.

SPAN over wifi

<<

kerpap

User avatar

Newbie
Newbie

Posts: 8

Joined: Tue Jul 08, 2008 2:55 pm

Post Fri Jun 15, 2012 4:56 am

SPAN over wifi

is there a way to sniff all network traffic on an AP similar to SPAN on a switch?
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Fri Jun 15, 2012 7:53 am

Re: SPAN over wifi

Removed my last reply (sorry,) as I'd misread your post, the first time.

That said, if you can talk to wired clients from your wireless, and vice versa, then a hint might be to start Googling "ARP poisoning"  ;)

That's how many people bypass the need for a 'monitor' port on a switched network, etc, to successfully sniff.
Last edited by hayabusa on Fri Jun 15, 2012 8:08 am, edited 1 time in total.
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Fri Jun 15, 2012 8:12 am

Re: SPAN over wifi

~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

hell_razor

User avatar

Jr. Member
Jr. Member

Posts: 90

Joined: Wed Jul 14, 2010 10:44 am

Post Fri Jun 15, 2012 9:17 am

Re: SPAN over wifi

802.11 is a broadcast medium.  You can capture all packets, up to the bandwidth of your capture device, freely.  The potential issue is being able to decrypt all of the packets, which should also not be a problem if you have the appropriate keys to the data (PSK hopefully).
A+, Network+, Server+, CISSP, GSEC, GCIH, GPEN, GCIA, GISP, GCFW
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Fri Jun 15, 2012 1:26 pm

Re: SPAN over wifi

@hell_razor - that's the response I started to lead with, but I think he's looking to sniff the wired ports and traffic, too.  IE - not just broadcast traffic and such on the wireless, but BOTH wireless and wired clients, such that directed, wired ip traffic (host ip to host ip on wired side) are also seen.

Then again, maybe I DOUBLE mis-interpreted, and you're correct in what he wanted, in which case... DOH!  :P
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

hell_razor

User avatar

Jr. Member
Jr. Member

Posts: 90

Joined: Wed Jul 14, 2010 10:44 am

Post Fri Jun 15, 2012 5:03 pm

Re: SPAN over wifi

I probably read AP a little too literally, was thinking a simple AP rather than a router with a hub bridged on it...will blame it on being Friday...
A+, Network+, Server+, CISSP, GSEC, GCIH, GPEN, GCIA, GISP, GCFW
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Fri Jun 15, 2012 7:35 pm

Re: SPAN over wifi

Either way, hopefully we gave him what he wanted.
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

WCNA

User avatar

Full Member
Full Member

Posts: 187

Joined: Wed Mar 02, 2011 8:05 am

Location: Florida

Post Sat Jun 16, 2012 10:15 am

Re: SPAN over wifi

Check out airmon-ng. Then run wireshark on mon0.
ISC2 Associate, WCNA, CWNA, OSCP, Network+
<<

kerpap

User avatar

Newbie
Newbie

Posts: 8

Joined: Tue Jul 08, 2008 2:55 pm

Post Tue Jun 19, 2012 7:52 pm

Re: SPAN over wifi

thanks for all the feedback.

it is an abstract question. I set up a span port on my switch to monitor traffic. the config on my switch will send all traffic since the AP is connected to a switch.

this is all really just for fun anyway.

it got me wondering if there was a way to send the same thing over the air to my laptop. I realize that in an actual production environment that is really stupid. this is purely just for fun at home with my lab

i'll keep playing around. another thing I thought was set an AP up on the SPAN port of the switch although I dont really see how that will work. I might try configuring the AP as a repeater so perhaps the traffic will get broadcast.

Return to Wireless

Who is online

Users browsing this forum: No registered users and 0 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software