which means our conversations are encrypted. Let us talk about it some other day , not now.
Son : So, wireshark is used for bad intentions only?
Dad: No, I told only one side of wireshark. If you want to become expert in network concepts then wireshark is very useful.
Son: It seems quite interesting. Where from I can download this software ?
Dad: Go to Wireshark.org. It is totally a free software. It is released under GNU General Public Licence.
Son : Can you tell me how to use this software?
Dad: No need. Detailed Help information is available in the software itself. Anyway let me tell you one important point that you should know. While setting the capturing properties, there is a check box with the name "capture packets in promicuous mode'. You have to check this checkbox.
Son : This word PROMISCUOUS looks very new to me. What is the meaning of this word?
Dad : Let me explain it with an example. A Man is supposed to have relationship with his wife only. But if he is trying to have relationshop with all the ladies whom he is able to meet, then that man can be called as PROMISCUOUS
Son: But why this word is used here?
Dad : Normally a computer will receive packets addressed to THAT COMPUTER ONLY. And it will ignore others packets. But the promiscuous computer is trying to get ALL PACKETS. That is why this name. ... OK....That is all for today. Now I am giving you some simple questions.Try to answer these them:
1. Switch is more secure than Hub. True or False?
2. SSL is used in HTTPS. True or false?
3. HTTPS is secure than HTTP. True or false?
4. SSL stands for ............................
5. Wireshark is a Packet Sniffer. True or false?