Wireshark 101: Wireshark with HipChat

Today on HakTip, Shannon tests HipChat via Wireshark to see if her data is sent encrypted or plain text.

HipChat is encrypted via SSL so you can work with your team on your network, and I want to make sure that information is for sure secure.

In my case, I decided to use the web browser login and send some photos, texts, and an Arduino code file to my coworkers to see if anything came up as straight HTTP.

Opening my file in Wireshark and I see a bunch of stuff happening in here. Some of these IP addresses belong to things such as my Dropbox syncing or our NAS, but a few belong to HipChat servers. I ran across a couple of HTTP Dropbox packets, but then notice all the TCP ones. Match up the IP address to the site in question to determine if it's secure.

There are many common problems you may run into with connections, and I wanted to name off a few just to get your creative ideas flowing.

Let's say your network printer keeps malfunctioning when you connect to it to do a print job. Sometimes it works, sometimes it doesn't. In this case, you'd see a TCP ACK packet in Wireshark, then the printer would receive a bunch of packets with data. But if you see a TCP retransmission packet sent to the printer, that means there was a disconnect somewhere. In this case, you'd want to test several computers to see if they all have a problem sending the printer TCP packets, or just the one. Furthermore, then you can check the printer.

When I worked at a bank, we used an intranet for all of our local work. One of the branches couldn't get to the intranet, but our main branch could where the server was kept. In this case, the branch would get server failure's under their DNS packet header, showing that they couldn't get to the intranet. The Intranet would show UDP packets sent to the branch, or TCP if the packet size is too big. If you're seeing a SYN packet with no response in this TCP header, it may be because there is a zone transfer issue.

Let me know what you think. Send me a comment below or email us at tips@hak5.org. And be sure to check out our sister show, Hak5 for more great stuff just like this. I'll be there, reminding you to trust your technolust.