Plunder Bug don`t capture all protocols

[fbtm]

Plunder Bug captures only specific protocol like ARP, IGMP, SSDP form device connect to LAN -> SWITCH. Is it correct ? Why there is no other protocol like HTTP ?

 

Tested on Windows with Wireshark and NPCAP, on Kali with Wireshark.

[dark_pyrro]

That's not correct. You should get, for example, http based traffic as well. Provide some example network activity that can be recreated (i.e. what you do on the target/victim device that the Plunder Bug is capturing traffic on).

[fbtm]

53 minutes ago, dark_pyrro said:

Provide some example network activity that can be recreated (i.e. what you do on the target/victim device that the Plunder Bug is capturing traffic on)

For example opennig website and surfing the net. Plunder Bug doesn`t show HTTP traffic. Tested mute and unmute and  driver for Windows, Linux

[dark_pyrro]

http should for sure work, something's wrong (or done wrong)

[fbtm]

4 hours ago, dark_pyrro said:

something's wrong (or done wrong)

Yes but what ? It`s simple tool - plugin and run wireshark :)

[dark_pyrro]

Yeah, and that's the thing. You can't do much with it other than use it as intended. It sees what it sees. So, there's not much to troubleshoot and since I know (from my own experience and other sources) that it should capture, for example, http based traffic, then something is either wrong with the Plunder Bug (which is less likely since you can at least get some traffic captured) or it's something wrong with the usage/setup. Have you tried to capture traffic from different target devices or just one (1)?

[fbtm]

2 hours ago, dark_pyrro said:

Have you tried to capture traffic from different target devices or just one (1)?

Different target devices, still the same. Maybe this is the problem with Windows/Linux driver or wireshark version or npcap/winpcap ?

[dark_pyrro]

At least no issues with Linux when I use the Plunder Bug. Works as expected. I can try Windows later on.

[dark_pyrro]

Used Wireshark on a Win11 box now and it captures everything that I would expect (http/s, etc.) Even in muted mode. No additional (or updated) drivers for the ASIX interface.

[fbtm]

On 4/12/2023 at 3:15 PM, dark_pyrro said:

Used Wireshark on a Win11 box now and it captures everything that I would expect (http/s, etc.) Even in muted mode. No additional (or updated) drivers for the ASIX interface.

Thx, I appreciate. I tested it also on android device but still the same...only packet from USB-C device

[dark_pyrro]

If you can't get the Plunder Bug to work on any of the devices you try, I'd suggest creating a support ticket.

[p4trykx]

I also have problems with Plunder Bug. I only get some ARP packets in WireShark. No TCP

[dark_pyrro]

This should work without any issues, my previous suggestion is still valid

On 4/17/2023 at 8:10 AM, dark_pyrro said:

I'd suggest creating a support ticket

 

[0ne-nine9]

On 4/12/2023 at 9:43 AM, fbtm said:

Yes but what ? It`s simple tool - plugin and run wireshark 🙂

Heya! I replied on another thread where you commented as well.

Make sure the drivers for the network adapter are installed. They may not install automatically, so your devices will fail to see the PlunderBug in Wireshark or tcpdump.

https://docs.hak5.org/plunder-bug/getting-started/drivers
https://www.asix.com.tw/en/support/download