Spying On My Own Wireless Network

THOMO said:
sounds like trying to capture other peoples details/logins/passwords when they login to their accounts with their netbooks/smartphones whilst at your house using your network.

Why anyone using a netbook/smartphone on their own network would need to capture their own login details to a downstairs pc eludes me, sounds very suspicious IMO.
Click to expand...

Obviously I know my own login details, I know my own router settings, I know everything already. I am doing this as a learning process and I thought trying to sniff out my own login details on my own network would be a good place to start. I am sorry you feel this way but I am not doing this for malicious purposes. If you still think this, you can decide not to talk to me.

ShadowStriker said:
The HardForums and Facebook don't log in the same way. The only information you'll be able to pull will be under the Secure Socket Layer section, in the middle of that picture.

If you click the packet that says "GET /home.php? HTTP/1.1" in the middle of your screen you should be able to see in one of the sections that says "cookie blah blah blah"

The cookie won't show password or usename though, just the validation "certificate".
Click to expand...

I inspected the "GET /home.php? HTTP/1.1" packet and ran a search on the word "cookie" nothing was found. Any ideas? I will try capturing Hardforum logins tonight but I have to go in a minute.
 
deadman_uk said:
I inspected the "GET /home.php? HTTP/1.1" packet and ran a search on the word "cookie" nothing was found. Any ideas? I will try capturing Hardforum logins tonight but I have to go in a minute.
Click to expand...
This is the packet I'm talking about. You should be getting the same thing. My frames are sized different than yours though.
 
ShadowStriker said:
This is the packet I'm talking about. You should be getting the same thing. My frames are sized different than yours though.
Click to expand...

I see it now, thanks for the picture. Mine says:

Cookie: datr=N1QKTciCmTuueGzdBIRIbmFK; lu=Tgxk1sPTh442R6g4gGv2ZvNQ; locale=en_GB; c_user=100001733247050; cur_max_lag=20; L=20; made_write_conn=1292524907; sct=1292524907; sid=1; W=1292524907; xs=398901e355588d2ea6583006f9fc949b\r\n

How do I turn this into something I can login to on a website such as Facebook or Hardforum?
 
i've got an asa5505 running span and I've got an access point that is capturing the traffic. I've got wireshark running in a virtual machine..i'm getting all the traffic captured..i just dont' know what to do with wireshark yet.. anybody got any tips?
 
ShadowStriker said:
That, someone else will have to answer. :p
Click to expand...

I now know what to do with the cookie information, however, I can only obtain this information when I logon to a website using the main PC. When I log on to the two mobiles I have or my netbook, Wireshark doesn't produce anything relevant.

I had big hopes to do more advanced stuff by now but it looks like I've fallen at the first hurdle.
 
yes.. your own network... good cover! :p

kidding aside... depending on what type of internet connection you have (ie, does your router receive it's WAN IP via DHCP or PPPoE?) you may be able to get away with placing a HUB, a plain ole dumb HUB, between the router and modem, then plug your desktop into the hub (obviously, with PPPoE, your desktop won't get internet and with DHCP it will be more vulnerable to internet attacks); but then all traffic destined to/from the ISP network will also get pushed down all the HUB ports, so you will be able to see it in Wireshark.

edit: although, you may not see the source address/computer correctly. I haven't actually attempted anything like this, so I'm not sure what info you would actually see.

As has been mentioned a couple times, switches are "smart" hubs. It has an internal NAT table. The switch "knows" which port to send a data packet down. It knows which port the recipient computer exists on. Whereas a hub is dumb; it broadcasts all packets/data down all ports.

the only other alternative would allow you to only "spy" on the wireless. That is, install a wireless adapter in your desktop and connect to your wireless. Since wireless is similar to a hub. All wireless devices receive all data transmitted, not just the data/traffic destined for them.
 
Last edited:
j-sta said:
yes.. your own network... good cover! :p

kidding aside... depending on what type of internet connection you have (ie, does your router receive it's WAN IP via DHCP or PPPoE?) you may be able to get away with placing a HUB, a plain ole dumb HUB, between the router and modem, then plug your desktop into the hub (obviously, with PPPoE, your desktop won't get internet and with DHCP it will be more vulnerable to internet attacks); but then all traffic destined to/from the ISP network will also get pushed down all the HUB ports, so you will be able to see it in Wireshark.

edit: although, you may not see the source address/computer correctly. I haven't actually attempted anything like this, so I'm not sure what info you would actually see.

As has been mentioned a couple times, switches are "smart" hubs. It has an internal NAT table. The switch "knows" which port to send a data packet down. It knows which port the recipient computer exists on. Whereas a hub is dumb; it broadcasts all packets/data down all ports.

the only other alternative would allow you to only "spy" on the wireless. That is, install a wireless adapter in your desktop and connect to your wireless. Since wireless is similar to a hub. All wireless devices receive all data transmitted, not just the data/traffic destined for them.
Click to expand...

It's PPPoE in my router settings. I'm not prepared to pay money for equipment just for a learning experience like this. I don't have a wireless adapter (I did 3 days ago though!) so I cannot try that either. It looks like I am not going to be able to do this, but I have learnt a lot in the process. Thanks all for trying :(
 
j-sta said:
yes.. your own network... good cover! :p

kidding aside... depending on what type of internet connection you have (ie, does your router receive it's WAN IP via DHCP or PPPoE?) you may be able to get away with placing a HUB, a plain ole dumb HUB, between the router and modem, then plug your desktop into the hub (obviously, with PPPoE, your desktop won't get internet and with DHCP it will be more vulnerable to internet attacks); but then all traffic destined to/from the ISP network will also get pushed down all the HUB ports, so you will be able to see it in Wireshark.

edit: although, you may not see the source address/computer correctly. I haven't actually attempted anything like this, so I'm not sure what info you would actually see.

As has been mentioned a couple times, switches are "smart" hubs. It has an internal NAT table. The switch "knows" which port to send a data packet down. It knows which port the recipient computer exists on. Whereas a hub is dumb; it broadcasts all packets/data down all ports.

the only other alternative would allow you to only "spy" on the wireless. That is, install a wireless adapter in your desktop and connect to your wireless. Since wireless is similar to a hub. All wireless devices receive all data transmitted, not just the data/traffic destined for them.
Click to expand...

Still wont see wireless-wireless traffic.
Also the switch does not keep a "nat table" it has a table of which MAC addresses are connected to which port.
 
MavsX said:
i've got an asa5505 running span and I've got an access point that is capturing the traffic. I've got wireshark running in a virtual machine..i'm getting all the traffic captured..i just dont' know what to do with wireshark yet.. anybody got any tips?
Click to expand...

Dude you have never used wireshark before?
 
You could try an ARP poison, but I don't know how successful that would be on an integrated router/switch.

Alternatively, you could try setting all your wireless devices to static IPs in your network's subnet (e.g. 192.168.1.xxx for typical home networks). Set their default gateway to your desktop's IP address (probably want to make it static as well, but not necessary).

Then on your desktop enable TCP/IP forwarding. In Windows, open registry editor and go to HKEY_Local_Machine\System\CurrentControlSet\services\Tcpip\Parameters and change the IPEnableRouter key to 1. Reboot (not sure that's necessary). Everything should work as it did, except now your desktop can see all the internet bound packets from the wireless clients.
 
ryan_975 said:
Alternatively, you could try setting all your wireless devices to static IPs in your network's subnet (e.g. 192.168.1.xxx for typical home networks). Set their default gateway to your desktop's IP address (probably want to make it static as well, but not necessary).

Then on your desktop enable TCP/IP forwarding. In Windows, open registry editor and go to HKEY_Local_Machine\System\CurrentControlSet\services\Tcpip\Parameters and change the IPEnableRouter key to 1. Reboot (not sure that's necessary). Everything should work as it did, except now your desktop can see all the internet bound packets from the wireless clients.
Click to expand...

I've no idea how to set static IPs for each of my wireless devices. I also don't know how to access my networks subnet. I can access the D-Link router settings from http://192.168.0.1 is this where I do everything? If so, I had a look and there are lots of options so I am really confused. I can provide you screenshots of the various settings if you are willing to help me. According to the router page, my internet connection is DHCP which I can change to static ip from a drop down box, but then it asks for an ip to enter and says in brackets (assigned by your ISP)
 
deadman_uk said:
I've no idea how to set static IPs for each of my wireless devices. I also don't know how to access my networks subnet. I can access the D-Link router settings from http://192.168.0.1 is this where I do everything? If so, I had a look and there are lots of options so I am really confused. I can provide you screenshots of the various settings if you are willing to help me. According to the router page, my internet connection is DHCP which I can change to static ip from a drop down box, but then it asks for an ip to enter and says in brackets (assigned by your ISP)
Click to expand...

you need to set those in the "properties" of each network connection , on each computer

start control panel, network connections, right click on local area connetion and go to properties, select tcp/ip and give them a static. something like 192.168.1.50 255.255.255.0
 
MavsX said:
you need to set those in the "properties" of each network connection , on each computer

start control panel, network connections, right click on local area connetion and go to properties, select tcp/ip and give them a static. something like 192.168.1.50 255.255.255.0
Click to expand...

what about setting dhcp on his router to assign everything?
 
AMD_Gamer said:
Still wont see wireless-wireless traffic.
Also the switch does not keep a "nat table" it has a table of which MAC addresses are connected to which port.
Click to expand...

sorry, ARP table would be the correct term.
 
Its a MAC table. ARP uses Layer 3, so unless you're using a brouter, it can only handle Layer 2.
 
MavsX said:
you need to set those in the "properties" of each network connection , on each computer

start control panel, network connections, right click on local area connetion and go to properties, select tcp/ip and give them a static. something like 192.168.1.50 255.255.255.0
Click to expand...

So the mobiles and the netbook would show in Network connections on the main PC? If so, I do not see them on there.

I think this is becoming far too complex and I was hoping for a simple solution just to get me started but I have been really put off by how complex everyting is lol. It doesn't look like I am going to achieve what I wanted, not unless I purchase a hub or network card.
 
deadman_uk said:
I've no idea how to set static IPs for each of my wireless devices.
Click to expand...

you are talking about ARP poisoning and traffic hijacking when you dont even know how to set an IP. you need to learn to walk before you can run here. i suggest going to wikipedia and reading for several hours (at least). start with the OSI model, some basic networking stuff, switches vs hubs, 802.11 standards, basic encryption, how WEP actually works, what a "MTU" is.... the list goes on and on. keep following links to terms you dont understand or that interest you.

one thread on [H] wont turn you into a ma$ter haxor, unfortunately. the problem with having us tell you exactly how to do something letter by letter, is that you never understand why any of it works. you wont be learning anything useful because it doesnt relate to anything else you already know. which makes me suspicious that you are really doing this to gain illegal access to someone else's network, because you wont really learn much from this.
 
Last edited:
If you had a decent router you could install tomato and set up a span port off the router. This would allow you to use wireshark, tcpdump, or damonlogger to record all the traffic off your internal network. You could place a hub between your cable modem and current router but you will only see the NAT'd address when you capture the traffic. You could also setup a wireless sniffer to record all the traffic but I think the better solution would be my first suggestion. The wireless sniffer will turn into a headache.
 
he could also install a cheap wireless usb or pci card on his desktop and have it connected to his wireless network and his current nic as it is. I think wireshark can capture from two different nics at the same time?
 
AMD_Gamer said:
it all started when somebody recommended he use backtrack when it was already established he knows pretty much nothing about networking lol.
Click to expand...

I posted semi technical details on page 1...

My mistake lol
 
Ok guys, I will do some learning how networking and maybe then this will make more sense. I have no intention of hacking anyones network other than my own. Thanks for all the comments, I appreciate them all and I will try some of the thing suggested here in the close future.
 
You must log in or register to reply here.
Back
Top