Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-users: [Wireshark-users] Problem: i only sniff my own packets, not network packets

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "El Piraña" <piranna@xxxxxxxxx>
Date: Wed, 6 Feb 2008 13:43:00 +0100
Hi, i'm working on a little auditory and making informs of diferents security apps for my boss and i'm having a problem: when i use WireShark over ethernet or wireless i can be able of see others "burocratic" packets (DNS, ZeroConf, SMB headers...) but i can't be able to see any TCP packets except mine's when i'm surfing on the net, that is not interesting because i must prove that someone can be able to connect to the corporative network and start to get data (e-mails, passwords, web pages...). A typical scenario that i did by myself showing it to my boss:

1º I have WireShark running as root on Ubuntu 7.10 on a Compaq nx7010 laptop over his wireless network card (Intel, i think is model 2010)
2º I disconnect my MacBook v2.1 (Airport Extreme wireless card, Atheros based) with MacOS X 10.5.1 from the same wireless network
3º I re-connect the MacBook again to the same wireless network
4º WireShark on the Linux detect that the MacBook has been connected to the network, and all the auto identification it send (Samba, RendezVous/ZeroConf, MDNS...)
5º I make a random search on Google with the MacBook...
6º ...WireShark doesn't detect nothing :-(

And if i make web surfing on the Linux machine, i get a lot of TCP packets but are from the same machine!!! And i don't want to know what pages i'm surfing, i want the other pages.

I've tried this in other network area with same results, by ethernet and by wireless without any positive result, and i don't know what to do. I thought it would be about a switch on the network, but in any case the wireless APs works as a hub, so there shouldn't be problems, and in any case if there is a switch on a network it shouldn't show so much info as DNS request or similar... The most annoying thing was to found someone using Apple File Server with Kerberos authentification (bizarre... at least for me) and don't get anything about others TCP sesions... :-(

Thanks a lot, and hopping your answer.

--
"Sonrie, aunque solo sea una sonrisa triste, porque mas triste que una sonrisa triste es la tristeza de no saber sonreir." Emblema de Sonrissa, una empresa con mucho futuro que termino en la quiebra y lo unico que saque en claro de mis vacaciones.

Aumenta el indice de lectura del pais, ¡lee mi blog! :-D http://alcor12.alcorconwireless.net/drupal/blog/2
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube