Sniffer Issues

Get the latest on wired & wireless, talk network setups, get help with connectivity problems, web hosts, etc.
Post Reply
User avatar
korin
Guru
Posts: 592
Joined: Wed Nov 08, 2006 5:51 pm

Sniffer Issues

Post by korin » Mon Sep 17, 2007 12:03 pm

I started up Wireshark today and was just playing around with some of them options. I tried to get some random packets off of my roommates computer as he was playing a game and surfing the web. I had the sniffer set to promiscuous mode and let it run for a little bit. But then I noticed that I was only getting traffic from my own computer. It never intercepted any packets from his computer. I also tried Ettercap, same thing, nothing.

I should say that my computer was running Windows XP Pro at the time, as was my roommate. We were connected via a wireless router, me on the wireless, and him wired.

I do have a Linux distro installed if I need to use it. Windows probably isn't the best OS for stuff like this, but I don't know.

Information from my router tells me that the router address is 192.168.11.1. My address is 192.168.11.2, and the roommates address is 192.168.11.3.

I don't really understand why it is only picking up my traffic and not his too. Any help is appreciated.

eleanor
Corporal
Posts: 126
Joined: Sun Nov 13, 2005 1:37 pm

Post by eleanor » Mon Sep 17, 2007 12:44 pm

This tools are not meant to be used for sniffing wireless packets (use kismet for that and then import all that into wireshark to see all the packets).

User avatar
GhostHawk
Ex-Mod
Posts: 1447
Joined: Wed Jul 30, 2003 12:10 am
Contact:

Post by GhostHawk » Mon Sep 17, 2007 3:28 pm

There is a Wireshark for wireless. The thing is, with sniffing on a wireless network you can typically only pickup packets between the AP and the machine the sniffer is on. It's the same way on a switched network, only on a switched network you can do some simple ARP Poisoning and get around that. Doesn't quite work that way over wireless. There is a way of doing a man-in-the-middle attack over wireless. You more or less setup your pc as a WAP with the same SSID as the wireless router, in a sense hijacking the whole wireless network. There are probably easier ways to do it, im just an old hacker and that's what I would do. If there is an easier way to do it, I would love to hear it. May save me some time lol.
Opinions are like ass holes, everyone has one. It is also my opinion, that I am an ass hole.

User avatar
korin
Guru
Posts: 592
Joined: Wed Nov 08, 2006 5:51 pm

Post by korin » Mon Sep 17, 2007 5:27 pm

Thanks GhostHawk for the informational post. I'm going to go research on the matter. I'll post back when I get some more information.

telcontar
31337 Martial Artist
Posts: 1898
Joined: Sat Feb 21, 2004 8:38 am
Location: /etc/login.defs
Contact:

Post by telcontar » Sat Sep 22, 2007 4:55 am

you might want to check things like this

http://www.wirelessve.org/entries/show/WVE-2006-0032
Fate favours the well prepared ...

Code: Select all

(A + 3, N - 1, X)

User avatar
korin
Guru
Posts: 592
Joined: Wed Nov 08, 2006 5:51 pm

Post by korin » Sat Sep 22, 2007 9:18 am

But it only becomes an AP for the wireless clients correct? And not for the clients connected to the router via an Ethernet cable...

telcontar
31337 Martial Artist
Posts: 1898
Joined: Sat Feb 21, 2004 8:38 am
Location: /etc/login.defs
Contact:

Post by telcontar » Sat Sep 22, 2007 9:30 am

correct, but it was more to do with GH's 'aside' on wireless MITM
There is a way of doing a man-in-the-middle attack over wireless. You more or less setup your pc as a WAP with the same SSID as the wireless router, in a sense hijacking the whole wireless network. There are probably easier ways to do it, im just an old hacker and that's what I would do. If there is an easier way to do it, I would love to hear it. May save me some time lol.
Thanks GhostHawk for the informational post. I'm going to go research on the matter. I'll post back when I get some more information.
which I thought you were interested in
Fate favours the well prepared ...

Code: Select all

(A + 3, N - 1, X)

User avatar
korin
Guru
Posts: 592
Joined: Wed Nov 08, 2006 5:51 pm

Post by korin » Sat Sep 22, 2007 9:29 pm

I was playing with a program I found the other day called Netcut. It basically just lets you select an ip on your network and cut off internet access for that machine. Well, it can see the other computer I've been trying to get at. And it does cut off the internet, I tested that.

http://www.arcai.com/modules/smartfaq/faq.php?faqid=4

It uses ARP Spoofing from what the FAQ says.

fivefold
htd0rg lieutenant
Posts: 412
Joined: Thu Feb 23, 2006 5:02 pm
Location: YXJlbid0IHlvdSBjbGV2ZXIu

Post by fivefold » Sun Sep 23, 2007 12:05 am

GhostHawk wrote:There is a Wireshark for wireless. The thing is, with sniffing on a wireless network you can typically only pickup packets between the AP and the machine the sniffer is on.
I don't know about that. I have sat on a public wlan before with a sniffer and intercepted web traffic, and I was able to hijack web-authenticated sessions. You might be talking about something else, I'm not sure.

@korin: without looking at that guide, it sounds like what netcut is doing is poisoning the arp cache of the target for the gateway's ip-mac pair to just point to some arbitrary address. That would cut off the internets.
Buffalo buffalo Buffalo buffalo buffalo buffalo Buffalo buffalo.

pointlessmunky
n00b
Posts: 8
Joined: Sun Jan 06, 2008 3:15 am

Post by pointlessmunky » Thu Jan 10, 2008 10:49 pm

i can do the exact sthing you are trying to do with cain, using wireless and stealing wired packets.
There once was a man named Dave,
who kept a dead whore in his cave,
you gotta admit, it smelled like shit,
but think of the money he saved!

User avatar
hormesis
Veteran
Posts: 679
Joined: Wed May 17, 2006 3:27 pm
Location: irc.tddirc.net #hackerthreads

Post by hormesis » Thu Jan 10, 2008 11:08 pm

pointlessmunky wrote:i can do the exact sthing you are trying to do with cain, using wireless and stealing wired packets.
Congratulations, you just woke up an old thread. We're throwing you a celebration at the Rules thread.

Post Reply