This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

how can i sniff other IPs on the same network using WireSHARK on mac

0

how can i sniff other IPs on the same network using WireSHARK on mac... i can see for example my mobile IP address in the interfaces but i can't start capturing the packets

asked 20 Aug '12, 20:23

Mazen's gravatar image

Mazen
1111
accept rate: 0%


3 Answers:

2

Refer to the Wireshark Capture Setup wiki page. Note that this is a general capture setup page, but there are other related pages referred to in the "See Also" section for additional information specific to capturing on certain types of networks, such as Ethernet, 802.11, Token Ring, etc.

If you're having trouble using Wireshark itself in order to initiate capturing, then you might find the Wireshark User Guide helpful, in particular the section on Capturing.

answered 21 Aug '12, 11:49

cmaynard's gravatar image

cmaynard ♦♦
9.4k1038142
accept rate: 20%

edited 21 Aug '12, 11:53

1

From "mobile IP address" I'm guessing the network is a Wi-Fi network. If so, then, given that this is presumably OS X, if you're running Wireshark 1.6 or later, there should be an option to select "monitor mode"; you'll need to run the Wi-Fi adapter in monitor mode in order to capture other hosts' traffic. If your network is "protected", i.e. using WEP or WPA encryption, you'll have to supply the password for the network to Wireshark to decrypt the traffic, and, for WPA/WPA2 personal mode, to decrypt traffic to or from a given host, you'd have to capture the traffic in which the host in question establishes a connection to the network (the whole point of WPA/WPA2 is, after all, to make it harder to sniff wireless networks...).

See the Wireshark Wiki page on decrypting 802.11 traffic for more details.

answered 21 Aug '12, 13:44

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196
accept rate: 19%

0

First you need admin privileges, Second you either need a TAP device to sniff others packets, or you need to execute an ARP Spoof attack, in order for you to see the packets of others (if you're on a switched environment).

OR Use a HUB device to connect your network and monitor/sniff them all.

answered 21 Aug '12, 04:05

sha8e's gravatar image

sha8e
6115
accept rate: 0%