How do I conduct a penetration test on a client and server

Question

1.00/5 (1 vote)

See more:

I have a server and clients that can send and receive audio communication through Python tcp sockets. The system acts like a mobile phone. how can i do a penetration test to tap into the audio messages as they are being transferred from one client to another client. I have to proof the system is not secure so there is need for encrypting the communication. I have tried using Wireshark but it focus on stp protocol (used on VoIP) more than tcp. Any help will be appreciated

What I have tried:

I have tried capturing the TCP packet with Wireshark but i can not retrieve the audio conversation

Posted 14-Dec-21 0:53am

didecus masinde

Updated 14-Dec-21 5:18am

Add a Solution

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Dave Kreskowiak · Answer 1 · 2021-12-14T05:18:00

Solution 1

I think you don't know what "penetration testing" is.

Wireshark is not a penetration test. It's a tool to examine network traffic, usually for debugging purposes.

Wireshark doesn't focus on any protocol, but gives you powerful filtering capabilities to get down to the traffic you're interested in. If you think it "focused on STP more than TCP", that's probably because of your filtering choices.

It's not entirely clear what you're trying to achieve by looking at the network traffic.

Posted 14-Dec-21 5:18am

Dave Kreskowiak

Comments

didecus masinde 14-Dec-21 13:20pm

So when Wireshark is used to sniff password is not a penetration tool? Instead of telling me i don't know what penetration is you could have given me the appropriate step to use

Dave Kreskowiak 14-Dec-21 13:29pm

No, it's not a penetration testing tool. Penetration testing goes far beyond just a network sniff.

I can't tell you what to use in the way of filters because nobody but YOU knows anything about your application, the data you're transferring, and the protocols it's using to do so.

We only get to work with what you type in these little boxes, and you didn't provide much of anything at all.

didecus masinde 14-Dec-21 13:53pm

that is the client and server code. there is no encryption mechanism used meaning there is a way to tap to the conversation and listen to it. my question is how do i achieve that

Dave Kreskowiak 14-Dec-21 19:36pm

OK, so this had nothing to do with sniffing a network. You're entire question comes down to "How do I encrypt and decrypt a stream of bytes."

OK, so Google for "python encrypt decrypt byte stream".