Quick question about Wireshark

[tyraeon]

Hey guys, whenever I run Wireshark doing a packet capture, I seem to only get packets directed towards my laptop (the computer I'm running it on). It's strange because my brother is on my desktop next to me, playing video games, actively using the network, but I don't seem to be getting any packets directed to or coming from his computer.

My question is, is there some command or button in Wireshark that I'm missing that allows a network wide scan? Any input would be greatly appreciated.

Thanks.

[streaker69]

Hey guys, whenever I run Wireshark doing a packet capture, I seem to only get packets directed towards my laptop (the computer I'm running it on). It's strange because my brother is on my desktop next to me, playing video games, actively using the network, but I don't seem to be getting any packets directed to or coming from his computer.

My question is, is there some command or button in Wireshark that I'm missing that allows a network wide scan? Any input would be greatly appreciated.

Thanks.

You may want to investigate the difference between a Switched network and a network using a Hub.

Therein, probably lies your problem.

[-=Xploitz=-]

Yep...many a problem with sniffing switches.

[tyraeon]

You may want to investigate the difference between a Switched network and a network using a Hub.

Therein, probably lies your problem.

I'm using a Netgear CG814WG wireless router. It's a little white box router that my ISP provides both modem and wireless routing in one. 4 eth ports, the works. I'm not totally sure whether this would be classified as a switch or a hub, but I'd imagine since XploitZ has mentioned that sniffing switches poses problems, that it's a switch. Is there any way I can remedy this for my purposes?

[-=Xploitz=-]

A a switch basically is intelligent and makes sure that all ports get equal share of bandwidth. A hub is passive bugger, and if you got a 10MB line...and 2 comps on the internet at the same time...both will get 5MB of bandwidth each...whereas a switch will make sure both PC's connected will get the full 10MB of bandwidth...more than likely..if its a new Router /AP...it has switches.

Theres a partial solution here on the forums..all I can suggest is searching the keywords switch and or sniffing...more than likely the keywords switch or switching or switches will give you what your looking for. I know it was in a thread discussing ettercap...so try that keyword as well...ettercap.

[Cybersqu]

It also has a lot to do with the way your LAN is configured. For example, if you have both wired and wireless connections, then chances are the traffic from each will not be broadcast to the other.

Are all of your computers on the network using Wifi? If your desktop is using a wired connection to your router, then you’re not going to be able to intercept the traffic with your laptop while using wifi.

[tyraeon]

So, theoretically, is there a way to monitor / sniff network traffic on a wired network (my desktop) other than wiring right into the router? I'm not sure what keywords to look for there....if there's a thread on it I'd love to see it.

Noob questions, I know. Thanks for putting up with me.

[-=Xploitz=-]

If your desktop is using a wired connection to your router, then you’re not going to be able to intercept the traffic with your laptop while using wifi.

Really???

I beg to differ.

I can use ettercap on my laptop (wireless) and sniff ALL my traffic on my WIRED PC (no wireless) connected on a switched AP...and pull up every site I typed in a username and password..and do the same thing using wireshark.(See all packets sent from my WIRED Desktop)..and it all comes up on my wireless laptop.

[Cybersqu]

Really???

I beg to differ.

I can use ettercap on my laptop (wireless) and sniff ALL my traffic on my WIRED PC (no wireless) connected on a switched AP...and pull up every site I typed in a username and password..and do the same thing using wireshark.(See all packets sent from my WIRED Desktop)..and it all comes up on my wireless laptop.

Yeah, it has to do with your router's configuration.. Most of the wireless home routers i've seen (but not all) actually segregate the wired and wireless traffic, usually with a vlan, and only send data to wireless clients when its supposed to be routed to them. Switching/Routing logic is what gives routers an advantage over hubs, as traffic isn’t just broadcast to all clients.

If you think about it, it makes sense.. If you’re transferring data on your wired connection at 100mbit and you have an 11/54mbit wireless connection, there is no way that you’re going to be able to sniff all of the wired traffic. All it would do is bog down the wireless portion of the network because the router is only able to transmit at a specific rate.

[streaker69]

If you think about it, it makes sense.. If you’re transferring data on your wired connection at 100mbit and you have an 11/54mbit wireless connection, there is no way that you’re going to be able to sniff all of the wired traffic. All it would do is bog down the wireless portion of the network because the router is only able to transmit at a specific rate.

Just because the bandwidth is there and available doesn't mean that the connected equipment will use it. I graph traffic patterns on dozens of devices daily and I have yet to see a single device on the network max out on the available bandwidth. Even during nightly backups when I'm transferring between 150 and 200Gb of data, I never see anything coming close to max bandwidth.