Ask Your Question
0

how can i capture http protocols

asked 2018-02-26 02:17:28 +0000

marechok gravatar image

Hello ... i have 2 ethernet card and Vmware Kali and Windows at the same computer.When i capture local network (if i use the same ethernet card for Vmware and Windows ) i can capture the local traffic which is only between my router and my computer and the local network has 5 computers. but i cant capture other computers i see only Broadcasts .. so Wireshark cant capture different ethernet cards on the same local network ? I looked the forums i couldnt get any answers ...
https://ask.wireshark.org/question/18... Npcap Loopback adapter is active .

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2018-02-26 10:16:38 +0000

grahamb gravatar image

Your "router" is likely to be a switch, and as such, you will only see broadcast packets from other hosts connected to the router. The traffic between the router and your PC is not local traffic, that's traffic external to your PC and may be LAN or traffic to\from outside your LAN. Local traffic is considered to be that which doesn't leave your PC.

See the Wiki page on Capture Setup in particular, the section on switched Ethernet.

edit flag offensive delete link more

Comments

As i see , for this i must use MITM ok . when i want to do MITM attack i open ettercap -G and i scan my network i see the target IP and gateway .. i choose target IP (1) and gateway Target ip2 .. MITM and Remote sniff connection then i start sniffing .. My target ip is an another Laptop ; when i want to open webpages in target laptop this sniffing cuts off internet connection .Why does it cut off connection ? ? (i set ec_uid ; ec_gid 0 and if you use iptables:

redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"

)

marechok gravatar imagemarechok ( 2018-02-26 19:11:23 +0000 )edit

You're using arp poisoning to force the target to send off-link packets to your capture host. Unless your capture host then forwards the packets off to the router to allow them to go out on the WAN (and then any responses back to the target), the target will be cut off. Check your routing.

Maybe much easier to capture on the router?

grahamb gravatar imagegrahamb ( 2018-02-27 10:44:58 +0000 )edit

what must i check ? i directed port 80 to 8080 i opened ssl strip to get packets of HTTPs with HTTP(.And also i see sslstrip doesnt work am i right ? i think i must use it with dns2proxy tooo ... ) i tried to sniff the router "192.168.2.1" again it cuts off my internet or working so slowly still i cant understand the problem ..

marechok gravatar imagemarechok ( 2018-02-27 18:38:52 +0000 )edit

As you've explained your issue isn't really with Wireshark, more a general networking problem. You'll probably have better success posting at an appropriate location for that.

grahamb gravatar imagegrahamb ( 2018-02-28 10:24:36 +0000 )edit

so ok . but what can i check for network ? i searched all the web but i couldnt find anything

marechok gravatar imagemarechok ( 2018-02-28 10:36:58 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2018-02-26 02:17:28 +0000

Seen: 1,754 times

Last updated: Feb 26 '18