I'm trying to do MiTM on my home wi-fi. I'm a complete newbie.
I have macOS. I downloaded wireshark, executed it, chose wi-fi en0, entered "eapol" in filters, reconnected on my phone to the wi-fi, but nothing showed up in the wireshark's console. Why so?
I didn't enable "Monitor mode" in the preferences of the network...... Closed.
Related
I am developing embedded microcontroller hardware using a Texas Instruments Starter Kit. I am writing the firmware for the Ethernet link between my microcontroller and x86 Windows desktop.
I have written my own Ethernet driver for the microcontroller and my own protocol driver. So I have absolute FULL control over what data is being transmitted to and from the microcontroller. Up until now, I have managed to write ARP, IP, and ICMP drivers.
I use Wireshark on Windows closely to monitor all data frames going in and out. Now when Wireshark is capturing, "ping" from the console works correctly, but when I stop capturing on Wireshark, my ping fails with "Destination host unreachable." I check the logs on my microcontroller; I see Windows is sending ARP requests, and the microcontroller is replying to them correctly. But the network driver in Windows is filtering them away. So no ICMP requests are being sent. When I check the MAC table using "arp" from the console, my microcontroller is in the list while capturing but not when not capturing its not in the list.
What could be the problem, and how can I debug this problem? Are there any tools/apps for Windows that give statistics on dropped/filtered packets?
I found the problem, there was a punny padding missing in my ICMP echo reply. I did a side by side comparision between a working ping with my wifi router vs my microcontroller on wireshark and found this difference. I thought it wasn't such a big deal, apparently not.
Although what has it got to do with wireshark capturing, I have no clue.
I have microcontroller pic16f887 and serial ethernet board. When start browser i have problem - the message is this site can't be reached and i can show the content in browser. What may be the problem???? I use HTTPServerExample
http://www.mikroe.com/add-on-boards/communication/serial-ethernet/
Is the IP address configured correct? Wireshark is a very nice tool you can run on your PC to track the TCP/IP traffic and try to detect what goes wrong.
This is my first post, so don't judge if I mess something up.
The problem is that I bought a new Desktop PC for my office (a Windows 8 machine with motherboard Z97-HD3 (has integrated Ethernet/LAN card)) and it worked OK for a few weeks, but now, the internet is gone.
When I boot up my PC I get "Network Identifying". After a minute or so, it says that it is connected, but when I open a browser it either says: "This webpage is not available" (more often) or "SSL certificate problem" (rarely). I've been chipping on this problem for a few days and the only steps that I've mustered up to take are these:
1. Is it the cable? Try the Ethernet/LAN cable on a different computer
Tried that. It works on my other laptop. So I conclude that the problem is with the new computer.
2. Is it a software problem or hardware?
2.1. Look at the back of the PC. The Ethernet card lights are on.
2.2. Try pinging localhost. Start > Open command prompt (cmd) > "ping 127.0.0.1". All 4 packages are sent and received with time 1ms
2.3. Maybe there is something wrong with Windows? Tried installing Ubuntu, but the internet doesn't connect as well
Anything else I could do? Or should I conclude that this is a hardware issue and return it to the shop?
First, make sure that you can ping your Gateway (gateways are computers/routers that are between two networks ). You can find out the IP of your gateway by running this in cmd:
ipconfig
There you will see your currently assigned(or static) ipaddress, the subnetwork, as well as the IP of your Gateway. Then try to ping your Gateway.
If you can then you know that all is good with cables and software and the problem is either configuration(you dont have gateway set) or the gateway can't make the connection outside of your local network.
if you can't ping your gateway, then you know something is wrong on your PC.
Ok, so I want to do some tests on my network. I have a wireless network, with a WPA2 password. I have the password, it's my own router. I have 3 laptops in here, and I want to capture all the traffic from the router with Wireshark.
I've first set my wireless network in monitor mode (I am using Manjaro linux, and I've set it into monitor mode with airmon-ng), and I've tried to see the traffic. I've started wireshark with mon0, and there were only encrypted wireless 802.11 packets. If I set it for my real wireless card, I get traffic but only from my IP address.
How can I monitor all the traffic on the network (decrypted, and from all IPs) if I have the password, and I can even get a 4 Way handshake if it's needed.
I've tried from wireshark with:
Edit -> Preferences -> Protocols -> IEEE 802.11 -> New -> wpa-psk and in the Key box: "AP:password" but I get an Invalid key format error.
Any ideas ?
So the idea is to get all the traffic on a secured WPA2 access point, if you know everything and you even have access to the router.
The problem seems to be that you are attempting to add a password when you have opted to enter a Pre-Shared Key(PSK). If you want to provide a password for decryption you need to enter it by selecting:
Edit -> Preferences -> Protocols -> IEEE 802.11 -> New -> wpa-pwd
Also you'll need to tick the 'Enable decryption' box, plus you may need to play with the 'Assume packets have FCS' setting and clicking on Apply till you hopefully see the decrypted packets.
If want to capture packets from machines other than the one you're capturing on you may also need to play with the promiscuous mode setting - trying both on and off in monitor mode.
Try Promiscuous mode.
Refer http://wiki.wireshark.org/CaptureSetup/WLAN more details.
You may also want to look at Wildpacket's "Omnipeek" tool (it's a licensed product!)
If I want to detect the number of connections active on my home Wifi network, how should I go ahead doing it? This can be useful for building applications which would serve as monitoring unidentified/unrecognized people being fraudulently misusing a person's Wifi network.
How to know whether your neighbors or others are using your wireless network is rather complicated.
If your neighbors are experienced Wi-Fi hackers, you might not be able to tell at all.
If they're just stealing your Internet connection, you may be able to tell from the logs on your router.
To find out who's on your wireless network, you'll need to start by taking inventory of all the devices that are meant to be connected. Find out their MAC IDs and their IP addresses (if they're static).
To find out the MAC ID/IP address on a PC, click the Start menu and choose Run. Type cmd and click OK. In the screen that opens, type ipconfig /all and hit Enter. The MAC address will be shown as the physical address. Once you know the MAC addresses of each of the PCs on your network, you will recognize any addresses that don’t belong under the screen that shows the MAC addresses of current connections.
Check IP addresses
Likewise you may be able to see how many IP addresses have been dished out by the DHCP server. If you check the IP addresses of each of your PCs, you can see if other IP addresses have been served.
To find out your IP address from the Start menu, click Run. Then type in cmd and click OK. In the screen that comes up, type ipconfig which will display the IP address for that computer. (Bear in mind, however, that if the PC is set to auto detect settings, then the PC's IP address will change the next time the computer is rebooted or switched on. Sometimes previously served numbers have not yet expired, so you may think someone is connected when they are not.)
Dealing with intruders
If you do find someone using your connection, they may well not be doing so maliciously or even knowingly. Sometimes people can’t tell which is their own connection and they may honestly believe that they are using their Wi-Fi router rather than yours. The best way to deal with this is to set up your own security and maybe you can help them find their own router!
The optimal solution is to set up a strong password using WPA or WPA 2 of almost 20 to 30 digits and numbers. Once your network is functioning, you can switch off the SSID broadcast (which prevents it from advertising the name of your network) so it would effectively disappear as far as your neighbors are concerned, and the first you might hear of it is when someone complains that their Web connection has disappeared.
You could look for logs such as current LAN clients, connection or status log, or connected MAC addresses.
Be Happy :-)
Do you have access to the Access Point management ?
Look for MAC addresses and their filtering. Modern APs allow you to filter devices and or limit the timeframe during which devices can authenticate themselves, using a hardware button.
A link on how to secure your AP here, and a good start to know what to play with !
You can Either USE this Command... On your Router or Modem... Some Modem's have console for Ping and Commands like that....
ipconfig -all