Results 1 to 10 of 16

Thread: Quick question about Wireshark

Hybrid View

  1. #1
    Just burned his ISO
    Join Date
    Aug 2007
    Posts
    22

    Default Quick question about Wireshark

    Hey guys, whenever I run Wireshark doing a packet capture, I seem to only get packets directed towards my laptop (the computer I'm running it on). It's strange because my brother is on my desktop next to me, playing video games, actively using the network, but I don't seem to be getting any packets directed to or coming from his computer.

    My question is, is there some command or button in Wireshark that I'm missing that allows a network wide scan? Any input would be greatly appreciated.

    Thanks.

  2. #2
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by tyraeon View Post
    Hey guys, whenever I run Wireshark doing a packet capture, I seem to only get packets directed towards my laptop (the computer I'm running it on). It's strange because my brother is on my desktop next to me, playing video games, actively using the network, but I don't seem to be getting any packets directed to or coming from his computer.

    My question is, is there some command or button in Wireshark that I'm missing that allows a network wide scan? Any input would be greatly appreciated.

    Thanks.
    You may want to investigate the difference between a Switched network and a network using a Hub.

    Therein, probably lies your problem.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  3. #3
    Senior Member
    Join Date
    Apr 2007
    Posts
    3,385

    Default

    Yep...many a problem with sniffing switches.
    [CENTER][FONT=Book Antiqua][SIZE=5][B][COLOR=blue][FONT=Courier New][COLOR=red]--=[/COLOR][/FONT]Xploitz[FONT=Courier New][COLOR=red]=--[/COLOR][/FONT][/COLOR][/B][/SIZE][/FONT][FONT=Courier New][COLOR=Black][SIZE=6][B] ®[/B][/SIZE][/COLOR][/FONT][/CENTER]
    [CENTER][SIZE=4][B]Remote-Exploit.orgs Master Tutorialist.[/B][/SIZE][SIZE=6][B]™
    [/B][/SIZE]
    [URL="http://forums.remote-exploit.org/showthread.php?t=9063"][B]VIDEO: Volume #1 "E-Z No Client WEP Cracking Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=7872"][B]VIDEO: Volume #2 "E-Z No Client Korek Chopchop Attack Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=8230"][B]VIDEO: Volume #3 "E-Z WPA/WPA2 Cracking Tutorial"[/B][/URL]

    [URL="http://forums.remote-exploit.org/showthread.php?t=8041"][B]VIDEO: Volume #4 "E-Z Cracking WPA/WPA2 With Airolib-ng Databases"[/B][/URL]
    [/CENTER]

  4. #4
    Just burned his ISO
    Join Date
    Aug 2007
    Posts
    22

    Default

    Quote Originally Posted by streaker69 View Post
    You may want to investigate the difference between a Switched network and a network using a Hub.

    Therein, probably lies your problem.
    I'm using a Netgear CG814WG wireless router. It's a little white box router that my ISP provides both modem and wireless routing in one. 4 eth ports, the works. I'm not totally sure whether this would be classified as a switch or a hub, but I'd imagine since XploitZ has mentioned that sniffing switches poses problems, that it's a switch. Is there any way I can remedy this for my purposes?

  5. #5
    Senior Member
    Join Date
    Apr 2007
    Posts
    3,385

    Default

    A a switch basically is intelligent and makes sure that all ports get equal share of bandwidth. A hub is passive bugger, and if you got a 10MB line...and 2 comps on the internet at the same time...both will get 5MB of bandwidth each...whereas a switch will make sure both PC's connected will get the full 10MB of bandwidth...more than likely..if its a new Router /AP...it has switches.

    Theres a partial solution here on the forums..all I can suggest is searching the keywords switch and or sniffing...more than likely the keywords switch or switching or switches will give you what your looking for. I know it was in a thread discussing ettercap...so try that keyword as well...ettercap.
    [CENTER][FONT=Book Antiqua][SIZE=5][B][COLOR=blue][FONT=Courier New][COLOR=red]--=[/COLOR][/FONT]Xploitz[FONT=Courier New][COLOR=red]=--[/COLOR][/FONT][/COLOR][/B][/SIZE][/FONT][FONT=Courier New][COLOR=Black][SIZE=6][B] ®[/B][/SIZE][/COLOR][/FONT][/CENTER]
    [CENTER][SIZE=4][B]Remote-Exploit.orgs Master Tutorialist.[/B][/SIZE][SIZE=6][B]™
    [/B][/SIZE]
    [URL="http://forums.remote-exploit.org/showthread.php?t=9063"][B]VIDEO: Volume #1 "E-Z No Client WEP Cracking Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=7872"][B]VIDEO: Volume #2 "E-Z No Client Korek Chopchop Attack Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=8230"][B]VIDEO: Volume #3 "E-Z WPA/WPA2 Cracking Tutorial"[/B][/URL]

    [URL="http://forums.remote-exploit.org/showthread.php?t=8041"][B]VIDEO: Volume #4 "E-Z Cracking WPA/WPA2 With Airolib-ng Databases"[/B][/URL]
    [/CENTER]

  6. #6
    Just burned his ISO
    Join Date
    Aug 2007
    Posts
    11

    Default

    It also has a lot to do with the way your LAN is configured. For example, if you have both wired and wireless connections, then chances are the traffic from each will not be broadcast to the other.

    Are all of your computers on the network using Wifi? If your desktop is using a wired connection to your router, then you’re not going to be able to intercept the traffic with your laptop while using wifi.

  7. #7
    Just burned his ISO
    Join Date
    Aug 2007
    Posts
    22

    Default

    So, theoretically, is there a way to monitor / sniff network traffic on a wired network (my desktop) other than wiring right into the router? I'm not sure what keywords to look for there....if there's a thread on it I'd love to see it.

    Noob questions, I know. Thanks for putting up with me.

  8. #8
    Senior Member
    Join Date
    Apr 2007
    Posts
    3,385

    Default

    Quote Originally Posted by Cybersqu View Post

    If your desktop is using a wired connection to your router, then you’re not going to be able to intercept the traffic with your laptop while using wifi.

    Really???

    I beg to differ.

    I can use ettercap on my laptop (wireless) and sniff ALL my traffic on my WIRED PC (no wireless) connected on a switched AP...and pull up every site I typed in a username and password..and do the same thing using wireshark.(See all packets sent from my WIRED Desktop)..and it all comes up on my wireless laptop.
    [CENTER][FONT=Book Antiqua][SIZE=5][B][COLOR=blue][FONT=Courier New][COLOR=red]--=[/COLOR][/FONT]Xploitz[FONT=Courier New][COLOR=red]=--[/COLOR][/FONT][/COLOR][/B][/SIZE][/FONT][FONT=Courier New][COLOR=Black][SIZE=6][B] ®[/B][/SIZE][/COLOR][/FONT][/CENTER]
    [CENTER][SIZE=4][B]Remote-Exploit.orgs Master Tutorialist.[/B][/SIZE][SIZE=6][B]™
    [/B][/SIZE]
    [URL="http://forums.remote-exploit.org/showthread.php?t=9063"][B]VIDEO: Volume #1 "E-Z No Client WEP Cracking Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=7872"][B]VIDEO: Volume #2 "E-Z No Client Korek Chopchop Attack Tutorial"[/B]
    [/URL]
    [URL="http://forums.remote-exploit.org/showthread.php?t=8230"][B]VIDEO: Volume #3 "E-Z WPA/WPA2 Cracking Tutorial"[/B][/URL]

    [URL="http://forums.remote-exploit.org/showthread.php?t=8041"][B]VIDEO: Volume #4 "E-Z Cracking WPA/WPA2 With Airolib-ng Databases"[/B][/URL]
    [/CENTER]

  9. #9
    Member PeppersGhost's Avatar
    Join Date
    Jan 2008
    Posts
    204

    Default

    Quote Originally Posted by tyraeon View Post
    "is there some command or button in Wireshark that I'm missing that allows a network wide scan?"
    The short answer is yes and no. Will it(WireShark) scan all traffic=Yes. The way you have it set up=No.
    <EeePc 1000HA BT4/W7 USB boot Alfa500 GPS BlueTooth>

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •