Ask Your Question
0

Rookie wireshark question

asked 2021-06-22 21:49:48 +0000

updated 2021-06-23 11:54:02 +0000

Hello everyone,

A couple of months ago, I was playing with wireshark. The capture was running smoothly, showing the traffic of my machines, either being TCP or UDP, showing destination IPs, source IPs etc.

I launched it again today, and for some reason it captures only UDP traffic: http://prntscr.com/16chh6m. The captured packets of the screenshot are supposed to be facebook and youtube searches.

I searched the internet but I couldn't find a reason. I even installed the new kali linux 2021.2 .ova file and still had the same results.

Any recommendations and explanations will be gratelly appreciated.

My setup is: 1 windows laptop, 1 windows desktop, 1 kali linux 2021.2 on virtual box, 1 ubuntu 21.1 on virtual box. All connected to the same router via ethernet.

Thank you in advance

edit retag flag offensive close merge delete

Comments

Is remote mouse installed? Remote mouse uses UDP ports 2007 and 2008.

BigFatCat gravatar imageBigFatCat ( 2021-06-23 09:08:07 +0000 )edit

All the traffic in your capture is broadcast, have you disabled promiscuous mode on the capture interface?

grahamb gravatar imagegrahamb ( 2021-06-23 09:15:23 +0000 )edit

BigFatCat: Remote Mouse is indeed installed on my laptop. grahamb: It was enabled, I disabled it and is still showing only UDP traffic.

Iason Demertzidis gravatar imageIason Demertzidis ( 2021-06-23 11:55:34 +0000 )edit

You need promiscuous mode enabled to capture traffic not destined for your machine. What is your capture machine connected to, a switch port, a tap or something else?

grahamb gravatar imagegrahamb ( 2021-06-23 13:07:56 +0000 )edit

Some more questions:

  • What machine are the VB VM's on?
  • Can you give a model name for the router? It's likely to be acting as a switch.
  • Which machine(s) traffic are you expecting\hoping to see?
grahamb gravatar imagegrahamb ( 2021-06-23 15:14:43 +0000 )edit

1 Answer

Sort by ยป oldest newest most voted
0

answered 2021-06-23 16:41:12 +0000

grahamb gravatar image

You will only see the broadcast traffic from the laptop as it's a switched network, unless you can set the D-Link switch into monitor or span mode. See the Wiki page on Ethernet Capture for more info.

edit flag offensive delete link more

Comments

Thank you very much for your help again!

Iason Demertzidis gravatar imageIason Demertzidis ( 2021-06-25 10:39:59 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2021-06-22 21:49:48 +0000

Seen: 98 times

Last updated: Jun 23