HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 33 guests online
 
Advertisement

You are here: Home arrow Ethical Hacking Discussions and Related Certificationsarrow Network Pen Testingarrow Ethereal Packet Capturing
EH-Net
May 24, 2013, 03:26:21 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Go back to The Ethical Hacker Network Online Magazine Home Page
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Ethereal Packet Capturing  (Read 14403 times)
0 Members and 1 Guest are viewing this topic.
Goders
Newbie
*
Offline Offline

Posts: 8


View Profile
« on: January 01, 2006, 05:57:00 PM »
Hello. I am running Windows XP Tablet Edition, Using the Intel(R) PRO/Wireless 2200BG , wireless card. I am trying to capture packets that are sent and recieved on my home network, but for some reason the only packets that I am recieving are those from my own computer. Also, the only way that I can capture them is if I am not in Promiscous Mode. Can someone please help me out?
Logged
Dengar13
Sr. Member
****
Offline Offline

Posts: 380



View Profile
« Reply #1 on: January 02, 2006, 12:51:03 AM »
Do you have a swich at home?  From my understanding, Ethereal must sit on a port on a switch.
Logged
A+, Net+, MCP, CEH
MCSE: Security/Messaging
MCSA: Security/Messaging
Former U.S. Marine and damn proud of it!
Synister Syntax
Newbie
*
Offline Offline

Posts: 2


Tri*Nix


View Profile WWW
« Reply #2 on: January 02, 2006, 03:59:49 PM »
This is typical for a switched network.  If you are using a Linksys or other recently produced consumer grade "router" then you are most likely on a switched network, therefore will only see broadcast packets and your own.  You could throw a hub in between the switch and modem, and sniff from there.

As far as modes go, some work in Promiscuous Mode, others do not.  You could pick up a cheap PCMCIA card at your local store if you want a card that supports Promiscuous Mode.

If you have any other questions, please feel free to ask.
Logged
Thanks,
SynSyn (Jay)

Team Tri*Nix
Network Manager, Server Administrator, Security Specialist
http://www.TeamTriNix.com
AUGrad
Newbie
*
Offline Offline

Posts: 1


View Profile
« Reply #3 on: January 04, 2006, 10:20:02 AM »
Another thing to consider: If you're connected to your network wirelessly and have other machines connected via wire, some home wireless routers put the wireless PC's and the wired PC's in different VLANs. You may have better luck sniffing broadcast traffic over a wired connection.
Logged
Goders
Newbie
*
Offline Offline

Posts: 8


View Profile
« Reply #4 on: January 17, 2006, 09:12:35 PM »
What about NAT networks, via wire of course?
Logged
pcsneaker
Jr. Member
**
Offline Offline

Posts: 73


View Profile
« Reply #5 on: January 18, 2006, 04:09:12 AM »
From wiki.ethereal.com:
Quote
Windows

Capturing WLAN traffic on Windows depends on WinPcap and on the underlying network adapters and drivers. Unfortunately, most drivers/adapters support neither monitor mode, nor seeing 802.11 headers when capturing, nor capturing non-data frames.

Promiscuous mode can be set; unfortunately, it's often crippled. In this mode many drivers don't supply packets at all, or don't supply packets sent by the host.

If you experience any problems capturing packets on WLANs, try to switch promiscuous mode off. In this case you will have to capture traffic on the host you're interested in.

If anybody finds an adapter and driver that do support promiscuous mode, they should mention it at the bottom of this page, for the benefit of other users.

See [WWW]MicroLogix's list of wireless adapters, with indications of how well they work with WinPcap (Ethereal uses WinPcap to capture traffic on Windows), for information about particular adapters.
Logged
MCSA:Security (W2k, W2k3)
MCSE:Security (W2k, W2k3)
CPTS, Network+
Oyle
Sr. Member
****
Offline Offline

Posts: 264


"Man. Nature. Technology".


View Profile WWW
« Reply #6 on: April 05, 2006, 07:02:33 PM »
You also need to make sure you have the WinPCap packet capture library instsalled, or Ethereal will be severely crippled, and may not run at all. It is a free download, and I believe it is included when you download Ethereal, but you will still need to install it manually.
Logged
MCP, MCP+I, MCSA, MCSE(NT4/W2K), CCNA, CCA, NWCCC, VH-PIRTS, CEH
--------------------
"hackers are like jedi, crackers are like the sith: do not fall prey to the dark side".

From 1337 h4x0r h4ndb00k: "the ten laws of geek", law x
                  -Tapeworm
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.057 seconds with 22 queries.
 
Exclusive Deal

sansfire13_245x90_cw90.jpg
SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013
Polls
Compared to this year, 2013 will be:
 
Recent Forum Topics
EH-Net News Feeds
Latest Additions
 
         
Advertisement

© 2013 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.