How can I sniff packet with Wireshark - wireshark

I have already installed Wireshark in my laptop. Is it posssible to sniff the packets that my mobile phone sends through the internet? e.g. I open the browser in my mobile phone and I hit a simple link www.bbc.com , how can I sniff the packets that are transferred. They both to have connected to the same network?Because my mobile phone phone is connected to a network SSID1 and my laptop to SSID2.
Because I lack of experience in using wireshark if it possible suggest a link , so to make a quick progress and be more familiar with this software.
Thanks a lot

If you're asking if you can capture network packets on another network, then no that's impossible. You'd need to be on the same network as the device.
Thinking about it like catching fish in a river. If you cast a net in one river to catch all the fish swimming by you'll be successful. If you cast a net in this same river to catch fish in a river next to this one, you're going to be unsuccessful.
For an overview of the different modes you can use wireshark on the same network, look here.

Related

Capturing packets using wireshark of an IoT device

I have an IoT device that connects to my wifi router using wifi. There is a limitation of capturing network logs on the device itself so I thought to capture it using Wireshark.
I am using windows 10 and downloaded the latest version of Wireshark. Now that my laptop and my IoT device connect to the same network through the same router, I am not able to capture the packets in and out from my IoT device.
I put the filer as ip.addr == {ip of the IoT device). But it shows nothing.
Is it possible to capture these packets using a laptop using Wireshark?
Let me know, please.
Thanks
Akhilesh
Is it possible to capture these packets using a laptop using Wireshark?
Yes, but your capture setup is almost certainly incorrect. In a nutshell, you need to be able to capture packets in monitor mode, and you're not doing that. Whether it's possible to do so using the WiFi card on your laptop is unknown, because not all cards support monitor mode on Windows.
Since it's impractical to provide an answer that simply repeats information already provided elsewhere, I'll refer you to the following sites for more detailed information:
The Wireshark WLAN (IEEE 802.11) capture setup wiki page
Jasper Bongertz's blog about Wireless Capture on Windows
See also my answer to this question, which basically provides the same information.

Wireshark wifi traffic not fully listed under monitor mode under OrangePi(Lubuntu)

I‘m trying to monitor traffics under wifi, And I use both a mac and a lubuntu installed Wireshark, and after I enable monitor mode start listening, the amount of lubuntu packs is far less than Mac (10x less)
Does this happen since the CPU or net card things(other hardware things?) or just because of different Wireshark?
Is there any other way to identify this cause? (maybe with some other tool or commands)
added:
maybe related to the channel of wifi, but I config wifi to channel 7 and set the lubuntu monitor channel with
iwconfig wlanxx channel 7
but still, I can't get sniffer traffic under lubuntu but full of them under mac
seems lubuntu only could get the broadcast pack (like arp) and 802.11 Protocol Pack
I'm guessing this due to the bad configuration or implementation of wireless net card
There is probably just more activity on the Mac. I don't know your precise configuration, but if you have a browser open on the Mac and nothing on the lubuntu, then there will be a difference in the amount of network traffic.
There is not really a reason for network traffic to change significantly because of hardware. Configuration can play a role though. If ipv4 and ipv6 are enabled, address resolution packets will be double as if only one is. If Arp cache is set to expire fast, there will also be more Arp traffic.
To identify the cause, look at what wireshark is telling you. What packets are there on both machines ? what packets are unique to the Mac ? Have a look at protocols, destination IPs and port numbers, they are the main clue to tell you what is happening.
It seems due to router's setting( wifi channel and mode(802.11xx))
using channel hopping Tech, For capturing as much as possible packages while hopping through multiple channels
And maybe trying some advanced monitor wireless net card for various mode(802.11xx) and 2.5G/5G supporting

WLAN Receiver monitor mode

This is more of a hardware question.
How does a WLAN receiver manage to demodulate every channel simultaniously.
I could need a brief description about that issue.
In my imagination it is only possible to demodulate a single carrier.
Several WLAN chips have the possibility to monitor the entire on air traffic on every channel with every subcarrier.
I could not find a description of that monitor mode in standard and anywhere else until now.
thanks!
The answer is. It is no broadband sniffing possible. The WLAN Hardware is only capable of sniffing one WLAN channel.

Is GSM data sending between 2 phones impossible?

Please tell me in detail why it is impossible to send the data between two phones over GSM? I can find almost no information about this problem.
There are 2 points here.
Firstly, GSM is a mobile voice telephony system - plain GSM doesn't do data connections.
GPRS and EDGE are add-ons to the GSM network that allow data to be sent.
There are other kinds of wireless phone networks that also use a SIM and allow data to be sent (UMTS, LTE).
Secondly, when you establish a data connection with a mobile phone and a phone network, you are establishing an IP connection between your phone/modem and a gateway server in the operator's network. The gateway server allows you access to the internet (together with the DNS server etc, obviously).
This is similar to a computer plugging in a LAN cable and connecting to their ISP. But you can also connect 2 computers with a crossover cable, and configure them to have an IP connection directly. So what you are asking is, why can't I do the same with 2 GSM phones? what is the equivalent of a wireless crossover cable?
The reason is because GSM has no protocol to connect phones to each other. It only defines a protocol for phones to connect to a network base station.
To transfer data between 2 phones, therefore, you need a different protocol, one which will work between 2 peers. Bluetooth is a common such protocol, but it only works over short distances.
If you want to connect 2 distant phones, you can do this via a third party, like a website, to which data can be uploaded into the cloud by the first phone and downloaded by the second phone.
Or, you could establish a connection at the IP level via the internet, e.g. if one mobile device was a web server (the last sentence is only theorising).
See also this related question
EDIT: 3GPP Release 12 includes direct Device to Device communications. At the time of writing, it's still very new, and not yet commercially available, so the answer above still holds. D2D is designed for emergency services, eg if the network is damaged by a disaster, they can still communicate directly. But 3GPP suggests that it will be commercially available as well. From 3GPP news
There are also commercial benefits of D2D, with new applications building on the physical proximity of users being trialed by operators.
2nd EDIT: Apple has created a feature called Multipeer Connectivity Framework, which uses a mixture of WiFi networks, peer-to-peer WiFi and Bluetooth to enable short distance connectivity between iPhones when there is no GSM network.
NFC is another peer-to-peer technology for communicating between 2 devices, that is supported by some phones. More information here.

Can't see another computer in WiFi

I am trying to do a little experiment and I'm getting pretty odd results that I can't explain. I came to my University with my friend, we both brought our laptops and we connected to the same WiFi. But from some reason, our computers couldn't communicate with each other. For example, I couldn't ping him, and I when I did an ARP Scan to find all the hosts on the LAN I didn't find him. He did the same. He couldn't ping me and he didn't find my laptop when he did an ARP scan. Yet, there were many other devices on the LAN that both of us could ping and that we both found in our ARP scan. The University may be big, but we sat just next to each other.
I know that the WiFi on the university may be complex, but yet I have no explanations of what is happening. We sit next to each other, connect to the same WiFi(same Access Point MAC), we both see many same devices in our LAN, yet we can't see each other. Anyone has any idea of what may be happening? Why can't we see/ping each other while we are on the same LAN?
Thanks! :)
The wireless access point probably has a security setting of "Wireless Isolation Within SSID" turned on. This function does exactly what you describe. It allows all authenticated users to see machines on the LAN, but not other wireless machines on the same access point.
Reconfigure your router and make some settings like this
LAN DHCP=Enable
Wireless Authentication type=WPA-PSK/WPA2-PSK
Encryption=AES
After this setting delete all Wireless network of router listed in your PC. And than connect, It will works. you can ping your both PC together.
Because you are connected to an infrastructure mode access point (99% of APs), in order to send packets to another device your laptop sends the packet to the AP (to the distribution system), and then the AP sends the packet to your friend (from the distribution system). You cannot connect 'directly' to your friend.
The AP can direct whether or not wireless clients can see each other - depending on the manufacturer this can be implemented in many different ways. You could talk to your system administrator about why/how this policy works.

Resources