Analysing/sniffing packets on my wireless LAN questions

[Rikki]

Hey folks,

Just wondering if anyone can point me in the right direction on a way to sniff/inspect packets on my wireless LAN.

Eg: Run a program on my netbook that monitors wireless traffic and logs whats going in and out.

I've downloaded Wireshark and run it and it seems to be working but when I grab packet data and then on another laptop visit a website and do a search for the website name it doesnt show in the packet data.

Can someone shed some light on this for me as its all a bit unknown for me at present.

Many thanks,

R.

 

[Shadowssong]

Wireshark would only be showing the packets going between you and your router/switch.

 

[Rikki]

Seems to show traffic going between other ones as well, I can see the IP addresses for my PS3 and other laptop popping up?

 

[Shadowssong]

Ah ok, might be wrong then. Only traffic I see on my wireshark is my own traffic and arps

 

[Rikki]

Ill double check tonight but Im almost certain I saw the activity of other NICs listed, dont know if traffic was shown but Ill check.

 

[Zwitterion]

Haha this sounds legit.

"Guys why can't I see all the traffic everyone is sending over my network?? It's mine I promise." Also ARPs are broadcast packets, so yes you will be able to see them.

I don't see a rules thread so I hope this isn't against the rules but you are going to want to make sure your wireless card is capable of going into monitor mode. I will let you research the rest.

 

[archivalbackup]

Wireless is a hub domain, all packets are broadcast within the radio range.

You need to be able to put your wireless adapter in Promiscuous mode, which in my experience can not be done reliably in windows. Download a back-track live cd, and you will be golden.

 

[Rikki]

DL'd the BT4 ISO and put it on a USB drive. Boots up but its CLI driven I take it? This is on a Dell Mini 9.

 

[Monkey34]

DL'd the BT4 ISO and put it on a USB drive. Boots up but its CLI driven I take it? This is on a Dell Mini 9.

Huh...hadn't seen this distro , although I've seen some of the programs included in it before. I'm going to toy with it a bit. I'm not sure on the CLI......screenies show a debian desktop, so either the usb is CLI, or maybe you just need to root login and launch the GUI?

 

[Malk-a-mite]

You need to be able to put your wireless adapter in Promiscuous mode, which in my experience can not be done reliably in windows. Download a back-track live cd, and you will be golden.

Doesn't everyone keep a stack of old Cisco wireless cards just for that purpose?


(heh, I got ahold of two and guard them with my life )

 

[archivalbackup]

Doesn't everyone keep a stack of old Cisco wireless cards just for that purpose?


(heh, I got ahold of two and guard them with my life )

Good call, I need to dig through my wireless bin and see if I still have those around.

 

[Audiochris]

Huh...hadn't seen this distro , although I've seen some of the programs included in it before. I'm going to toy with it a bit. I'm not sure on the CLI......screenies show a debian desktop, so either the usb is CLI, or maybe you just need to root login and launch the GUI?

When you boot the live usb stick, you will automatically be logged in as root at the command line.

 

[Rikki]

From there how do load the program specific to capture the wireless data being transmitted and received? Thanks

 

[robertp221]

on backtrack once your logged in you can issue the startx command and that puts you in kde.