CHAPTER 11 SECURING REPORTS
case, we will setup a display filter to leave out anything that is not HTTP traffic. Setting up a filter is much
easier in newer versions of network monitor than in the past. We are going to go ahead and set up a
display filter so that we will only see the HTTP traffic that is flowing. To do this, start a new capture and
look for the display filter window inside of the capture. If you don’t see it displayed, click View->Display
Filter to bring it up. It should look like Figure 11-2.Figure 11-2. Finding the display filter windowInside the display filter window, we need to let Network Monitor know to only show us data that are
related to HTTP data. The quickest way to do this is to filter out anything that doesn’t have a source or
destination port of 80, the standard HTTP port. Inside of the display filter, you will set up a new rule to
do just this, as shown in Figure 11-3. Click the apply button to confirm the changes.
Now, click the Start Capture button, and let the capture run as you view a page in the Report
Manager. We will be taking a look at the data that are returned from this so that we can see the plain text
information in HTML. We will be looking at the front page of the Report Manager to see if we can find it
in the returned data for this example.
After loading the report manager, analyzing the captured frames reveals the disturbing news. You
can see the HTML being returned in plain text, which is bad for us if we don’t want anyone sniffing
around our network to see what information could be gleaned from any of our reports. This naked
HTML can be seen in Figure 11-4. The title of the page and other HTML code are plainly readable and
could be used to reconstruct the entire web page or a report if it were run.
In this case, you have not analyzed other types of traffic, such as SQL requests on port 1433, to see
whether other protocols are potentially sending plain-text information, but you can use the same tool to
do that.(^)
Figure 11-3. Display Filter Rule