Wireshark Traffic Question
I have a small home network that I would like to analyze traffic on. I have wire shark installed on PC “A” and want to monitor unicast traffic on PC “B” and “C” also connected to the home wireless router.
In its current state I can see all broadcast traffic on the net. I do know that in order to acquire unicast I will have to accomplish one of these things…
1. Port span/mirror/HUB installed on the router
2. Install an USB AP on my PC and name SSID same as current setup and have all traffic run through USB AP running in promiscuous mode
3. Have router forward traffic to my PC by ARP poison etc…
I am wondering if there is any other creative “easy” ideas that this community has out there or maybe something I have not thought of yet?
BTW the router is a home router broadcasting SSID, NON encrypted/secured for this exercise.
In its current state I can see all broadcast traffic on the net. I do know that in order to acquire unicast I will have to accomplish one of these things…
1. Port span/mirror/HUB installed on the router
2. Install an USB AP on my PC and name SSID same as current setup and have all traffic run through USB AP running in promiscuous mode
3. Have router forward traffic to my PC by ARP poison etc…
I am wondering if there is any other creative “easy” ideas that this community has out there or maybe something I have not thought of yet?
BTW the router is a home router broadcasting SSID, NON encrypted/secured for this exercise.
Comments
-
rsutton
Member Posts: 1,029 ■■■■■□□□□□
ARP poisoning is easy (can be done in minutes) but does not work well for all traffic (e.g. https). Port mirroring is probably the best option if your router supports it. You have listed three, easy, options. Why are these not viable and what are you ultimately trying to accomplish? -
yzT
Member Posts: 365 ■■■□□□□□□□
This question looks quite suspicious, because if you don't want to use any of the methods you've mentioned, maybe it isn't really your home network :P or it is, but you're afraid that either B user or C user knows how to detect your surveillance and you are looking for other less common methods
Arpspoof is the easiest way. -
Cyberscum
Member Posts: 795 ■■■■■□□□□□
So the network is mine
, I have some end devices/users I would like to experiment on without leaving physical traces.
I guess my best option is either to
1. ARP poison to receive traffic, while missing some traffic.
2. Create a rouge access point. Send a disconnect signal to all devices to the current router and have the devices re-connect to the RAP. -
Cyberscum
Member Posts: 795 ■■■■■□□□□□
Hvae you guys tried on of the Airpcap devices? Any review on this item from amazon?
http://www.amazon.com/Alfa-AWUS036H-Wireless-Long-Rang-Panel/dp/B003YI4HRM/ref=sr_1_2?ie=UTF8&qid=1418156021&sr=8-2&keywords=airpcap -
jamthat
Member Posts: 304 ■■■□□□□□□□
Hvae you guys tried on of the Airpcap devices? Any review on this item from amazon?
Amazon.com: Alfa AWUS036H High power 1000mW 1W 802.11b/g High Gain USB Wireless Long-Rang WiFi network Adapter with 5dBi Rubber Antenna and a 7dBi Panel Antenna and Suction cup / Clip Window Mount - for Wardriving & Range Extension: Computers & Acces
I have this and used it for basic WEP cracking, etc (lab) - works great. I just have the standard antenna (5dBi) and the range on it is pretty ridiculous, I feel like it picked up the whole apt complex
