DJM Posted October 29, 2008 Posted October 29, 2008 Hi, i have been using Wireshark for a few days now. I have been able to see what other people are doing on the internet when they are connecting trow my computer by using an ethernet cable. How would i do this without me being in the middle? So i could intercept packets from other computers on other networks. Can i do this in Wireshark or not, if not how can I? Thanks, DJM Quote
digip Posted October 29, 2008 Posted October 29, 2008 One of two ways. Wireless with a card in monitor mode(under linux) and the other, as you describes, being in the middle, either by way of MITM or acting as an access point. Metatron also has a method of installing TCPdump onto a router, and not using wireshark at all to sniff all the packets going through the router itself. Quote
DJM Posted October 30, 2008 Author Posted October 30, 2008 Metatron also has a method of installing TCPdump onto a router, and not using wireshark at all to sniff all the packets going through the router itself. Ok, i see I can't intercept packets when im not in the middle. So how do i go about and setup a TCPdump on a router? Quote
vector Posted October 30, 2008 Posted October 30, 2008 ok youre jumping all over the place here. ou need to understand the difference between MITM, monitor mode, promiscuous mode, arp spoofing, port mirroring, etc etc are. now you can capture wireless traffic encrypted or unencrypted even if youre not associated to the LAN, and you can capture traffic while youre associated to the lan by arp spoofing, port mirroring, in either promiscuous mode or non promiscuous mode, but you need to understand when to do which. and how one affects the other. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.