Hi everyone,
I'm running into a weird problem with tshark. The scenario is I'm using ettercap on a Raspberry Pi to perform a man in the middle attack and look at all the traffic between two devices.
When I send messages with the Raspberry Pi to one of the devices, I can use the command
sudo tshark -Y "ip.src == 192.92.92.200" -T fields -e data
to print the hex contents of the packets I'm sending (where 192.92.92.200 is the address of the Pi). However, when I do the same with the address of one of the devices I'm ARP spoofing, no data is printed to the screen. However, whenever a packet is received, a blank line is printed to the screen. If I simply run
sudo tshark
all of the traffic in the network, including the packets being sent between the two devices I am ARP spoofing, are shown (though of course this command doesn't print the actual contents of the packets, which is what I'm looking for). So if tshark can see the packets being sent between the two devices, and if the contents of the packets can be printed in the case that it is sent from the Raspberry Pi, why can't I print the contents of the messages being sent from the devices I'm ARP spoofing?