First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

how can i capture http protocols

  • retag add tags

Hello ... i have 2 ethernet card and Vmware Kali and Windows at the same computer.When i capture local network (if i use the same ethernet card for Vmware and Windows ) i can capture the local traffic which is only between my router and my computer and the local network has 5 computers. but i cant capture other computers i see only Broadcasts .. so Wireshark cant capture different ethernet cards on the same local network ? I looked the forums i couldnt get any answers ...
https://ask.wireshark.org/question/18... Npcap Loopback adapter is active .

marechok's avatar
1
marechok
asked 2018-02-26 02:17:28 +0000
edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

1 Answer

0

Your "router" is likely to be a switch, and as such, you will only see broadcast packets from other hosts connected to the router. The traffic between the router and your PC is not local traffic, that's traffic external to your PC and may be LAN or traffic to\from outside your LAN. Local traffic is considered to be that which doesn't leave your PC.

See the Wiki page on Capture Setup in particular, the section on switched Ethernet.

grahamb's avatar
23.8k
grahamb
answered 2018-02-26 10:16:38 +0000
edit flag offensive 0 remove flag delete link
more

Comments

As i see , for this i must use MITM ok . when i want to do MITM attack i open ettercap -G and i scan my network i see the target IP and gateway .. i choose target IP (1) and gateway Target ip2 .. MITM and Remote sniff connection then i start sniffing .. My target ip is an another Laptop ; when i want to open webpages in target laptop this sniffing cuts off internet connection .Why does it cut off connection ? ? (i set ec_uid ; ec_gid 0 and if you use iptables:

redir_command_on = "iptables -t nat -A PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"
redir_command_off = "iptables -t nat -D PREROUTING -i %iface -p tcp --dport %port -j REDIRECT --to-port %rport"

)

marechok's avatar marechok (2018-02-26 19:11:23 +0000) edit
more
  • delete

You're using arp poisoning to force the target to send off-link packets to your capture host. Unless your capture host then forwards the packets off to the router to allow them to go out on the WAN (and then any responses back to the target), the target will be cut off. Check your routing.

Maybe much easier to capture on the router?

grahamb's avatar grahamb (2018-02-27 10:44:58 +0000) edit
more
  • delete

what must i check ? i directed port 80 to 8080 i opened ssl strip to get packets of HTTPs with HTTP(.And also i see sslstrip doesnt work am i right ? i think i must use it with dns2proxy tooo ... ) i tried to sniff the router "192.168.2.1" again it cuts off my internet or working so slowly still i cant understand the problem ..

marechok's avatar marechok (2018-02-27 18:38:52 +0000) edit
more
  • delete

As you've explained your issue isn't really with Wireshark, more a general networking problem. You'll probably have better success posting at an appropriate location for that.

grahamb's avatar grahamb (2018-02-28 10:24:36 +0000) edit
more
  • delete

so ok . but what can i check for network ? i searched all the web but i couldnt find anything

marechok's avatar marechok (2018-02-28 10:36:58 +0000) edit
more
  • delete
add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer