Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Using Wireshark on Laptop to sniff Android packets

  • 17-09-2011 1:59am
    #1
    johnnykilo
    Registered Users, Registered Users 2 Posts: 1,216 ✭✭✭


    I have my laptop connected to the router using an ethernet cable. Wireshark is running on it and promiscuous mode is enabled. If I turn the WiFi on my Android phone and use the internet on it, should Wireshark be able to capture the packets from the phone? I know there are packet sniffer apps available for Android but my phone isn't rooted so they will not work.
    Tagged:


Comments

  • #2
    n0brain3r
    Registered Users, Registered Users 2 Posts: 919 ✭✭✭n0brain3r


    It won't work as I'm guessing your router has an in built switch meaning packets will only appear on the port they where sent and the one the device they are intended for is connected.

    Think of the Wireless AP as one port and the destination is the router the packet won't be forwarded out any other port on a switch.

    What you need is a seperate wireless AP,a managed switch that supports port mirroring/monitoring or an old hub.

    You plug the laptop with wireshark on it into the old hub or monitor port and setup the port with the AP attached to mirror to the monitor port that way you have all the traffic from the AP being forwarded out the port the laptop is on and it can sniff it!

    I don't have an android so I don't know anything about the sniffing apps on them.


  • #3
    swampgas
    Registered Users, Registered Users 2 Posts: 3,588 ✭✭✭swampgas


    johnnykilo wrote: »
    I have my laptop connected to the router using an ethernet cable. Wireshark is running on it and promiscuous mode is enabled. If I turn the WiFi on my Android phone and use the internet on it, should Wireshark be able to capture the packets from the phone? I know there are packet sniffer apps available for Android but my phone isn't rooted so they will not work.

    Maybe you can connect your android phone to your laptops WiFi - i.e. share the laptop WiFi and connect the phone through that instead of through the router. Then you should be able to sniff all the phone traffic you want.


  • #4
    n0brain3r
    Registered Users, Registered Users 2 Posts: 919 ✭✭✭n0brain3r


    swampgas wrote: »
    Maybe you can connect your android phone to your laptops WiFi - i.e. share the laptop WiFi and connect the phone through that instead of through the router. Then you should be able to sniff all the phone traffic you want.

    That would be the easist way to do it with your existing equipment just setup an adhoc wireless network on the laptop and connect the phone.


  • #5
    Zab
    Registered Users, Registered Users 2 Posts: 1,931 ✭✭✭Zab


    You should be able to capture the wireless packets between phone and router using the wireless adapter on your laptop using wireshark. You won't get these packets on the wire as they are never sent over the wire.


  • #6
    n0brain3r
    Registered Users, Registered Users 2 Posts: 919 ✭✭✭n0brain3r


    Zab wrote: »
    You should be able to capture the wireless packets between phone and router using the wireless adapter on your laptop using wireshark. You won't get these packets on the wire as they are never sent over the wire.

    Your right that's by far the easiest way of intercepting the traffic I was over thinking it. The packets are on the wire though, twice in fact, once from the device to AP the wire or media to be correct is the air plus the AP is connected to the routers built-in switch internally so the packets are transmitted for a second time from AP to router.


  • Advertisement
  • #7
    Zab
    Registered Users, Registered Users 2 Posts: 1,931 ✭✭✭Zab


    I think you're making assumptions about the internal makeup of his router, but regardless the packets won't be sent on the cable to his laptop unless he can specifically set the router to do it or flood the mac table or whatever. You've also interestingly managed to interpret my use of "the wire" to include "the wireless" that it intended to differentiate from. Whatever though, the OP has his answer.


  • #8
    n0brain3r
    Registered Users, Registered Users 2 Posts: 919 ✭✭✭n0brain3r


    I was breaking down the combo router into it's components for ease of understanding if the switch was a managed switch you'd have no problem intercepting the packets.

    It's an easy assumption to make that the internal AP is connected to the internal switch - you wouldn't be able to access the wired LAN from the wireless or vice versa if it wasn't we don't know what router the op has but from years or experience it's a fair bet that I'm right.

    And no if your are specifically referring to the cable linking the the laptop to this router in this instance the packets will never cross it unless he performs some sort or arp poisoning rather than a flood attack. The latter has limited success and usually just forces the switch to repopulate it's mac table it more of a DoS attack.

    In networking terminology the "wire" is used to describe whatever media data is being transmitted across I'd assumed this was the meaning you implied.

    Let us know how you get on OP


  • #9
    Zab
    Registered Users, Registered Users 2 Posts: 1,931 ✭✭✭Zab


    sigh


  • #10
    n0brain3r
    Registered Users, Registered Users 2 Posts: 919 ✭✭✭n0brain3r


    Zab wrote: »
    sigh

    :rolleyes:


Advertisement