wireshark !

nanga · October 2008

Working on my CEH ..i am playing around with tools to have a better understanding of the logic of each tool and try to inerepret results.

I have 3 laptops connected as wireless to the my linksys router. I am using Wireshark on one machine.

I am trying to sniff packets by using wireshark in promiscous mode. I loaded websites and messanger sessions on the other two laptops...but I cant collect any packets from other laptop. All I can do is collect packet on the same machine where I have wireshark installed in promiscous mode.

Is there a step that I am missing !.....

JDMurray · October 2008

Are the other laptops sending packet traffic to the laptop where you have Wireshark installed? Do you have any protocols filters configured that may be hiding the packet traffic? How about disabling your software firewall?

rubberToe · October 2008

Turn off encryption too if you haven't already.

nanga · October 2008

nope...the laptop are doing their own browsing...like google..techexams.cnn...etc etc and IM as gtalk and yahoo messengers...they arent sending anything to the laptop whcih has wireshark on it. .....

No encryption enabled on it....even if it would have been encryption...there should have been packets only encrypted...i guess.

The machine whch has wireshark installed ..shows packet capture for the same machine...but it has windows firewall and norton FW.....would it really matter

Sie · October 2008

Your wireless card isnt in promiscous mode, hence why you can only capture packets off your own NIC.

Are you running windows or *nix?

What set of drivers are you using to place your NIC in a monitor state?

JDMurray · October 2008

Ah, good spot! WinPcap doesn't support many wireless adapters. Here's the list of the ones supported: http://www.micro-logix.com/WinPcap/Supported.asp

It might be easier to cable all three laptops into your Linksys just to get your experiment going.

nanga · October 2008

well I did put the option for the wireless NIC as promiscious mode. Even the card is in the list. ....I didnt get time to further and do more troubleshooting....I shall try to keep u guys updated on this..till then if u think of any trick...do le me know..

thanks for the help

JDMurray · October 2008

Make sure you are using the latest drivers for your wireless NIC. Also Google to check if anyone else with that same NIC is experiencing the same trouble with Wireshark.

nanga · November 2008

nanga wrote:

Working on my CEH ..i am playing around with tools to have a better understanding of the logic of each tool and try to inerepret results.

I have 3 laptops connected as wireless to the my linksys router. I am using Wireshark on one machine.

I am trying to sniff packets by using wireshark in promiscous mode. I loaded websites and messanger sessions on the other two laptops...but I cant collect any packets from other laptop. All I can do is collect packet on the same machine where I have wireshark installed in promiscous mode.

Is there a step that I am missing !.....

Is this because the wireless router breaks broadcast domain and hence the packets are not picked up by the wireshark on machine 1.

wireshark !

Comments