-
September 25th, 2003, 09:56 AM
#1
Junior Member
cant sniff outgoing packets
hi all!
i have the problem that i cant sniff outgoing packets with my pc.
system:
winxp
3com wireless-lan card
sniffer: ethereal, ettercap (driver winpcap 2.3)
does anybody know on what the problem relies? (os, wireless,...)
thx for answers
strahl3Mann
-
September 25th, 2003, 10:05 AM
#2
Junior Member
Found another Sniffer which might do the job,
Kismet is an 802.11 wireless network sniffer - this is different from a normal network sniffer (such as Ethereal or tcpdump) because it separates and identifies different wireless networks in the area. Kismet works with any 802.11b wireless card which is capable of reporting raw packets (rfmon support), which include any prism2 based card (Linksys, D-Link, Rangelan, etc), Cisco Aironet cards, and Orinoco based cards. Kismet also supports the WSP100 802.11b remote sensor by Network Chemistry and is able to monitor 802.11a networks with cards which use the ar5k chipset.
http://www.kismetwireless.net/
They do give a Faq on this problem at the ethereal website ,did u have a look there??
scroll down to Q 5.20
http://www.ethereal.com/faq.html
Sorry if its not much help,
The only way to make your PC go faster is to throw it out the window
Reading computer manuals without the hardware is as frustrating as reading sex manuals without the software.
A computer once beat me at chess, but it was no match for me at kick boxing
-
September 25th, 2003, 11:22 AM
#3
The first thing I would do is get WinPcap 3.0 or better. I'm not sure if the 2.X version is capable of assembling wireless frames such as IVs, etc.. The next thing I would look at is exactly what steps you are taking to start the capture. Are you using tcpdump filters? You need to give us a little more meat to work with.
A really good packet sniffer for beginners is made by analogx. Go to http://www.analogx.com/contents/down...twork/pmon.htm and download packetmon. See if this little guy works for you.
Kismet is an 802.11 wireless network sniffer
Yes, Kismet is quite nice but it runs on *nix and it is used to identify WAPs. Ethereal is an add-on to the product. Also, this fella is running XP so he wont have much use for Kismet.
--TH13
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
-
September 25th, 2003, 06:20 PM
#4
Junior Member
@lozond: thx for answer ... but i cant use kismet cause i dont have *nix
@thehorse13:
i got wpcap 3.0 and analogx packetmon and installed it...still cant see outgoing packets.
i dont use any filters or something else.
before i noticed that the packets going out from my pc are displayed..but not the ones from other pcs..:/
thx
strahl3Mann
-
September 25th, 2003, 08:41 PM
#5
Well remember, in a true switched environment you will not see certain traffic. It all depends on where you are connected on the network. For instance, I am on 10.1.1.10 in a switched network. If my target is on 10.1.2.20 which is on another physical segment, I wont see his traffic (but I will see broadcasts and multicasts). Now, if I was able to plug into a management port then I'd see everything that was passing through the device. Make sense?
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
-
September 25th, 2003, 08:52 PM
#6
Junior Member
yeah it makes sense..but...my target IS in the same phys. segment (and 1m away from me ) , we use the same access point.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|