monitoring a network

**benzslr123** · 11-08-2008, 05:48 PM

if one were to capture packets sent to an AP, could they determine what website and/or applications the computer has visited/used throughout the duration of the capture? and what program should be used to analyze these packets?

**imported_hatake_kakashi** · 11-08-2008, 05:53 PM

wireshark is the one I know off my head, and if the data is encrypted you won't be able to decrypt it easily unless you have the key and whatever else is required to decrypt.

website and/or applications are heavily dependant on the filters and your knowledge. Maybe making kismet and running layer7 through kis device.

In either case why don't you setup an advanced AP that could do much more than just a small crappy AP?

**imported_=Tron=** · 11-08-2008, 07:05 PM

Originally Posted by benzslr123

if one were to capture packets sent to an AP, could they determine what website and/or applications the computer has visited/used throughout the duration of the capture? and what program should be used to analyze these packets?

Both urlsnarf and webspy are able to strip put the visited URL addresses from a cap file. You will however need to replay the captured file on the lo interface using for example tcpreplay in order for this to work.

**benzslr123** · 11-08-2008, 07:22 PM

thanks for the advice

**Luciano** · 11-16-2008, 04:09 PM

Tron,

Can webspy or urlsnarp be utilized "on the fly" ?

**imported_=Tron=** · 11-16-2008, 06:27 PM

Originally Posted by Luciano

Tron,

Can webspy or urlsnarp be utilized "on the fly" ?

They both function fine in a live manner alongside a MITM attack using for example ettercap.

**dattaway** · 11-16-2008, 08:48 PM

If you are lazy and just want to see the pictures, driftnet will monitor the interface and show you the multimedia content.

**streaker69** · 11-16-2008, 09:05 PM

Originally Posted by dattaway

If you are lazy and just want to see the pictures, driftnet will monitor the interface and show you the multimedia content.

When using Driftnet, you must always be aware of the "meantime to goatse".

**memzback** · 11-18-2008, 01:12 PM

I feel like this gets asked many times over and over and theres no definitive guide.

I have gotten driftnet,urlspy, etc to work "on the fly" using airtun.

I put my card in monitor mode and start capturing packets, then create a tunnel interface from my card to "atX" and use wireshark/driftnet/etc to sniff on atX.

The only problem is that there is no rhyme or reason on what works or what doesnt. Some images come in, some websites do, but others dont and theres no explanation as to why. If someone can offer some more insight on this, I would be very interested.

**1shot_1kill** · 11-20-2008, 10:58 PM

Originally Posted by memzback

The only problem is that there is no rhyme or reason on what works or what doesnt. Some images come in, some websites do, but others dont and theres no explanation as to why. If someone can offer some more insight on this, I would be very interested.

I also too am very interested on why sometimes some sites work and some others do not. I am on my own network and i can use driftnet to view my own pictures as i go about online. but then i have a labtop next to me and i log on to facebook or something and nothing happens. I'm on my same wireless router and everything. I don't get it...

BackTrack Linux - Penetration Testing Distribution

Thread: monitoring a network

Thread Tools

Search Thread

Display

monitoring a network

Posting Permissions