.

Ethereal Packet Capturing

<<

Goders

Newbie
Newbie

Posts: 8

Joined: Sun Jan 01, 2006 6:52 pm

Post Sun Jan 01, 2006 6:57 pm

Ethereal Packet Capturing

Hello. I am running Windows XP Tablet Edition, Using the Intel(R) PRO/Wireless 2200BG , wireless card. I am trying to capture packets that are sent and recieved on my home network, but for some reason the only packets that I am recieving are those from my own computer. Also, the only way that I can capture them is if I am not in Promiscous Mode. Can someone please help me out?
<<

Dengar13

User avatar

Sr. Member
Sr. Member

Posts: 380

Joined: Tue Sep 20, 2005 8:43 am

Location: The Steel City

Post Mon Jan 02, 2006 1:51 am

Re: Ethereal Packet Capturing

Do you have a swich at home?  From my understanding, Ethereal must sit on a port on a switch.
A+, Net+, MCP, CEH
MCSE: Security/Messaging
MCSA: Security/Messaging
Former U.S. Marine and damn proud of it!
<<

Synister Syntax

User avatar

Newbie
Newbie

Posts: 2

Joined: Fri Dec 30, 2005 8:50 pm

Location: Baltimore, Maryland (USA)

Post Mon Jan 02, 2006 4:59 pm

Re: Ethereal Packet Capturing

This is typical for a switched network.  If you are using a Linksys or other recently produced consumer grade "router" then you are most likely on a switched network, therefore will only see broadcast packets and your own.  You could throw a hub in between the switch and modem, and sniff from there.

As far as modes go, some work in Promiscuous Mode, others do not.  You could pick up a cheap PCMCIA card at your local store if you want a card that supports Promiscuous Mode.

If you have any other questions, please feel free to ask.
Thanks,
SynSyn (Jay)

Team Tri*Nix
Network Manager, Server Administrator, Security Specialist
http://www.TeamTriNix.com
<<

AUGrad

Newbie
Newbie

Posts: 1

Joined: Tue Jan 03, 2006 8:16 am

Post Wed Jan 04, 2006 11:20 am

Re: Ethereal Packet Capturing

Another thing to consider: If you're connected to your network wirelessly and have other machines connected via wire, some home wireless routers put the wireless PC's and the wired PC's in different VLANs. You may have better luck sniffing broadcast traffic over a wired connection.
<<

Goders

Newbie
Newbie

Posts: 8

Joined: Sun Jan 01, 2006 6:52 pm

Post Tue Jan 17, 2006 10:12 pm

Re: Ethereal Packet Capturing

What about NAT networks, via wire of course?
<<

pcsneaker

Jr. Member
Jr. Member

Posts: 73

Joined: Mon Nov 07, 2005 12:23 pm

Post Wed Jan 18, 2006 5:09 am

Re: Ethereal Packet Capturing

From wiki.ethereal.com:
Windows

Capturing WLAN traffic on Windows depends on WinPcap and on the underlying network adapters and drivers. Unfortunately, most drivers/adapters support neither monitor mode, nor seeing 802.11 headers when capturing, nor capturing non-data frames.

Promiscuous mode can be set; unfortunately, it's often crippled. In this mode many drivers don't supply packets at all, or don't supply packets sent by the host.

If you experience any problems capturing packets on WLANs, try to switch promiscuous mode off. In this case you will have to capture traffic on the host you're interested in.

If anybody finds an adapter and driver that do support promiscuous mode, they should mention it at the bottom of this page, for the benefit of other users.

See [WWW]MicroLogix's list of wireless adapters, with indications of how well they work with WinPcap (Ethereal uses WinPcap to capture traffic on Windows), for information about particular adapters.
MCSA:Security (W2k, W2k3)
MCSE:Security (W2k, W2k3)
CPTS, Network+
<<

oyle

User avatar

Sr. Member
Sr. Member

Posts: 264

Joined: Mon Jan 02, 2006 11:19 am

Location: Cleveland Ohio

Post Wed Apr 05, 2006 7:02 pm

Re: Ethereal Packet Capturing

You also need to make sure you have the WinPCap packet capture library instsalled, or Ethereal will be severely crippled, and may not run at all. It is a free download, and I believe it is included when you download Ethereal, but you will still need to install it manually.
MCP, MCP+I, MCSA, MCSE(NT4/W2K), CCNA, CCA, NWCCC, VH-PIRTS, CEH
--------------------
"hackers are like jedi, crackers are like the sith: do not fall prey to the dark side".

From 1337 h4x0r h4ndb00k: "the ten laws of geek", law x
                  -Tapeworm

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 1 guest

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software