xXNirvashXx Posted July 13, 2009 Share Posted July 13, 2009 Hey, eps 514 showed some really great tools but.... 1st) how did they capture packets from other pcs ? I don’t think I’ve heard them saying ... but were they connected to a switch? 2nd) every time I try this on my own network I only manage to capture packets from my own pc only. I know this is because I use router and not a switch, but how were they able to do it in the show? What I accentually want to play around with is : To say go to a website on my iphone and capture packets on my laptop via wireless and analyse them with those tools. Can that be done? Thank you Quote Link to comment Share on other sites More sharing options...
taiyed14 Posted July 13, 2009 Share Posted July 13, 2009 On a switched network you will only see broadcast, mulitcast, and traffic destined for your hardware address (there is one more type, but i don't remember it). On a switched network (yes wireless routers are switched networks) you needs to either a) set up a network tap or b. use a man-in-the-middle attack to see all network traffic. c) put your wireless card into monitor mode and sniff all wireless traffic.. More detail follows. a) you can use a hub. connect target, your computer and the switch all to the hub. The biggest limitations to this is that a true hub is hard to come by these days. You could purchase a network tap from a company like www.netoptics.com. b. tools like ettercap, sslstrip, the middler, cain are great software approaches at MitM attacks. Jasager/Karma or just a correctly configured rouge AP are for wireless MitM attacks c) if you know the encryption key, or its an open wifi point, you can capture any traffic on a particular channel just by setting your wifi card into a listen only mode (monitor mode). Capture the data and then analyze it offline. Quote Link to comment Share on other sites More sharing options...
xXNirvashXx Posted July 14, 2009 Author Share Posted July 14, 2009 On a switched network you will only see broadcast, mulitcast, and traffic destined for your hardware address (there is one more type, but i don't remember it). On a switched network (yes wireless routers are switched networks) you needs to either a) set up a network tap or b. use a man-in-the-middle attack to see all network traffic. c) put your wireless card into monitor mode and sniff all wireless traffic.. More detail follows. a) you can use a hub. connect target, your computer and the switch all to the hub. The biggest limitations to this is that a true hub is hard to come by these days. You could purchase a network tap from a company like www.netoptics.com. b. tools like ettercap, sslstrip, the middler, cain are great software approaches at MitM attacks. Jasager/Karma or just a correctly configured rouge AP are for wireless MitM attacks c) if you know the encryption key, or its an open wifi point, you can capture any traffic on a particular channel just by setting your wifi card into a listen only mode (monitor mode). Capture the data and then analyze it offline. thank you i will try to read more in to option B ) How do i do it using part c) how do i set my wifi card in to a monitor mode? Quote Link to comment Share on other sites More sharing options...
taiyed14 Posted July 14, 2009 Share Posted July 14, 2009 The easiest way to way to get a wifi card into monitor mode is in Linux. (for windows google AirPCAP) Your card's chipset must support it and you have to have linux drivers that support it (google YOUR CARD chipset) or (google YOUR CARD linux) after you have that all set up and working, you can use wireshark to capture the traffic. you'll need to enter the wireless key into wireshark (if there is one) so it can decrypt the packets. Quote Link to comment Share on other sites More sharing options...
xXNirvashXx Posted July 15, 2009 Author Share Posted July 15, 2009 The easiest way to way to get a wifi card into monitor mode is in Linux. (for windows google AirPCAP) Your card's chipset must support it and you have to have linux drivers that support it (google YOUR CARD chipset) or (google YOUR CARD linux) after you have that all set up and working, you can use wireshark to capture the traffic. you'll need to enter the wireless key into wireshark (if there is one) so it can decrypt the packets. thankz, but after i seach adn find my cheapset what do i do then? i mean what software do i use (for lunix?) and as for windows all i found about AirPCAP is that its an external actual wifi card and not a software... I have tried to put my card in to monitor mode using microsofts Network Manager and then also oppening Wireshack but i wasnt able to capture any packets as my wifi addapter was gone from the list and was replaced by "Microsoft" and the packets i captured with Network Manager i didnt need network key but i wasnt able to get anything using Net Witness or Net Miner Quote Link to comment Share on other sites More sharing options...
taiyed14 Posted July 15, 2009 Share Posted July 15, 2009 You just want to make sure you wireless card's chipset is supported in Linux and if it is able to be put into monitor mode. #iwconfig wlan0 mode monitor AirPCAP is just an external wireless adapter with special drivers to allow for monitor mode. This package, I believe, is the only way to put a card into monitor mode in Windows Quote Link to comment Share on other sites More sharing options...
xXNirvashXx Posted July 30, 2009 Author Share Posted July 30, 2009 You just want to make sure you wireless card's chipset is supported in Linux and if it is able to be put into monitor mode. #iwconfig wlan0 mode monitor AirPCAP is just an external wireless adapter with special drivers to allow for monitor mode. This package, I believe, is the only way to put a card into monitor mode in Windows When i set my card into monitor mode and capture packets and no point its asks me for my key , and when i try to analyze them i get nothing. No imiges and anything like it. where is it do i have to enter my encryption code? Quote Link to comment Share on other sites More sharing options...
taiyed14 Posted July 30, 2009 Share Posted July 30, 2009 When i set my card into monitor mode and capture packets and no point its asks me for my key , and when i try to analyze them i get nothing. No imiges and anything like it. where is it do i have to enter my encryption code? wireshark isn't going to ask you for a key, you need to put it some where in some configuration window. google is your best friend. so is the wireshark documentation. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.