Jump to content

Plunder Bug don`t capture all protocols


fbtm

Recommended Posts

Plunder Bug captures only specific protocol like ARP, IGMP, SSDP form device connect to LAN -> SWITCH. Is it correct ? Why there is no other protocol like HTTP ?

 

Tested on Windows with Wireshark and NPCAP, on Kali with Wireshark.

Link to comment
Share on other sites

53 minutes ago, dark_pyrro said:

Provide some example network activity that can be recreated (i.e. what you do on the target/victim device that the Plunder Bug is capturing traffic on)

For example opennig website and surfing the net. Plunder Bug doesn`t show HTTP traffic. Tested mute and unmute and  driver for Windows, Linux

Link to comment
Share on other sites

Yeah, and that's the thing. You can't do much with it other than use it as intended. It sees what it sees. So, there's not much to troubleshoot and since I know (from my own experience and other sources) that it should capture, for example, http based traffic, then something is either wrong with the Plunder Bug (which is less likely since you can at least get some traffic captured) or it's something wrong with the usage/setup. Have you tried to capture traffic from different target devices or just one (1)?

Link to comment
Share on other sites

2 hours ago, dark_pyrro said:

Have you tried to capture traffic from different target devices or just one (1)?

Different target devices, still the same. Maybe this is the problem with Windows/Linux driver or wireshark version or npcap/winpcap ?

Link to comment
Share on other sites

On 4/12/2023 at 3:15 PM, dark_pyrro said:

Used Wireshark on a Win11 box now and it captures everything that I would expect (http/s, etc.) Even in muted mode. No additional (or updated) drivers for the ASIX interface.

Thx, I appreciate. I tested it also on android device but still the same...only packet from USB-C device

Link to comment
Share on other sites

  • 1 month later...
On 4/12/2023 at 9:43 AM, fbtm said:

Yes but what ? It`s simple tool - plugin and run wireshark 🙂

Heya! I replied on another thread where you commented as well.

Make sure the drivers for the network adapter are installed. They may not install automatically, so your devices will fail to see the PlunderBug in Wireshark or tcpdump.

https://docs.hak5.org/plunder-bug/getting-started/drivers
https://www.asix.com.tw/en/support/download

Link to comment
Share on other sites

  • 3 weeks later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...