how can i capture http protocols

Hello ... i have 2 ethernet card and Vmware Kali and Windows at the same computer.When i capture local network (if i use the same ethernet card for Vmware and Windows ) i can capture the local traffic which is only between my router and my computer and the local network has 5 computers. but i cant capture other computers i see only Broadcasts .. so Wireshark cant capture different ethernet cards on the same local network ? I looked the forums i couldnt get any answers ...

edit retag close merge delete

Sort by » oldest newest most voted

Your "router" is likely to be a switch, and as such, you will only see broadcast packets from other hosts connected to the router. The traffic between the router and your PC is not local traffic, that's traffic external to your PC and may be LAN or traffic to\from outside your LAN. Local traffic is considered to be that which doesn't leave your PC.

See the Wiki page on Capture Setup in particular, the section on switched Ethernet.

more

As i see , for this i must use MITM ok . when i want to do MITM attack i open ettercap -G and i scan my network i see the target IP and gateway .. i choose target IP (1) and gateway Target ip2 .. MITM and Remote sniff connection then i start sniffing .. My target ip is an another Laptop ; when i want to open webpages in target laptop this sniffing cuts off internet connection .Why does it cut off connection ? ? (i set ec_uid ; ec_gid 0 and if you use iptables:

redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"


)

( 2018-02-26 19:11:23 +0000 )edit

You're using arp poisoning to force the target to send off-link packets to your capture host. Unless your capture host then forwards the packets off to the router to allow them to go out on the WAN (and then any responses back to the target), the target will be cut off. Check your routing.

Maybe much easier to capture on the router?

( 2018-02-27 10:44:58 +0000 )edit

what must i check ? i directed port 80 to 8080 i opened ssl strip to get packets of HTTPs with HTTP(.And also i see sslstrip doesnt work am i right ? i think i must use it with dns2proxy tooo ... ) i tried to sniff the router "192.168.2.1" again it cuts off my internet or working so slowly still i cant understand the problem ..

( 2018-02-27 18:38:52 +0000 )edit

As you've explained your issue isn't really with Wireshark, more a general networking problem. You'll probably have better success posting at an appropriate location for that.

( 2018-02-28 10:24:36 +0000 )edit

so ok . but what can i check for network ? i searched all the web but i couldnt find anything

( 2018-02-28 10:36:58 +0000 )edit