Rookie wireshark question
Hello everyone,
A couple of months ago, I was playing with wireshark. The capture was running smoothly, showing the traffic of my machines, either being TCP or UDP, showing destination IPs, source IPs etc.
I launched it again today, and for some reason it captures only UDP traffic: http://prntscr.com/16chh6m. The captured packets of the screenshot are supposed to be facebook and youtube searches.
I searched the internet but I couldn't find a reason. I even installed the new kali linux 2021.2 .ova file and still had the same results.
Any recommendations and explanations will be gratelly appreciated.
My setup is: 1 windows laptop, 1 windows desktop, 1 kali linux 2021.2 on virtual box, 1 ubuntu 21.1 on virtual box. All connected to the same router via ethernet.
Thank you in advance
Is remote mouse installed? Remote mouse uses UDP ports 2007 and 2008.
All the traffic in your capture is broadcast, have you disabled promiscuous mode on the capture interface?
BigFatCat: Remote Mouse is indeed installed on my laptop. grahamb: It was enabled, I disabled it and is still showing only UDP traffic.
You need promiscuous mode enabled to capture traffic not destined for your machine. What is your capture machine connected to, a switch port, a tap or something else?
Some more questions:
The virtual machines (ubuntu and kali) are on the windows desktop pc. Everything is connected to a D-Link switch. The router is speedport entry 2i.
I installed wireshark on the windows desktop. It shows everything fine, exept the laptop's traffic which still shows only UDP.
The idea is to monitor the traffic from the windows laptop and ubuntu vm, try to find information by sniffing and decrypting the packets, maybe perform a MitM attack, in order to finally find a vulnerability of some sort and infect them with a malware.
You meant promiscuous mode on the virtual machine network settings! Ok, now I got it! Everything is working fine.Thank you very much for your help!