Sniffer Issues
- korin
- Guru
- Posts: 592
- Joined: Wed Nov 08, 2006 5:51 pm
Sniffer Issues
I started up Wireshark today and was just playing around with some of them options. I tried to get some random packets off of my roommates computer as he was playing a game and surfing the web. I had the sniffer set to promiscuous mode and let it run for a little bit. But then I noticed that I was only getting traffic from my own computer. It never intercepted any packets from his computer. I also tried Ettercap, same thing, nothing.
I should say that my computer was running Windows XP Pro at the time, as was my roommate. We were connected via a wireless router, me on the wireless, and him wired.
I do have a Linux distro installed if I need to use it. Windows probably isn't the best OS for stuff like this, but I don't know.
Information from my router tells me that the router address is 192.168.11.1. My address is 192.168.11.2, and the roommates address is 192.168.11.3.
I don't really understand why it is only picking up my traffic and not his too. Any help is appreciated.
I should say that my computer was running Windows XP Pro at the time, as was my roommate. We were connected via a wireless router, me on the wireless, and him wired.
I do have a Linux distro installed if I need to use it. Windows probably isn't the best OS for stuff like this, but I don't know.
Information from my router tells me that the router address is 192.168.11.1. My address is 192.168.11.2, and the roommates address is 192.168.11.3.
I don't really understand why it is only picking up my traffic and not his too. Any help is appreciated.
- GhostHawk
- Ex-Mod
- Posts: 1447
- Joined: Wed Jul 30, 2003 12:10 am
- Contact:
There is a Wireshark for wireless. The thing is, with sniffing on a wireless network you can typically only pickup packets between the AP and the machine the sniffer is on. It's the same way on a switched network, only on a switched network you can do some simple ARP Poisoning and get around that. Doesn't quite work that way over wireless. There is a way of doing a man-in-the-middle attack over wireless. You more or less setup your pc as a WAP with the same SSID as the wireless router, in a sense hijacking the whole wireless network. There are probably easier ways to do it, im just an old hacker and that's what I would do. If there is an easier way to do it, I would love to hear it. May save me some time lol.
Opinions are like ass holes, everyone has one. It is also my opinion, that I am an ass hole.
-
- 31337 Martial Artist
- Posts: 1898
- Joined: Sat Feb 21, 2004 8:38 am
- Location: /etc/login.defs
- Contact:
Fate favours the well prepared ...
Code: Select all
(A + 3, N - 1, X)
-
- 31337 Martial Artist
- Posts: 1898
- Joined: Sat Feb 21, 2004 8:38 am
- Location: /etc/login.defs
- Contact:
correct, but it was more to do with GH's 'aside' on wireless MITM
There is a way of doing a man-in-the-middle attack over wireless. You more or less setup your pc as a WAP with the same SSID as the wireless router, in a sense hijacking the whole wireless network. There are probably easier ways to do it, im just an old hacker and that's what I would do. If there is an easier way to do it, I would love to hear it. May save me some time lol.
which I thought you were interested inThanks GhostHawk for the informational post. I'm going to go research on the matter. I'll post back when I get some more information.
Fate favours the well prepared ...
Code: Select all
(A + 3, N - 1, X)
- korin
- Guru
- Posts: 592
- Joined: Wed Nov 08, 2006 5:51 pm
I was playing with a program I found the other day called Netcut. It basically just lets you select an ip on your network and cut off internet access for that machine. Well, it can see the other computer I've been trying to get at. And it does cut off the internet, I tested that.
http://www.arcai.com/modules/smartfaq/faq.php?faqid=4
It uses ARP Spoofing from what the FAQ says.
http://www.arcai.com/modules/smartfaq/faq.php?faqid=4
It uses ARP Spoofing from what the FAQ says.
-
- htd0rg lieutenant
- Posts: 412
- Joined: Thu Feb 23, 2006 5:02 pm
- Location: YXJlbid0IHlvdSBjbGV2ZXIu
I don't know about that. I have sat on a public wlan before with a sniffer and intercepted web traffic, and I was able to hijack web-authenticated sessions. You might be talking about something else, I'm not sure.GhostHawk wrote:There is a Wireshark for wireless. The thing is, with sniffing on a wireless network you can typically only pickup packets between the AP and the machine the sniffer is on.
@korin: without looking at that guide, it sounds like what netcut is doing is poisoning the arp cache of the target for the gateway's ip-mac pair to just point to some arbitrary address. That would cut off the internets.
Buffalo buffalo Buffalo buffalo buffalo buffalo Buffalo buffalo.
-
- n00b
- Posts: 8
- Joined: Sun Jan 06, 2008 3:15 am
- hormesis
- Veteran
- Posts: 679
- Joined: Wed May 17, 2006 3:27 pm
- Location: irc.tddirc.net #hackerthreads
Congratulations, you just woke up an old thread. We're throwing you a celebration at the Rules thread.pointlessmunky wrote:i can do the exact sthing you are trying to do with cain, using wireless and stealing wired packets.