Results 1 to 5 of 5

Thread: Not grabbing all the packets --need help

  1. #1
    Just burned his ISO
    Join Date
    Aug 2010

    Default Not grabbing all the packets --need help

    Hi all, this is my first post here. I've done some searching but I can't find a post similar to the problems I'm having.

    I'm trying to view another clients (ie. my desktop) traffic on my laptop. I've been going to this web page on my desktop: BLUE - Backgrounds and Patterns It is just a page with a few background pictures on it. My problem is that I'm not grabbing all the packets. Sure I get some, but only 50% or less it seems.

    I've tried a few different ways, and I don't know if any of them are even the correct way to do it.

    I have also tried two different interface devices, with similar results with both devices..
    Here they are listed:
    PCI: Atheros Communications Inc. AR5001 Wireless Network Adapter (INTERNAL)
    USB: Realtek Semiconductor Corp. RTL8187 Wireless Adapter(ALFA AWUS036H)

    I've tried to just obtain an ip address and open wireshark on wlan0 and have promiscuous mode enabled. This seems to work the best, but I still do not capture all the packets.

    I've tried to set my card into monitor mode
    airmon-ng start wlan0
    airodump-ng -c 11 --bssid mybssid mon0 -w cap

    I then open the cap in wireshark(or I start wireshark on mon0) and I'm not getting all the packets that way either.
    I've also tried a few different distances from the AP.
    the AP is a netgear WGR614v7 through I doubt that has much to do with it.
    It is also a completely open AP no enc. to auth.

    Any ideas on what I'm doing wrong?

  2. #2
    Member macphail's Avatar
    Join Date
    Jun 2010
    East Coast, USA

    Default Re: Not grabbing all the packets --need help

    packet loss can occur for several reasons...
    Let me google that for you

  3. #3
    Just burned his ISO
    Join Date
    Aug 2010

    Default Re: Not grabbing all the packets --need help

    Gee, google, never thought of that.

    And it isn't a problem with wireshark. It is a problem with the card being in monitor mode or promiscuous mode, which googleing that only explains to try ARP poisoning, which I'm not ready to move on to yet.

    I guess what I'm asking is if major packet loss is to be expected with a card in monitor mode, or could I have a hardware/ software issue?

  4. #4
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010

    Default Re: Not grabbing all the packets --need help

    If someone gives you a non specific answer you should check to see if you provided specific detail.

    Some questions that occurred to me when I read your post: How do you know you aren't grabbing all the packets? Which ones aren't you grabbing? Is there anything specific about the ones you are not getting that might indicate the source of the problem? Encryption?
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  5. #5
    Just burned his ISO
    Join Date
    Aug 2010

    Default Re: Not grabbing all the packets --need help

    The AP is totally open, no Encryption.
    Here is how I know I'm missing packets:

    I have wireshark open on 2 computers, both connected to the AP through wifi. The desktop I'm surfing from, and the laptop that I have in monitor mode(with it locked on the channel of the AP). The dump on the desktop shows all http traffic, where as the laptop losses a LOT of packets, so much so that I cannot grab most of the http traffic(images, html pages). It almost seems like the card is still hopping channels or isn't updating fast enough? I watch iwconfig to see if the frequency changes and it doesn't report that it is.

    I can't see any thing specific in the packets I"m not getting - seems random.

    Now if I associate with the AP and get a IP address and do either a DCHP or ARP spoof I get all the traffic, but in monitor mode I don't. and I thought that in monitor mode you could still sniff all the traffic.

Similar Threads

  1. 1 ARP after 100.000 packets
    By Armagedeon in forum OLD BackTrack 4 Bugs and Fixes
    Replies: 2
    Last Post: 03-04-2010, 12:45 AM
  2. grabbing a hash in ubuntu
    By deathwisp0R in forum OLD Newbie Area
    Replies: 2
    Last Post: 11-06-2009, 03:05 AM
  3. Packets not going through??
    By su13zer0 in forum OLD Newbie Area
    Replies: 2
    Last Post: 07-25-2009, 08:54 AM
  4. ARP Packets
    By RainMan0x in forum OLD Newbie Area
    Replies: 2
    Last Post: 10-22-2008, 09:57 AM
  5. quick tut on fingerprinting web servers by banner grabbing.
    By xatar in forum OLD Tutorials and Guides
    Replies: 11
    Last Post: 10-31-2007, 05:00 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts