Options
wireshark !
Working on my CEH ..i am playing around with tools to have a better understanding of the logic of each tool and try to inerepret results.
I have 3 laptops connected as wireless to the my linksys router. I am using Wireshark on one machine.
I am trying to sniff packets by using wireshark in promiscous mode. I loaded websites and messanger sessions on the other two laptops...but I cant collect any packets from other laptop. All I can do is collect packet on the same machine where I have wireshark installed in promiscous mode.
Is there a step that I am missing !.....
I have 3 laptops connected as wireless to the my linksys router. I am using Wireshark on one machine.
I am trying to sniff packets by using wireshark in promiscous mode. I loaded websites and messanger sessions on the other two laptops...but I cant collect any packets from other laptop. All I can do is collect packet on the same machine where I have wireshark installed in promiscous mode.
Is there a step that I am missing !.....
Comments
-
OptionsJDMurray Admin Posts: 13,035 AdminAre the other laptops sending packet traffic to the laptop where you have Wireshark installed? Do you have any protocols filters configured that may be hiding the packet traffic? How about disabling your software firewall?
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray -
OptionsrubberToe Inactive Imported Users Posts: 56 ■■□□□□□□□□Turn off encryption too if you haven't already.
-
Optionsnanga Member Posts: 201nope...the laptop are doing their own browsing...like google..techexams.cnn...etc etc and IM as gtalk and yahoo messengers...they arent sending anything to the laptop whcih has wireshark on it. .....
No encryption enabled on it....even if it would have been encryption...there should have been packets only encrypted...i guess.
The machine whch has wireshark installed ..shows packet capture for the same machine...but it has windows firewall and norton FW.....would it really matter -
OptionsSie Member Posts: 1,195Your wireless card isnt in promiscous mode, hence why you can only capture packets off your own NIC.
Are you running windows or *nix?
What set of drivers are you using to place your NIC in a monitor state?Foolproof systems don't take into account the ingenuity of fools -
OptionsJDMurray Admin Posts: 13,035 AdminAh, good spot! WinPcap doesn't support many wireless adapters. Here's the list of the ones supported: http://www.micro-logix.com/WinPcap/Supported.asp
It might be easier to cable all three laptops into your Linksys just to get your experiment going.
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray -
Optionsnanga Member Posts: 201well I did put the option for the wireless NIC as promiscious mode. Even the card is in the list. ....I didnt get time to further and do more troubleshooting....I shall try to keep u guys updated on this..till then if u think of any trick...do le me know..
thanks for the help -
OptionsJDMurray Admin Posts: 13,035 AdminMake sure you are using the latest drivers for your wireless NIC. Also Google to check if anyone else with that same NIC is experiencing the same trouble with Wireshark.
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray -
Optionsnanga Member Posts: 201nanga wrote:Working on my CEH ..i am playing around with tools to have a better understanding of the logic of each tool and try to inerepret results.
I have 3 laptops connected as wireless to the my linksys router. I am using Wireshark on one machine.
I am trying to sniff packets by using wireshark in promiscous mode. I loaded websites and messanger sessions on the other two laptops...but I cant collect any packets from other laptop. All I can do is collect packet on the same machine where I have wireshark installed in promiscous mode.
Is there a step that I am missing !.....
Is this because the wireless router breaks broadcast domain and hence the packets are not picked up by the wireshark on machine 1.