Results 1 to 6 of 6

Thread: Wireshark traffic

  1. #1
    Just burned his ISO
    Join Date
    Feb 2011
    Posts
    3

    Default Wireshark traffic

    Hello guys,

    I've been searching and asking around in a lot of places, trying to gather all the info i can...but i'm not yet convinced, so i decided to come here and ask your help.

    Problem: Wireshark captures only my traffic, and not for the other computers in my network.

    Solutions tried:

    1 - At first i was using windows 7 + wireshark + winpcap. I could capture only my own packets, either in promiscuous mode or not.

    2 - Following someone's advice, i burned up a copy of backtrack 4 and messed out a bit with it. Funny thing is: i could actually see the other comouter's names appearing on the log...but no http traffic at all, and i'm 100% sure they were browsing websites.

    I've just been told: hey you can't capture other computers packets on your wireless, because probably your router doesn't support "port mirroring".

    So i went gogling a lot about that, and actually it doesn't support, so can't monitor anything. But i didn't quit...because i find it hard to believe..i mean, is that impossible at all?
    Also i heard about arp poisoning? would that help? i'm kinda confused here. I think it's just weird..i mean, i'm connected through wireless...and i can grab my http traffic, chat conversations and whatever, but not from the other computers?

    If i start using ettercap, would it make a difference?
    thanks in advance

  2. #2
    Senior Member
    Join Date
    Jan 2011
    Location
    over the under
    Posts
    197

    Default Re: Wireshark traffic

    ettercap is capable of capturing traffic from any computer on your network.

  3. #3
    Good friend of the forums gunrunr's Avatar
    Join Date
    Jan 2010
    Location
    shining my spoon
    Posts
    265

    Default Re: Wireshark traffic

    You need to arp poison the other users on your network so that they will think you're the default gateway and send you their packets. I'm guessing you are using eth0, even if you're in promiscuous mode in wireshark the only packets that you will receive will be broadcast packets because they are sent too all IP's on your subnet.
    Wielder of the spoon of doom
    Summercon, Toorcon, Defcon, Bsides, Derbycon, Shmoocon oh my
    Come hang out with hackers on twitter @gunrunr556

  4. #4
    Just burned his ISO
    Join Date
    Feb 2011
    Posts
    3

    Default Re: Wireshark traffic

    I wish i could edit my last post just found something else guys.
    So i used the text version of ettercap and know i can see all the traffic going on.
    i went:

    ettercap -T -M arp -i wlan0 // // testing.cap

    And i could see it. but i have this issue, the other computer on my network could barely open any site... maybe google, but super slow and likely to fail the connection. but when he finally opens a site, i can see the traffic. at the moment only 2 computers were connected. Mine with ettercap, and i have another laptop here to do the testing. Is there any part of the command i can change, so it improoves this super lag going on?

    Also, the second part of the command, would be something like this:

    cat testing.cap |grep -a http

    This would allow me to filter only http*, but its not working, it says the files does not exist

  5. #5
    Member
    Join Date
    Feb 2009
    Location
    0,0
    Posts
    90

    Default Re: Wireshark traffic

    you are poisoning the entire network try:

    ettercap -T -M arp -i wlan0 /target_computer_ip/ /router_ip/ testing.cap
    don't worry about me I am msfconsole retarded

  6. #6
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default Re: Wireshark traffic

    Quote Originally Posted by amithiel View Post
    Hello guys,

    I've been searching and asking around in a lot of places, trying to gather all the info i can...but i'm not yet convinced, so i decided to come here and ask your help.

    Problem: Wireshark captures only my traffic, and not for the other computers in my network.
    Please read up on switches, hubs, and routers (maybe even span ports). Then read up on ARP and ARP Spoofing. Then you'll understand why you only see your traffic.

    Solutions tried:

    1 - At first i was using windows 7 + wireshark + winpcap. I could capture only my own packets, either in promiscuous mode or not.
    Working as expected, no surprise here.

    2 - Following someone's advice, i burned up a copy of backtrack 4 and messed out a bit with it. Funny thing is: i could actually see the other comouter's names appearing on the log...but no http traffic at all, and i'm 100% sure they were browsing websites.
    Again working as expected, no surprise here.

    You should probably learn how networks function before you try to test them or break them. It's like learning to crawl before trying to run. Learning to change the oil in your car before trying to do a total engine overhaul.

    Without some knowledge on which to base the stuff you're doing you'll only end up wasting your time or worse breaking something that someone else has to fix or that someone else depends on (whether it's you, your family, your school or the company you work for).

    Don't let this discourage you. Yes everyone has to start somewhere but some fundamental knowledge will help you a lot here.
    Last edited by thorin; 02-09-2011 at 03:15 AM.
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

Similar Threads

  1. Replies: 20
    Last Post: 07-22-2010, 10:38 AM
  2. sniffing traffic
    By samer in forum OLD Pentesting
    Replies: 3
    Last Post: 03-27-2009, 01:39 PM
  3. unusual traffic on my AP
    By targus in forum OLD Newbie Area
    Replies: 5
    Last Post: 10-28-2008, 07:24 AM
  4. wireshark vs wireshark wifi?
    By Lordofdark176 in forum OLD Newbie Area
    Replies: 6
    Last Post: 07-05-2007, 05:47 AM
  5. Why does some SSL traffic decrypt and others don't
    By andy1 in forum OLD Newbie Area
    Replies: 3
    Last Post: 04-04-2007, 08:56 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •