Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Wireshark

  1. #1
    Junior Member kdiggity317's Avatar
    Join Date
    Aug 2008
    Posts
    70

    Cool Wireshark

    Now i have done some reading and just cant figure out what im doing wrong. I have been trying to run wireshark on my home network. Not for anything important or anything just something to play with. I start it and run it but no packets or anything come up. I have tryed both in promiscuous and not promiscuous modes but i cant get it. I dont know if there is anything else i should be looking at. I have a linksys router with two computers connecting wireless. I also have a Wii connected via wireless at all but i dont think thats going to affect anything since its off. Anything anyone could help with would be great thanks everyone.

  2. #2
    Member
    Join Date
    Feb 2010
    Location
    Root
    Posts
    121

    Default

    What type/chipset card is it? Are you trying to sniff wirelessly? Might make sure your type of card is supported by wireshark. Some cards don't support promiscuous mode so the only traffic you would catch is that coming off that pc's connection. I imagine you are running this through BT? If so, does TCPdump work for you?

  3. #3
    Junior Member imported_painter13's Avatar
    Join Date
    Jul 2008
    Posts
    28

    Default

    try getting and installing winpcap....

  4. #4
    Member
    Join Date
    Feb 2010
    Location
    Root
    Posts
    121

    Default

    Quote Originally Posted by painter13 View Post
    try getting and installing winpcap....
    Im going to stab in the dark and guess at 51 posts hes using BT and has a pcap-lib installed, since its default

  5. #5
    Just burned his ISO
    Join Date
    Oct 2008
    Posts
    9

    Default

    another tip is make sure there is traffic going over the network... this will always help make sure that you are suppose to see packets. Whenever I am testing my home network I am always transfering a movie between two computers.

  6. #6
    Junior Member kdiggity317's Avatar
    Join Date
    Aug 2008
    Posts
    70

    Cool

    Yes I am trying to sniff wirelessly. The card is fully working with BT3 as for with wireshark that I dont know I didnt see anything about it not working with that program but I will look into it. I have a D-Link Airplus DWL-G520 wireless PCI card rev.B. Like I said works with everything else so far. As for traffic yeah I make sure there is traffic. I can get packets off the computer im running BT3 on but not my other system at all. I had my gf last night to and login to her email and check her myspace and a few other things. Not one packet came up in wireshark. Only reason I dont see the card being the issue is i tryed it on two different computers. Desktop with the dlink card and laptop with a Linksys PCMCIA WPC54GS ver.2 Also works just fine with everything else. I dont know for sure but i almost feel theres a dumb a$$ box in the program that Im leaving checked or something like a setting or something like that.

    I did read that networks with a switch are not as easy as click and go. Would the program be seeing my router as a switch since they do both work almost the same? If so where would I find a more detailed set up of wireshark? Thanks again for the help.

  7. #7
    Member
    Join Date
    Feb 2010
    Location
    Root
    Posts
    121

    Default

    Sounds like its not running in promiscuous mode on that pc. Have you checked with TCPdump to see if you can cath the desired packets?

    also run :
    Code:
    ifconfig interface
    and check the mode

  8. #8
    Member hawaii67's Avatar
    Join Date
    Feb 2006
    Posts
    318

    Default

    Did you put your wireless interface in monitor mode?
    Don't eat yellow snow :rolleyes:

  9. #9
    Junior Member kdiggity317's Avatar
    Join Date
    Aug 2008
    Posts
    70

    Default

    I have not checked the mode but I wouldnt want the card in monitor mode thou correct. Since I would need to be connected to the network in order to run wireshark. I have not yet checked TCPdump yet but will. Thank you again. I wont be able to test till later on when i get home from work but will post on what happens thanks again.

  10. #10
    Senior Member Thorn's Avatar
    Join Date
    Jan 2010
    Location
    The Green Dome
    Posts
    1,509

    Default

    Quote Originally Posted by kdiggity317 View Post
    I did read that networks with a switch are not as easy as click and go. Would the program be seeing my router as a switch since they do both work almost the same? If so where would I find a more detailed set up of wireshark? Thanks again for the help.
    The router shouldn't hurt (or help) with the wireless. You have to be doing something wrong there. However, if you sniff on the wire, the router is in fact a switch. While packet sniffiing on a switch can be done, it adds more complexity. If you really want to learn Wireshark, do yourself a favor and do two things:

    1) Buy and read Practical Packet Analysis. It covers Wireshare in detail on both wired and wireless use; has real world examples and scenarios; and has downloadable packet captures you can use for following the examples in the book. It also goes into detail of using a hub (as opposed to a switch) with Wireshark.

    2) Buy a cheap hub. In a hub, packets are broadcast to all the ports. Switches only send a packet to the needed destination port. So having a hub allows you to sniff all traffic between all the PCs on the hub, as opposed to doing something more complex. True hubs are getting harder and hard to find, so you may have to hit eBay or some other online source. Personally, I like the NetGear EN104TP. Yeah, it's only 10mbps, but it's pocket size and cheap. I keep one in my network monitoring kit.

    A tap will also work instead of a hub, but using a tap can be more complicated still if you've never used one. Until you learn to run, stick with the hub.
    Thorn
    Stop the TSA now! Boycott the airlines.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •