wqevwevqwevqwrevwfd Posted April 10, 2010 Share Posted April 10, 2010 (edited) I downloaded wireshark and it seems that it only can capture packets from the PC where wireshark is installed on, what am I doing wrong? This is in my home setup I haven't got the time to test it out out side of the home network. note, I just bought a WRT54GL router this is the setup of wirehark:(running on windows 7) and this is what I see: and on my capture PC I have nothing on all the other PC's are stand-by only 1 pc is using youtube Edited April 12, 2010 by nivong Quote Link to comment Share on other sites More sharing options...
digip Posted April 10, 2010 Share Posted April 10, 2010 Thatis what wireshark does, it captures packets on your machine from your NIC, locally. To see packets on the network that aren't yours, one of two things need to be in place depending on if you use wired or wireless. Wired: 1, you need to be using a hub which broadcasts packets to all nodes on the hub, or 2, MITM another node on the same subnet. Wireless: MITM a client on the same subnet, or 2, have a wireless card that can do monitor mode and see all the packets in the air(so long as they are not encrypted, ex: wep or wpa). Now to do the monitor mode, most nics will require you to use Linux, but only if the card is supported for Monitor mode. Windows can do it with special cards but also reuire custom drivers unless you go with something like Cace Airpcap cards which work with Wireshark natively in windows: http://www.cacetech.com/products/airpcap.html Quote Link to comment Share on other sites More sharing options...
wqevwevqwevqwrevwfd Posted April 10, 2010 Author Share Posted April 10, 2010 (edited) Thatis what wireshark does, it captures packets on your machine from your NIC, locally. To see packets on the network that aren't yours, one of two things need to be in place depending on if you use wired or wireless. Wired: 1, you need to be using a hub which broadcasts packets to all nodes on the hub, or 2, MITM another node on the same subnet. Wireless: MITM a client on the same subnet, or 2, have a wireless card that can do monitor mode and see all the packets in the air(so long as they are not encrypted, ex: wep or wpa). Now to do the monitor mode, most nics will require you to use Linux, but only if the card is supported for Monitor mode. Windows can do it with special cards but also reuire custom drivers unless you go with something like Cace Airpcap cards which work with Wireshark natively in windows: http://www.cacetech.com/products/airpcap.html Thanks for the awnser(s) I use a wired connection with a HUB, so you have: Cabel modem > ROUTER > HUB > PC1 ...............................................> PC2 ...............................................> PC3 etc. so you think it's because of the HUB? Edited April 10, 2010 by nivong Quote Link to comment Share on other sites More sharing options...
Sparda Posted April 10, 2010 Share Posted April 10, 2010 Is the HUB a HUB or a switch? Quote Link to comment Share on other sites More sharing options...
digip Posted April 10, 2010 Share Posted April 10, 2010 (edited) A true hub will allow you to see all the traffic, a switch will only send to the party its intended for unless you do a MITM or its a high end device like an Cisco Enterprise switch that can do port mirroring. Home switches dont do port mirroring, and most home consumer switches say stuff like 4 port ethernet hub on them, when in reality they are a router/switch combo. If its a real hub and not a switch, it would work like any repeater, everyone will see the traffic since it will broadcast anything it receives on one port to all its other ports. Edited April 10, 2010 by digip Quote Link to comment Share on other sites More sharing options...
VaKo Posted April 10, 2010 Share Posted April 10, 2010 In all honesty, I've not seen hubs since 10Mbit was fast, and if its 1GBit there is no chance it will be a hub. Quote Link to comment Share on other sites More sharing options...
Inked Posted April 11, 2010 Share Posted April 11, 2010 (edited) I downloaded wireshark and it seems that it only can capture packets from the PC where wireshark is installed on, what am I doing wrong? This is in my home setup I haven't got the time to test it out out side of the home network. note, I just bought a WRT54GL router thanks for asking this nivong! I was just playing around on wireshark in BT4 and was wondering why I was only seeing MY traffic and not the wife's who was on her netbook in the other room! I had not set my alfa to monitor mode to listen to everything! I love how much I can learn from reading on here and trying things! Edited April 11, 2010 by Inked Quote Link to comment Share on other sites More sharing options...
Burning Aces Posted April 11, 2010 Share Posted April 11, 2010 thanks for asking this nivong! I was just playing around on wireshark in BT4 and was wondering why I was only seeing MY traffic and not the wife's who was on her netbook in the other room! I had not set my alfa to monitor mode to listen to everything! I love how much I can learn from reading on here and trying things! go re-read your topic dont use monitor mode for MITM Quote Link to comment Share on other sites More sharing options...
wqevwevqwevqwrevwfd Posted April 11, 2010 Author Share Posted April 11, 2010 (edited) Is the HUB a HUB or a switch? It's a HUB as i mentoid earlier, it's a cheap 100 mb/s hub ICICU (is the company) it was something like 5 euro In all honesty, I've not seen hubs since 10Mbit was fast, and if its 1GBit there is no chance it will be a hub. Well mine HUB is 100 MB/s thanks for asking this nivong! I was just playing around on wireshark in BT4 and was wondering why I was only seeing MY traffic and not the wife's who was on her netbook in the other room! I had not set my alfa to monitor mode to listen to everything! I love how much I can learn from reading on here and trying things! indeed, there are a lot of nice people here that are willing to help! love it allready :D! added images to the first post Edited April 11, 2010 by nivong Quote Link to comment Share on other sites More sharing options...
Inked Posted April 11, 2010 Share Posted April 11, 2010 nivong, It might help you out to read my post regarding wireshark problems. I believe we are having very similar issues. http://www.hak5.org/forums/index.php?showtopic=16179 Quote Link to comment Share on other sites More sharing options...
Burning Aces Posted April 12, 2010 Share Posted April 12, 2010 Thatis what wireshark does, it captures packets on your machine from your NIC, locally. To see packets on the network that aren't yours, one of two things need to be in place depending on if you use wired or wireless. Wired: 1, you need to be using a hub which broadcasts packets to all nodes on the hub, or 2, MITM another node on the same subnet. Wireless: MITM a client on the same subnet, or 2, have a wireless card that can do monitor mode and see all the packets in the air(so long as they are not encrypted, ex: wep or wpa). Now to do the monitor mode, most nics will require you to use Linux, but only if the card is supported for Monitor mode. Windows can do it with special cards but also reuire custom drivers unless you go with something like Cace Airpcap cards which work with Wireshark natively in windows: http://www.cacetech.com/products/airpcap.html more like ettercap -i wlan0 -Tq -M arp:remote // // so then you get ALL clients :D Quote Link to comment Share on other sites More sharing options...
wqevwevqwevqwrevwfd Posted April 12, 2010 Author Share Posted April 12, 2010 (edited) nivong, It might help you out to read my post regarding wireshark problems. I believe we are having very similar issues. http://www.hak5.org/forums/index.php?showtopic=16179 I already read it but I don't use a wlan connection I use a LAN connection. But yea it's kinda the same problem. more like ettercap -i wlan0 -Tq -M arp:remote // // so then you get ALL clients :D What does it do ? capture packets from all clients in your area?(even if your not connected to the AP?) I forgot to mention I use wireshark on windows 7, also tried in backtrack (4) but no luck. so it's not related to the OS. I think there will be something wrong with my network(well wrong, clad my network is save lol) Today I will test it out somewhere. Stay tuned! Edited April 12, 2010 by nivong Quote Link to comment Share on other sites More sharing options...
Burning Aces Posted April 12, 2010 Share Posted April 12, 2010 I already read it but I don't use a wlan connection I use a LAN connection. But yea it's kinda the same problem. What does it do ? capture packets from all clients in your area?(even if your not connected to the AP?) I forgot to mention I use wireshark on windows 7, also tried in backtrack (4) but no luck. so it's not related to the OS. I think there will be something wrong with my network(well wrong, clad my network is save lol) Today I will test it out somewhere. Stay tuned! no it mitm's all the users on the AP you HAVE TO BE ON THE AP FIRST so you need to go back a step Quote Link to comment Share on other sites More sharing options...
wqevwevqwevqwrevwfd Posted April 15, 2010 Author Share Posted April 15, 2010 no it mitm's all the users on the AP you HAVE TO BE ON THE AP FIRST so you need to go back a step ah oke thnx, still hadn't got the time to test it on someones els his network please stand-by Quote Link to comment Share on other sites More sharing options...
wqevwevqwevqwrevwfd Posted April 18, 2010 Author Share Posted April 18, 2010 still no luck tested with cain and able and even that one cound't find anything only from the sniffing PC. I thing its my hub that's blocking it.... that it is a cheap not good working HUB that need to be replaced couse it's acting like a switch! Quote Link to comment Share on other sites More sharing options...
Sparda Posted April 18, 2010 Share Posted April 18, 2010 If you buy another HUB it will probably be a switch too... HUBs are a thing of the distant past. Quote Link to comment Share on other sites More sharing options...
barry99705 Posted April 18, 2010 Share Posted April 18, 2010 still no luck tested with cain and able and even that one cound't find anything only from the sniffing PC. I thing its my hub that's blocking it.... that it is a cheap not good working HUB that need to be replaced couse it's acting like a switch! Build a passive tap. http://www.sun.com/bigadmin/content/submit...thernet_tap.jsp You can see a slightly convoluted thread about them here. http://www.netstumbler.org/f17/humble-request-22694/ Quote Link to comment Share on other sites More sharing options...
digip Posted April 19, 2010 Share Posted April 19, 2010 Dumb question, but what kinds of cables ar eyou using with the hub? Crossover, straight through, etc? Quote Link to comment Share on other sites More sharing options...
wqevwevqwevqwrevwfd Posted April 19, 2010 Author Share Posted April 19, 2010 If you buy another HUB it will probably be a switch too... HUBs are a thing of the distant past. Well my HUB is a real HUB it's like 5 years old thing that already need to be replaced a long time ago :P Dumb question, but what kinds of cables ar eyou using with the hub? Crossover, straight through, etc? Well it's hard to tell becouse there are all plugged in but I think there are al straight cat 4-5 Quote Link to comment Share on other sites More sharing options...
wqevwevqwevqwrevwfd Posted April 19, 2010 Author Share Posted April 19, 2010 I checked 1 cable and that cable was crossed l0l Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.