Jump to content

Network Tap Analyzers


xXNirvashXx
 Share

Recommended Posts

Hey,

eps 514 showed some really great tools but....

1st) how did they capture packets from other pcs ? I don’t think I’ve heard them saying ... but were they connected to a switch?

2nd) every time I try this on my own network I only manage to capture packets from my own pc only. I know this is because I use router and not a switch, but how were they able to do it in the show?

What I accentually want to play around with is :

To say go to a website on my iphone and capture packets on my laptop via wireless and analyse them with those tools. Can that be done?

Thank you

Link to comment
Share on other sites

On a switched network you will only see broadcast, mulitcast, and traffic destined for your hardware address (there is one more type, but i don't remember it). On a switched network (yes wireless routers are switched networks) you needs to either a) set up a network tap or b. use a man-in-the-middle attack to see all network traffic. c) put your wireless card into monitor mode and sniff all wireless traffic.. More detail follows.

a) you can use a hub. connect target, your computer and the switch all to the hub. The biggest limitations to this is that a true hub is hard to come by these days. You could purchase a network tap from a company like www.netoptics.com.

b. tools like ettercap, sslstrip, the middler, cain are great software approaches at MitM attacks. Jasager/Karma or just a correctly configured rouge AP are for wireless MitM attacks

c) if you know the encryption key, or its an open wifi point, you can capture any traffic on a particular channel just by setting your wifi card into a listen only mode (monitor mode). Capture the data and then analyze it offline.

Link to comment
Share on other sites

On a switched network you will only see broadcast, mulitcast, and traffic destined for your hardware address (there is one more type, but i don't remember it). On a switched network (yes wireless routers are switched networks) you needs to either a) set up a network tap or b. use a man-in-the-middle attack to see all network traffic. c) put your wireless card into monitor mode and sniff all wireless traffic.. More detail follows.

a) you can use a hub. connect target, your computer and the switch all to the hub. The biggest limitations to this is that a true hub is hard to come by these days. You could purchase a network tap from a company like www.netoptics.com.

b. tools like ettercap, sslstrip, the middler, cain are great software approaches at MitM attacks. Jasager/Karma or just a correctly configured rouge AP are for wireless MitM attacks

c) if you know the encryption key, or its an open wifi point, you can capture any traffic on a particular channel just by setting your wifi card into a listen only mode (monitor mode). Capture the data and then analyze it offline.

thank you

i will try to read more in to option B )

How do i do it using part c) how do i set my wifi card in to a monitor mode?

Link to comment
Share on other sites

The easiest way to way to get a wifi card into monitor mode is in Linux. (for windows google AirPCAP)

Your card's chipset must support it and you have to have linux drivers that support it (google YOUR CARD chipset) or (google YOUR CARD linux)

after you have that all set up and working, you can use wireshark to capture the traffic. you'll need to enter the wireless key into wireshark (if there is one) so it can decrypt the packets.

Link to comment
Share on other sites

The easiest way to way to get a wifi card into monitor mode is in Linux. (for windows google AirPCAP)

Your card's chipset must support it and you have to have linux drivers that support it (google YOUR CARD chipset) or (google YOUR CARD linux)

after you have that all set up and working, you can use wireshark to capture the traffic. you'll need to enter the wireless key into wireshark (if there is one) so it can decrypt the packets.

thankz, but after i seach adn find my cheapset what do i do then? i mean what software do i use (for lunix?)

and as for windows all i found about AirPCAP is that its an external actual wifi card and not a software...

I have tried to put my card in to monitor mode using microsofts Network Manager and then also oppening Wireshack but i wasnt able to capture any packets as my wifi addapter was gone from the list and was replaced by "Microsoft"

and the packets i captured with Network Manager i didnt need network key but i wasnt able to get anything using Net Witness or Net Miner

Link to comment
Share on other sites

You just want to make sure you wireless card's chipset is supported in Linux and if it is able to be put into monitor mode.

#iwconfig wlan0 mode monitor

AirPCAP is just an external wireless adapter with special drivers to allow for monitor mode. This package, I believe, is the only way to put a card into monitor mode in Windows

Link to comment
Share on other sites

  • 2 weeks later...
You just want to make sure you wireless card's chipset is supported in Linux and if it is able to be put into monitor mode.

#iwconfig wlan0 mode monitor

AirPCAP is just an external wireless adapter with special drivers to allow for monitor mode. This package, I believe, is the only way to put a card into monitor mode in Windows

When i set my card into monitor mode and capture packets and no point its asks me for my key , and when i try to analyze them i get nothing. No imiges and anything like it. where is it do i have to enter my encryption code?

Link to comment
Share on other sites

When i set my card into monitor mode and capture packets and no point its asks me for my key , and when i try to analyze them i get nothing. No imiges and anything like it. where is it do i have to enter my encryption code?

wireshark isn't going to ask you for a key, you need to put it some where in some configuration window. google is your best friend. so is the wireshark documentation.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...