-
used password:
rumandcoke
-
password is not readable (as the connection is encrypted) (see 3014_1.png for tcp handshake (first 3 packets - syn, syn/ack, ack))
-
ARP
-
OSI layer of ARP: between layer 2 (link layer) and layer 3 (network layer)
-
request: sender mac and ip (my machine) and target mac and ip (obviously mac is all blank, as we are asking for it)
-
response: sender mac and ip (the target of the request) and target mac and ip (my machine)
-
host available in ARP table after contact?: yes
-
DNS
-
OSI layer: layer 7 (application layer)
-
udp is used, but tcp could be used as well
-
encrypted: no (but it actually can get encrypted with dns over tls or dns over https)
-
HTTP/HTTPS
-
used protocols for connection:
dns for name resolution, http for http traffic and tlsv1 for https traffic (the authentication) (all 3 are application layer protocols and use underlying protocols, for dns its udp and for http and tlsv1 its tcp)
-
tshark
-
to show the interface:
tshark --list-interfaces or the shorthand tshark -D
-
to capture only http traffic on specific interface:
tshark -i <number> -f "port 80" (-i for interface, use the number you find with tshark -D, -f for filter, "port 80" to capture http traffic)
