wireshark !

Working on my CEH ..i am playing around with tools to have a better understanding of the logic of each tool and try to inerepret results.

I have 3 laptops connected as wireless to the my linksys router. I am using Wireshark on one machine.

I am trying to sniff packets by using wireshark in promiscous mode. I loaded websites and messanger sessions on the other two laptops...but I cant collect any packets from other laptop. All I can do is collect packet on the same machine where I have wireshark installed in promiscous mode.

Is there a step that I am missing !.....

Find more posts tagged with

Comments

JDMurray

Are the other laptops sending packet traffic to the laptop where you have Wireshark installed? Do you have any protocols filters configured that may be hiding the packet traffic? How about disabling your software firewall?

rubberToe

Turn off encryption too if you haven't already.

nanga

nope...the laptop are doing their own browsing...like google..techexams.cnn...etc etc and IM as gtalk and yahoo messengers...they arent sending anything to the laptop whcih has wireshark on it. .....

No encryption enabled on it....even if it would have been encryption...there should have been packets only encrypted...i guess.

The machine whch has wireshark installed ..shows packet capture for the same machine...but it has windows firewall and norton FW.....would it really matter

Sie

Your wireless card isnt in promiscous mode, hence why you can only capture packets off your own NIC.

Are you running windows or *nix?

What set of drivers are you using to place your NIC in a monitor state?

JDMurray

Ah, good spot! WinPcap doesn't support many wireless adapters. Here's the list of the ones supported: http://www.micro-logix.com/WinPcap/Supported.asp

It might be easier to cable all three laptops into your Linksys just to get your experiment going.

nanga

well I did put the option for the wireless NIC as promiscious mode. Even the card is in the list. ....I didnt get time to further and do more troubleshooting....I shall try to keep u guys updated on this..till then if u think of any trick...do le me know..

thanks for the help

JDMurray

Make sure you are using the latest drivers for your wireless NIC. Also Google to check if anyone else with that same NIC is experiencing the same trouble with Wireshark.

nanga

nanga wrote:

Working on my CEH ..i am playing around with tools to have a better understanding of the logic of each tool and try to inerepret results.

I have 3 laptops connected as wireless to the my linksys router. I am using Wireshark on one machine.

I am trying to sniff packets by using wireshark in promiscous mode. I loaded websites and messanger sessions on the other two laptops...but I cant collect any packets from other laptop. All I can do is collect packet on the same machine where I have wireshark installed in promiscous mode.

Is there a step that I am missing !.....

Is this because the wireless router breaks broadcast domain and hence the packets are not picked up by the wireshark on machine 1.