Page 1 of 3 123 LastLast
Results 1 to 10 of 27

Thread: monitoring a network

  1. #1
    Junior Member
    Join Date
    Sep 2008
    Posts
    85

    Default monitoring a network

    if one were to capture packets sent to an AP, could they determine what website and/or applications the computer has visited/used throughout the duration of the capture? and what program should be used to analyze these packets?

  2. #2
    Senior Member
    Join Date
    Aug 2007
    Posts
    916

    Default

    wireshark is the one I know off my head, and if the data is encrypted you won't be able to decrypt it easily unless you have the key and whatever else is required to decrypt.

    website and/or applications are heavily dependant on the filters and your knowledge. Maybe making kismet and running layer7 through kis device.

    In either case why don't you setup an advanced AP that could do much more than just a small crappy AP?

  3. #3
    Senior Member
    Join Date
    Apr 2008
    Posts
    2,008

    Default

    Quote Originally Posted by benzslr123 View Post
    if one were to capture packets sent to an AP, could they determine what website and/or applications the computer has visited/used throughout the duration of the capture? and what program should be used to analyze these packets?
    Both urlsnarf and webspy are able to strip put the visited URL addresses from a cap file. You will however need to replay the captured file on the lo interface using for example tcpreplay in order for this to work.
    -Monkeys are like nature's humans.

  4. #4
    Junior Member
    Join Date
    Sep 2008
    Posts
    85

    Default

    thanks for the advice

  5. #5
    Junior Member Luciano's Avatar
    Join Date
    Jan 2008
    Posts
    51

    Default

    Tron,

    Can webspy or urlsnarp be utilized "on the fly" ?

  6. #6
    Senior Member
    Join Date
    Apr 2008
    Posts
    2,008

    Default

    Quote Originally Posted by Luciano View Post
    Tron,

    Can webspy or urlsnarp be utilized "on the fly" ?
    They both function fine in a live manner alongside a MITM attack using for example ettercap.
    -Monkeys are like nature's humans.

  7. #7
    Junior Member
    Join Date
    Feb 2008
    Posts
    40

    Default

    If you are lazy and just want to see the pictures, driftnet will monitor the interface and show you the multimedia content.

  8. #8
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by dattaway View Post
    If you are lazy and just want to see the pictures, driftnet will monitor the interface and show you the multimedia content.
    When using Driftnet, you must always be aware of the "meantime to goatse".
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  9. #9
    Just burned his ISO
    Join Date
    Oct 2008
    Posts
    20

    Default

    I feel like this gets asked many times over and over and theres no definitive guide.

    I have gotten driftnet,urlspy, etc to work "on the fly" using airtun.

    I put my card in monitor mode and start capturing packets, then create a tunnel interface from my card to "atX" and use wireshark/driftnet/etc to sniff on atX.

    The only problem is that there is no rhyme or reason on what works or what doesnt. Some images come in, some websites do, but others dont and theres no explanation as to why. If someone can offer some more insight on this, I would be very interested.

  10. #10
    Junior Member
    Join Date
    Feb 2008
    Posts
    44

    Default

    Quote Originally Posted by memzback View Post

    The only problem is that there is no rhyme or reason on what works or what doesnt. Some images come in, some websites do, but others dont and theres no explanation as to why. If someone can offer some more insight on this, I would be very interested.
    I also too am very interested on why sometimes some sites work and some others do not. I am on my own network and i can use driftnet to view my own pictures as i go about online. but then i have a labtop next to me and i log on to facebook or something and nothing happens. I'm on my same wireless router and everything. I don't get it...

Page 1 of 3 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •