wireshark !
Working on my CEH ..i am playing around with tools to have a better understanding of the logic of each tool and try to inerepret results.
I have 3 laptops connected as wireless to the my linksys router. I am using Wireshark on one machine.
I am trying to sniff packets by using wireshark in promiscous mode. I loaded websites and messanger sessions on the other two laptops...but I cant collect any packets from other laptop. All I can do is collect packet on the same machine where I have wireshark installed in promiscous mode.
Is there a step that I am missing !.....
I have 3 laptops connected as wireless to the my linksys router. I am using Wireshark on one machine.
I am trying to sniff packets by using wireshark in promiscous mode. I loaded websites and messanger sessions on the other two laptops...but I cant collect any packets from other laptop. All I can do is collect packet on the same machine where I have wireshark installed in promiscous mode.
Is there a step that I am missing !.....
Comments
-
JDMurray Admin Posts: 13,092 AdminAre the other laptops sending packet traffic to the laptop where you have Wireshark installed? Do you have any protocols filters configured that may be hiding the packet traffic? How about disabling your software firewall?
-
rubberToe Inactive Imported Users Posts: 56 ■■□□□□□□□□Turn off encryption too if you haven't already.
-
nanga Member Posts: 201nope...the laptop are doing their own browsing...like google..techexams.cnn...etc etc and IM as gtalk and yahoo messengers...they arent sending anything to the laptop whcih has wireshark on it. .....
No encryption enabled on it....even if it would have been encryption...there should have been packets only encrypted...i guess.
The machine whch has wireshark installed ..shows packet capture for the same machine...but it has windows firewall and norton FW.....would it really matter -
Sie Member Posts: 1,195Your wireless card isnt in promiscous mode, hence why you can only capture packets off your own NIC.
Are you running windows or *nix?
What set of drivers are you using to place your NIC in a monitor state?Foolproof systems don't take into account the ingenuity of fools -
JDMurray Admin Posts: 13,092 AdminAh, good spot! WinPcap doesn't support many wireless adapters. Here's the list of the ones supported: http://www.micro-logix.com/WinPcap/Supported.asp
It might be easier to cable all three laptops into your Linksys just to get your experiment going. -
nanga Member Posts: 201well I did put the option for the wireless NIC as promiscious mode. Even the card is in the list. ....I didnt get time to further and do more troubleshooting....I shall try to keep u guys updated on this..till then if u think of any trick...do le me know..
thanks for the help -
JDMurray Admin Posts: 13,092 AdminMake sure you are using the latest drivers for your wireless NIC. Also Google to check if anyone else with that same NIC is experiencing the same trouble with Wireshark.
-
nanga Member Posts: 201nanga wrote:Working on my CEH ..i am playing around with tools to have a better understanding of the logic of each tool and try to inerepret results.
I have 3 laptops connected as wireless to the my linksys router. I am using Wireshark on one machine.
I am trying to sniff packets by using wireshark in promiscous mode. I loaded websites and messanger sessions on the other two laptops...but I cant collect any packets from other laptop. All I can do is collect packet on the same machine where I have wireshark installed in promiscous mode.
Is there a step that I am missing !.....
Is this because the wireless router breaks broadcast domain and hence the packets are not picked up by the wireshark on machine 1.