Ask Your Question
0

How can I see traffic between two devices on the same network

asked 2017-11-22 15:50:31 +0000

Sophienna gravatar image

Hi,

I have a home router - 192.168.0.1 I have a windows tablet PC - 192.168.0.12 I have another laptop - 192.168.0.10 My main laptop with Wireshark is 192.168.0.2

Devices can either be WiFi or Ethernet but all are on the same network using the same router.

When I ping from 192.168.0.2 to anything else or vice versa back to 192.168.0.2 and use Wireshark I can see the traffic. Specifically I am constantly pinging or performing a 'ping of death' between devices. I can see the long list of pings, no problem.

However, if I ping between 192.168.0.10 and 192.168.0.12, then use my Wireshark machine I cannot see any traffic between those two devices.

It seems I can only see this type of traffic when my Wireshark machine is some how involved of part of the ping process.

Help??

Stu

edit retag flag offensive close merge delete
add a comment

1 Answer

Sort by ยป oldest newest most voted
0

answered 2017-11-22 15:58:48 +0000

grahamb gravatar image

See the Wiki pages on capturing setups, Ethernet and WiFi.

For Ethernet, your router acts as a switch so will only see packets to\from the capturing machine.

For WiFi, to see packets from other machines you need to put the interface into "Promiscuous" mode which is difficult\impossible with Windows, see this subsection of the WLAN page.

edit flag offensive delete link more

Comments

Thanks

I have followed some guides on MITMf and wifi monitor mode and so on from an ethical hacking point of view. I will mess about later with the wifi side of it.

Specifically I want to show someone how to see a DDoS attack in progress or how to analyse and identify one.

If using Ethernet and the attack comes from outside my network will the traffic show? If a device on my network is DoS ing another device, how can I evidence that?

Stu

Sophienna gravatar imageSophienna ( 2017-11-22 16:53:27 +0000 )edit

As per the Wiki page, when on an Ethernet switched network you will only see traffic directly to or from the capturing host, along with any broadcast messages.

If an attack comes from outside your network, then your router will block this unless you have configured port-forwarding to send the traffic to an internal host. To see non-port-forwarded traffic you would need to capture on the router. Some routers (not most SOHO ones) can capture traffic, some can be uploaded with modified firmware, e.g. OpenWRT, to allow capture on the router.

If the attack is generated by an internal host (to the outside), then again you would either need to capture on that host or the router. Another host on a different router switch port will not see the traffic.

grahamb gravatar imagegrahamb ( 2017-11-22 18:30:37 +0000 )edit
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2017-11-22 15:50:31 +0000

Seen: 16,103 times

Last updated: Nov 22 '17

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2