Introducing 

Prezi AI.

Your new presentation assistant.

Refine, enhance, and tailor your content, source relevant images, and edit visuals quicker than ever before.

Loading content…
Transcript

Locate the Log-In Packet (often labeled login.____)

Here you can isolate the username email, as well as the password.

Examples of No-IP Services:

3utilities.com

bounceme.net

hopto.org

myftp.biz

myftp.org

myvnc.com

no-ip.biz

no-ip.info

no-ip.org

redirectme.net

servebeer.com

serveblog.net

servecounterstrike.com

serveftp.com

servegame.com

servehalflife.com

servehttp.com

servemp3.com

servepics.com

servequake.com

sytes.net

zapto.org

While capturing packets, Wireshark automatically color codes each line that comes in.

Green = TCP Traffic

Dark Blue = DNS Traffic

Light Blue = UDP Traffic

Black = Faulty TCP Packets (delivered out of order)

Those in Red are flagged. They could indicate any type of hacker activity, like a DoS Attack. Especially when reoccurring from same source.

Hackers use Wireshark to eavesdrop. They than take any information to further exploit your system.

Opening the packet and examining the contents does not itself reveal the culprit. Remember the IP source can be a zombie.

So how do you find the IP address and catch the hacker?

So here’s how we eavesdrop on them.

(How to HACK with WIRESHARK) AND HOW TO CATCH THE HACKER

Derek Hink

This is ILLEGAL. OBVIOUSLY. So don't do anything stupid.

What if your computer has already been infected by a hacker? What if you're another intended zombie?

Presumedly, an anti-virus software has identified malicious files. Locate the RAT (Random Access Trojan)

Execute the RAT using a sandbox based isolation software (such as Sandboxie) that traps the virus.

(1) Open Wireshark

(2) Go to CAPTURE OPTIONS in the top-left

(6) Open TCP STREAM with

USERNAME AND PASSWORD

(3) Select the correct interface, (i.e. your network or NIC)

(4) Now log-in to your Facebook, Myspace, etc.

(1) Return to WIRESHARK

(5) THE PACKETS will start rolling in, and for your ease, filter the HTTP packets...

(2) You’ll see the connection packets being sent and retrieved from your IP to a No-IP (a common service used to mask a hacker’s numeral IP and still look like a legitimate address) or other DNS masker.

(3) Once you've found the RAT server's No-IP, open the command prompt and knock on your hacker's door:

type 'ping enternoipnamehere.no-ip.biz'

(4) Hit enter and discover your attacker's true name. The source IP address.

What you do from here is your choice

(1) Turn them in.

(2) Get back.

Learn more about creating dynamic, engaging presentations with Prezi