Jump to content

Wireshark Help!

KraftDinner
By KraftDinner
in Networking
 Share
Posted

I'm trying to get a grasp on networking and a great administrative tool is Wireshark, I find it super helpful analyzing all the protocols it helps me really understand how it all comes together. But it seems like I'm only getting captures from my local machine, is there a way to capture all network traffic within a LAN? I basically want to analyze all traffic on my home network over wireless, not ethernet, I can't seem to capture anything except for traffic on my local machine, could someone please clarify? Thanks!

 

EDIT: I should probably clarify that I've done tons of packet captures with wireshark over wired connections, but im really curious and determined to get it working of wireless now 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

I'm trying to get a grasp on networking and a great administrative tool is Wireshark, I find it super helpful analyzing all the protocols it helps me really understand how it all comes together. But it seems like I'm only getting captures from my local machine, is there a way to capture all network traffic within a LAN? I basically want to analyze all traffic on my home network over wireless, not ethernet, I can't seem to capture anything except for traffic on my local machine, could someone please clarify? Thanks!

I wouldn't recommend learning how a LAN works with wireshark lol .___.

Want a good game to play?  Check out Shadowrun: http://store.steampowered.com/app/300550/ (runs on literally any hardware)

 

another 12 core / 24 thread senpai...     (/. _ .)/     \(. _ .\)

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

I'm trying to get a grasp on networking and a great administrative tool is Wireshark, I find it super helpful analyzing all the protocols it helps me really understand how it all comes together. But it seems like I'm only getting captures from my local machine, is there a way to capture all network traffic within a LAN? I basically want to analyze all traffic on my home network over wireless, not ethernet, I can't seem to capture anything except for traffic on my local machine, could someone please clarify? Thanks!

Yeah this is not a great way to learn.  Not sure how well wireless capture even works on wireshark, in all of my networking classes we always use it on a wired connection.

QUOTE ME OR I PROBABLY WON'T SEE YOUR RESPONSE 

My Setup:

 

Desktop

Spoiler

CPU: Ryzen 9 3900X  CPU Cooler: Noctua NH-D15  Motherboard: Asus Prime X370-PRO  RAM: 32GB Corsair Vengeance LPX DDR4 @3200MHz  GPU: EVGA RTX 2080 FTW3 ULTRA (+50 core +400 memory)  Storage: 1050GB Crucial MX300, 1TB Crucial MX500  PSU: EVGA Supernova 750 P2  Chassis: NZXT Noctis 450 White/Blue OS: Windows 10 Professional  Displays: Asus MG279Q FreeSync OC, LG 27GL850-B

 

Main Laptop:

Spoiler

Laptop: Sager NP 8678-S  CPU: Intel Core i7 6820HK @ 2.7GHz  RAM: 32GB DDR4 @ 2133MHz  GPU: GTX 980m 8GB  Storage: 250GB Samsung 850 EVO M.2 + 1TB Samsung 850 Pro + 1TB 7200RPM HGST HDD  OS: Windows 10 Pro  Chassis: Clevo P670RG  Audio: HyperX Cloud II Gunmetal, Audio Technica ATH-M50s, JBL Creature II

 

Thinkpad T420:

Spoiler

CPU: i5 2520M  RAM: 8GB DDR3  Storage: 275GB Crucial MX30

 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author

I wouldn't recommend learning how a LAN works with wireshark lol .___.

 

 

Yeah this is not a great way to learn.  Not sure how well wireless capture even works on wireshark, in all of my networking classes we always use it on a wired connection.

Yeah I know what you guys are saying, I should've clarified that I have messed around plenty with wireshark on a wired connection. I set up a switch and traced all the packets flowing through which worked flawlessly it was awesome. I honestly just want to know how to trace it over a wireless network for shits and giggles / curiosity 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

I'm trying to get a grasp on networking and a great administrative tool is Wireshark, I find it super helpful analyzing all the protocols it helps me really understand how it all comes together. But it seems like I'm only getting captures from my local machine, is there a way to capture all network traffic within a LAN? I basically want to analyze all traffic on my home network over wireless, not ethernet, I can't seem to capture anything except for traffic on my local machine, could someone please clarify? Thanks!

 

EDIT: I should probably clarify that I've done tons of packet captures with wireshark over wired connections, but im really curious and determined to get it working of wireless now 

Most managed switches can do this. In the Cisco world it is called SPAN, RSPAN, or ERSPAN. Essentially it can replicate the traffic, ingress or egress, and sends it to a designated destination.

 

There are several limitations on this however and it is a higher-end switch feature, not available on any consumer gear that I know of.

 

The best bet if you want to see everything that is going on would be to use a hub but those are well... legacy.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

I'm trying to get a grasp on networking and a great administrative tool is Wireshark, I find it super helpful analyzing all the protocols it helps me really understand how it all comes together. But it seems like I'm only getting captures from my local machine, is there a way to capture all network traffic within a LAN? I basically want to analyze all traffic on my home network over wireless, not ethernet, I can't seem to capture anything except for traffic on my local machine, could someone please clarify? Thanks!

 

EDIT: I should probably clarify that I've done tons of packet captures with wireshark over wired connections, but im really curious and determined to get it working of wireless now 

 

Yes, use a switch that supports port mirroring. Mirror the ports you want to analyse to the port that you have the wireshark capture computer plugged in to. Also a lot of network devices support packet traces and dumps to files for analysing in tools like wireshark etc.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author

Most managed switches can do this. In the Cisco world it is called SPAN, RSPAN, or ERSPAN. Essentially it can replicate the traffic, ingress or egress, and sends it to a designated destination.

 

There are several limitations on this however and it is a higher-end switch feature, not available on any consumer gear that I know of.

 

The best bet if you want to see everything that is going on would be to use a hub but those are well... legacy.

 

 

Yes, use a switch that supports port mirroring. Mirror the ports you want to analyse to the port that you have the wireshark capture computer plugged in to. Also a lot of network devices support packet traces and dumps to files for analysing in tools like wireshark etc.

 

Awesome sounds good, I'm going to try and mirror the ports. Wouldn't the fact that you have to mirror the port in order to get a full network packet capture make it really hard for a random guy to capture packets on your LAN? Yet somehow people still manage to do it, how do they pull this off? I've been reading about security and networking a lot so I'm super curious haha

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

Awesome sounds good, I'm going to try and mirror the ports. Wouldn't the fact that you have to mirror the port in order to get a full network packet capture make it really hard for a random guy to capture packets on your LAN? Yet somehow people still manage to do it, how do they pull this off? I've been reading about security and networking a lot so I'm super curious haha

Ya that's the joy of switches. You only get the traffic that is addressed to you. This is one of the main reasons hubs went bye bye.

 

A typical attack involving switched networks would be ARP spoofing (for man in the middle) where an attackers machine sends dhcp/bootp messages claiming that it is the default gateway for the network. This can be mitigated with some switch security features. Another common attack is to flood the switch with ARP messages until its CAM table overflows and it can no longer learn MAC addresses, this will cause the switch to function like a hub. This can also be mitigated through switch security features.

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author

Ya that's the joy of switches. You only get the traffic that is addressed to you. This is one of the main reasons hubs went bye bye.

 

A typical attack involving switched networks would be ARP spoofing (for man in the middle) where an attackers machine sends dhcp/bootp messages claiming that it is the default gateway for the network. This can be mitigated with some switch security features. Another common attack is to flood the switch with ARP messages until its CAM table overflows and it can no longer learn MAC addresses, this will cause the switch to function like a hub. This can also be mitigated through switch security features.

Awesome, thanks man!

Link to comment
Share on other sites
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Networking

×