Results 1 to 6 of 6

Thread: cant sniff outgoing packets

  1. #1
    Junior Member
    Join Date
    Feb 2003
    Posts
    8

    cant sniff outgoing packets

    hi all!

    i have the problem that i cant sniff outgoing packets with my pc.

    system:

    winxp
    3com wireless-lan card
    sniffer: ethereal, ettercap (driver winpcap 2.3)

    does anybody know on what the problem relies? (os, wireless,...)

    thx for answers

    strahl3Mann

  2. #2
    Junior Member
    Join Date
    Sep 2003
    Posts
    27
    Found another Sniffer which might do the job,

    Kismet is an 802.11 wireless network sniffer - this is different from a normal network sniffer (such as Ethereal or tcpdump) because it separates and identifies different wireless networks in the area. Kismet works with any 802.11b wireless card which is capable of reporting raw packets (rfmon support), which include any prism2 based card (Linksys, D-Link, Rangelan, etc), Cisco Aironet cards, and Orinoco based cards. Kismet also supports the WSP100 802.11b remote sensor by Network Chemistry and is able to monitor 802.11a networks with cards which use the ar5k chipset.

    http://www.kismetwireless.net/

    They do give a Faq on this problem at the ethereal website ,did u have a look there??

    scroll down to Q 5.20

    http://www.ethereal.com/faq.html

    Sorry if its not much help,
    The only way to make your PC go faster is to throw it out the window
    Reading computer manuals without the hardware is as frustrating as reading sex manuals without the software.
    A computer once beat me at chess, but it was no match for me at kick boxing

  3. #3
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,885
    The first thing I would do is get WinPcap 3.0 or better. I'm not sure if the 2.X version is capable of assembling wireless frames such as IVs, etc.. The next thing I would look at is exactly what steps you are taking to start the capture. Are you using tcpdump filters? You need to give us a little more meat to work with.

    A really good packet sniffer for beginners is made by analogx. Go to http://www.analogx.com/contents/down...twork/pmon.htm and download packetmon. See if this little guy works for you.

    Kismet is an 802.11 wireless network sniffer
    Yes, Kismet is quite nice but it runs on *nix and it is used to identify WAPs. Ethereal is an add-on to the product. Also, this fella is running XP so he wont have much use for Kismet.



    --TH13
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  4. #4
    Junior Member
    Join Date
    Feb 2003
    Posts
    8
    @lozond: thx for answer ... but i cant use kismet cause i dont have *nix

    @thehorse13:

    i got wpcap 3.0 and analogx packetmon and installed it...still cant see outgoing packets.
    i dont use any filters or something else.

    before i noticed that the packets going out from my pc are displayed..but not the ones from other pcs..:/

    thx

    strahl3Mann

  5. #5
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,885
    Well remember, in a true switched environment you will not see certain traffic. It all depends on where you are connected on the network. For instance, I am on 10.1.1.10 in a switched network. If my target is on 10.1.2.20 which is on another physical segment, I wont see his traffic (but I will see broadcasts and multicasts). Now, if I was able to plug into a management port then I'd see everything that was passing through the device. Make sense?
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  6. #6
    Junior Member
    Join Date
    Feb 2003
    Posts
    8
    yeah it makes sense..but...my target IS in the same phys. segment (and 1m away from me ) , we use the same access point.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •