Page 1 of 2 12 LastLast
Results 1 to 10 of 16

Thread: Quick question about Wireshark

  1. #1
    Just burned his ISO
    Join Date
    Aug 2007
    Posts
    22

    Default Quick question about Wireshark

    Hey guys, whenever I run Wireshark doing a packet capture, I seem to only get packets directed towards my laptop (the computer I'm running it on). It's strange because my brother is on my desktop next to me, playing video games, actively using the network, but I don't seem to be getting any packets directed to or coming from his computer.

    My question is, is there some command or button in Wireshark that I'm missing that allows a network wide scan? Any input would be greatly appreciated.

    Thanks.

  2. #2
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by tyraeon View Post
    Hey guys, whenever I run Wireshark doing a packet capture, I seem to only get packets directed towards my laptop (the computer I'm running it on). It's strange because my brother is on my desktop next to me, playing video games, actively using the network, but I don't seem to be getting any packets directed to or coming from his computer.

    My question is, is there some command or button in Wireshark that I'm missing that allows a network wide scan? Any input would be greatly appreciated.

    Thanks.
    You may want to investigate the difference between a Switched network and a network using a Hub.

    Therein, probably lies your problem.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  3. #3
    Senior Member
    Join Date
    Apr 2007
    Posts
    3,385

    Default

    Yep...many a problem with sniffing switches.
    [CENTER][FONT=Book Antiqua][SIZE=5][B][COLOR=blue][FONT=Courier New][COLOR=red]--=[/COLOR][/FONT]Xploitz[FONT=Courier New][COLOR=red]=--[/COLOR][/FONT][/COLOR][/B][/SIZE][/FONT][FONT=Courier New][COLOR=Black][SIZE=6][B] ®[/B][/SIZE][/COLOR][/FONT][/CENTER]
    [CENTER][SIZE=4][B]Remote-Exploit.orgs Master Tutorialist.[/B][/SIZE][SIZE=6][B]™
    [/B][/SIZE]
    [URL="http://forums.remote-exploit.org/showthread.php?t=9063"][B]VIDEO: Volume #1 "E-Z No Client WEP Cracking Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=7872"][B]VIDEO: Volume #2 "E-Z No Client Korek Chopchop Attack Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=8230"][B]VIDEO: Volume #3 "E-Z WPA/WPA2 Cracking Tutorial"[/B][/URL]

    [URL="http://forums.remote-exploit.org/showthread.php?t=8041"][B]VIDEO: Volume #4 "E-Z Cracking WPA/WPA2 With Airolib-ng Databases"[/B][/URL]
    [/CENTER]

  4. #4
    Just burned his ISO
    Join Date
    Aug 2007
    Posts
    22

    Default

    Quote Originally Posted by streaker69 View Post
    You may want to investigate the difference between a Switched network and a network using a Hub.

    Therein, probably lies your problem.
    I'm using a Netgear CG814WG wireless router. It's a little white box router that my ISP provides both modem and wireless routing in one. 4 eth ports, the works. I'm not totally sure whether this would be classified as a switch or a hub, but I'd imagine since XploitZ has mentioned that sniffing switches poses problems, that it's a switch. Is there any way I can remedy this for my purposes?

  5. #5
    Senior Member
    Join Date
    Apr 2007
    Posts
    3,385

    Default

    A a switch basically is intelligent and makes sure that all ports get equal share of bandwidth. A hub is passive bugger, and if you got a 10MB line...and 2 comps on the internet at the same time...both will get 5MB of bandwidth each...whereas a switch will make sure both PC's connected will get the full 10MB of bandwidth...more than likely..if its a new Router /AP...it has switches.

    Theres a partial solution here on the forums..all I can suggest is searching the keywords switch and or sniffing...more than likely the keywords switch or switching or switches will give you what your looking for. I know it was in a thread discussing ettercap...so try that keyword as well...ettercap.
    [CENTER][FONT=Book Antiqua][SIZE=5][B][COLOR=blue][FONT=Courier New][COLOR=red]--=[/COLOR][/FONT]Xploitz[FONT=Courier New][COLOR=red]=--[/COLOR][/FONT][/COLOR][/B][/SIZE][/FONT][FONT=Courier New][COLOR=Black][SIZE=6][B] ®[/B][/SIZE][/COLOR][/FONT][/CENTER]
    [CENTER][SIZE=4][B]Remote-Exploit.orgs Master Tutorialist.[/B][/SIZE][SIZE=6][B]™
    [/B][/SIZE]
    [URL="http://forums.remote-exploit.org/showthread.php?t=9063"][B]VIDEO: Volume #1 "E-Z No Client WEP Cracking Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=7872"][B]VIDEO: Volume #2 "E-Z No Client Korek Chopchop Attack Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=8230"][B]VIDEO: Volume #3 "E-Z WPA/WPA2 Cracking Tutorial"[/B][/URL]

    [URL="http://forums.remote-exploit.org/showthread.php?t=8041"][B]VIDEO: Volume #4 "E-Z Cracking WPA/WPA2 With Airolib-ng Databases"[/B][/URL]
    [/CENTER]

  6. #6
    Just burned his ISO
    Join Date
    Aug 2007
    Posts
    11

    Default

    It also has a lot to do with the way your LAN is configured. For example, if you have both wired and wireless connections, then chances are the traffic from each will not be broadcast to the other.

    Are all of your computers on the network using Wifi? If your desktop is using a wired connection to your router, then you’re not going to be able to intercept the traffic with your laptop while using wifi.

  7. #7
    Just burned his ISO
    Join Date
    Aug 2007
    Posts
    22

    Default

    So, theoretically, is there a way to monitor / sniff network traffic on a wired network (my desktop) other than wiring right into the router? I'm not sure what keywords to look for there....if there's a thread on it I'd love to see it.

    Noob questions, I know. Thanks for putting up with me.

  8. #8
    Senior Member
    Join Date
    Apr 2007
    Posts
    3,385

    Default

    Quote Originally Posted by Cybersqu View Post

    If your desktop is using a wired connection to your router, then you’re not going to be able to intercept the traffic with your laptop while using wifi.

    Really???

    I beg to differ.

    I can use ettercap on my laptop (wireless) and sniff ALL my traffic on my WIRED PC (no wireless) connected on a switched AP...and pull up every site I typed in a username and password..and do the same thing using wireshark.(See all packets sent from my WIRED Desktop)..and it all comes up on my wireless laptop.
    [CENTER][FONT=Book Antiqua][SIZE=5][B][COLOR=blue][FONT=Courier New][COLOR=red]--=[/COLOR][/FONT]Xploitz[FONT=Courier New][COLOR=red]=--[/COLOR][/FONT][/COLOR][/B][/SIZE][/FONT][FONT=Courier New][COLOR=Black][SIZE=6][B] ®[/B][/SIZE][/COLOR][/FONT][/CENTER]
    [CENTER][SIZE=4][B]Remote-Exploit.orgs Master Tutorialist.[/B][/SIZE][SIZE=6][B]™
    [/B][/SIZE]
    [URL="http://forums.remote-exploit.org/showthread.php?t=9063"][B]VIDEO: Volume #1 "E-Z No Client WEP Cracking Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=7872"][B]VIDEO: Volume #2 "E-Z No Client Korek Chopchop Attack Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=8230"][B]VIDEO: Volume #3 "E-Z WPA/WPA2 Cracking Tutorial"[/B][/URL]

    [URL="http://forums.remote-exploit.org/showthread.php?t=8041"][B]VIDEO: Volume #4 "E-Z Cracking WPA/WPA2 With Airolib-ng Databases"[/B][/URL]
    [/CENTER]

  9. #9
    Just burned his ISO
    Join Date
    Aug 2007
    Posts
    11

    Default

    Quote Originally Posted by -=Xploitz=- View Post
    Really???

    I beg to differ.

    I can use ettercap on my laptop (wireless) and sniff ALL my traffic on my WIRED PC (no wireless) connected on a switched AP...and pull up every site I typed in a username and password..and do the same thing using wireshark.(See all packets sent from my WIRED Desktop)..and it all comes up on my wireless laptop.
    Yeah, it has to do with your router's configuration.. Most of the wireless home routers i've seen (but not all) actually segregate the wired and wireless traffic, usually with a vlan, and only send data to wireless clients when its supposed to be routed to them. Switching/Routing logic is what gives routers an advantage over hubs, as traffic isn’t just broadcast to all clients.

    If you think about it, it makes sense.. If you’re transferring data on your wired connection at 100mbit and you have an 11/54mbit wireless connection, there is no way that you’re going to be able to sniff all of the wired traffic. All it would do is bog down the wireless portion of the network because the router is only able to transmit at a specific rate.

  10. #10
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by Cybersqu View Post
    If you think about it, it makes sense.. If you’re transferring data on your wired connection at 100mbit and you have an 11/54mbit wireless connection, there is no way that you’re going to be able to sniff all of the wired traffic. All it would do is bog down the wireless portion of the network because the router is only able to transmit at a specific rate.
    Just because the bandwidth is there and available doesn't mean that the connected equipment will use it. I graph traffic patterns on dozens of devices daily and I have yet to see a single device on the network max out on the available bandwidth. Even during nightly backups when I'm transferring between 150 and 200Gb of data, I never see anything coming close to max bandwidth.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •