I have vpn connection in my laptop. I am able to ping the vpn ip address successfully. I would like to analyze the network traffic and packets to and from vpn.So, I installed sharkwire But I dont see the listing of either VPN Name or the IP Address of VPN in wireshark. Any help?
Wireshark uses WinPcap on Windows, and some third-party VPN software doesn't work with WinPcap and even some standard VPN software might not work with WinPcap. That might be the problem.
You could try installing Npcap and, if Wireshark uses it, that might fix the problem. As its main page says, report problems on Nmap's GitHub issues page.
Related
I'm trying to find out a way (or a tool) to see all http traffic that comes into my WiFi network.
I found Fiddler or HttpDebugger but it only works on the computer I have installed them. Is there any other that works globally? For any computer or mobile device that is connected to my Wifi.
Thanks in advance
It seems I have this weird issue I can't really understand. I am able to connect to a remote computer (windows machine) with remote desktop perfectly but I am not be able to ping to it. When I ping I get timeout all the time. It is the same ip address and I am using the same computer, so there are no firewall issue I think. From what I know ping is using it own protocol (different than TCP and UDP) so you don't ping to a precific port
Yes it is. The system administrator, and the network administrators (of the several networks you need to use to access the remote machines), are able configure their boxes to disable ICMP. Then ping does not work, but HTTP or ssh (or whatever protocol your remote desktop uses) could work.
ICMP is often disabled for security reasons, and to lower the load on the remote computer. It makes slightly harder to find the remote host.
Long story short I'm testing something and trying to figure out how to view VPN data (the default server/client setup through Windows) using Wireshark. In my test environment I've got Wireshark running on both the server and the client but I only see PPTP traffic.
I've got all credential information for the VPN (obviously) but I haven't found any way to view the decrypted traffic. I found a link that said it couldn't be done on Windows 7 but I'm running XP atm.
I found the answer to this question on the Wireshark Q&A so for anyone who has this problem in the future I solved it by install Netmon on both boxes. After that the VPN interface was available for Wireshark to sniff.
My goal is to have two laptops in a network. One is acting as a server, serving webpages to the other. The catch here is that neither is connected to the outside internet.
What I have done so far is setup WAMP on the server laptop, and it successfully serves web pages on localhost. Now I want to access these pages on the other laptop.
To do this, I had the server create an ad-hoc network and connected the other laptop to it, but I'm stuck - and I'm worried I'm not on the right track. I followed this tutorial but in the end I figured out that just explained how to spoof a text URL as an IP address, and not really what I was looking for.
So I guess I have two questions:
Is my method the best way to do this (with ad-hoc networks)? Is there some way to connect a laptop to a wireless router and have the laptop act as a server to another laptop?
If my WAMP and ad-hoc network should work, how do I connect other laptops to my server through the ad-hoc network?
Thanks!
I would suggest the first option: get a wifi router. Then you can assign static IP adresses from the routers private network or use DHCP server on the router. Hopefully you will have an option to reserve IP adresses on DHCP server so you dont have to check every time what IP adress the laptop acting as a server got. You use this address to access your web server. Also, you can use this router later as a gateway to the internet if you want.
In ad hoc mode you will probably get an address from 169.254.0.0/16 link-local scope, and you can check it by running ipconfig as #Robadob already suggested.
On your hosting laptop open cmd and call ipconfig look for the internal IP address on the network interface your hosting the ad-hoc network.
Enter that IP address into the browser on your client laptops web browser instead of localhost.
If that doesn't work, try other ip addresses listed by ipconfig (incase you used the wrong) and then check the properties of your ad-hoc network, windows firewall and any other firewall software to disable anything that might be blocking it.
An ad-hoc network is suitable option for what your doing, most people would probably use a switch or router though, however that requires hardware you probably don't have.
How do I discover the MAC address of machines in a network?
I need to discover the machines that are available just with only BIOS installed (no operating system present). And I need to find the MAC address of machines that are up.
I won't have physical access to the machines. This is for baremetal discovery!
You can use WinPcap to monitor the Ethernet traffic on your network in the same collision domain. So you could learn all the MAC addresses just as a switch does. You could also fake some DHCP messages in order to create some traffic. But this only works with PXE (which is actually made for this scenario) and in your own collision domain.
Since the machines probably don't have IP addresses, I don't think you have a chance to actively query them. They would need to answer packets sent to the broadcast MAC and for e.g. ICMP echo requests, they'd need to send packets with something like 0.0.0.0 as a source IP. This is common and allowed for BOOTP/DHCP, but I haven't seen anything like this implemented by BIOSes yet.
Maybe just logging all MACs that go over the wire with a tool like arpwatch would help? If the machines have PXE booting enabled, you should at least see some DHCP DISCOVERs, before they leave into eternal silence.
A just-not-as-"nice" solution as the ones suggested above (working over a network is just comfortable):
If you have physical access to the machines: Plug in a monitor and look the MAC address up in the BIOS. If for some reason the MAC address isn't listed in the BIOS, you could enable PXE. After reboot, when PXE is initializing, you're going to see the MAC address.
Try the arp command. I am not sure it will be really helpful for you as it might only work for PC with an IP address (and likely to have an OS).
If your computers are connected to a switch I guess you can have this information from it. Many "modern" switches are able to provide you with that information, should you know which PC is connected to which port on the switch.