Results 1 to 1 of 1

Thread: Broadcast Data packets on Wireshark (BT5)?!

  1. #1
    Just burned their ISO
    Join Date
    Dec 2012
    Location
    Bristol, UK
    Posts
    3

    Default Broadcast Data packets on Wireshark (BT5)?!

    Hi guys,

    First post on these here forums so please be gentle.

    I've recently been doing some wireless auditing on our companies network. At current, it comprises of ~200 client machines, with about 20 or so laptops/handheld devices. I've been taking a BackTrack install with Wireshark and an Alfa wireless USB adapter around to key points on site to see what I can pick up, and I've come across a dead strange phenomenon.. Using Wireshark, I've come across plenty of 'normal' traffic between clients and APs but there are a few that look like this:

    Screenshot.jpg

    The device is unknown to us and although it could be an employee laptop or something like that, it isn't openly associated with any access point. It's more or less on site and broadcasting every day within working hours. That said it is broadcasting a lot of "Data" - the only other time I have seen these packets on this network is when they are encrypted with WPA2 OR the 4-way handshake has not been captured. As this device is not associated, de-authenticating it with aireplay cannot be done (I've tried!) and although Wireshark does have our WPA2 key input into it, it can't get very far without the 4-way handshake. So finding what these packets contain is proving tricky..

    Could anyone give me a pointer? I've never seen this before, and have no idea how to pursue it.. Thanks to anyone in advance!

    Edit: For some reason the screenshot is quite small on the forums - I've uploaded a larger version.

    http://i.imgur.com/bjL8M.png
    Last edited by frankplummer; 12-10-2012 at 07:36 AM. Reason: Added larger image

Similar Threads

  1. Only broadcast packets seen in monitor mode
    By fortenbt in forum BackTrack 5 Experts Section
    Replies: 4
    Last Post: 02-19-2013, 05:49 PM
  2. Can't capture packets in Wireshark
    By Lucian in forum BackTrack 5 General Topics
    Replies: 0
    Last Post: 10-10-2011, 01:31 PM
  3. Replies: 0
    Last Post: 10-14-2010, 12:06 PM
  4. Kismet / Wireshark only seeing BROADCAST data
    By valterra in forum OLD BackTrack 4 General Support
    Replies: 6
    Last Post: 07-17-2009, 07:17 PM
  5. Wireshark - how to decode packets ?
    By phicube in forum OLD General IT Discussion
    Replies: 16
    Last Post: 09-06-2007, 04:31 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •