Hello, I am no guru when it comes to sniifers so I need some guidance. I want to run a sniffer (Wireshak) on my PC (LAN Ethernet) or laptop (Wifi 802.11b/g) to capture/sniff all data on my home network. I have D-Link WRT110 router with WPA2, with some laptops and smartphones connected to it. I want to check what my kids are doing, the web sites they visit, the chat rooms and even reading the chat history (like Whatsapp on smartphones). Is that possible to do with Wireshark or I need something else? If possible: - What version of Wireshark do I need? - Once installed, what parameters do I need to set? - Once captured, do I need to decrypt the datd and if yes, how? This question is marked "community wiki". asked 26 Oct '12, 10:08  torontoguy |
2 Answers:
As per my reply, Wireshark, Network Monitor, and other network analyzers aren't really designed for people who just want to know what sites their children are visiting, they're designed for technical users such as network software developers, network administrators/managers/troubleshooters, and the like, who need to know technical details about what traffic is going over a network. You might be better off with software designed for the average user or, at least, the average parent - and designed for the purpose of monitoring network activity on other people's machines, rather than for the purpose of capturing raw network traffic and letting you look at it in detail for whatever you might be trying to find. Some Googling found, for example, Symantec's Norton Online Family and McGruff SafeGuard. You may have to install software on their PC's and smartphones to use it; make sure whatever you install supports whatever operating system their PCs and smartphones are running. answered 28 Oct '12, 23:06  Guy Harris ♦♦ |
(I assume you mean "Linksys WRT110 router" - I couldn't find any WRT110 product on D-Link's Web site, but I did find one on Cisco's page for Linksys products.)
Yes, if either
or
In either case you'll probably have to end up doing continuous captures, which means you'll have a lot of data to dig through if you want to catch them surfing pr0n or whatever.
Probably any sufficiently modern version would do, but the newer, the better - go for the latest 1.8 version.
Yes, as you're using WPA2.
Thus. Note, however, that, atop any WPA2 link-layer encryption, the services they're using might also use, for example, SSL/TLS encryption over TCP. Wireshark can decrypt SSL if it's built with the right support libraries (I don't know what support libraries various versions of Wireshark on various OSes are built with) and RSA key exchange is used and you can provide the RSA keys, as per that documentation. answered 26 Oct '12, 18:16 Guy Harris ♦♦ showing 5 of 6 show 1 more comments |
Thank you Guy Harris. Sorry, I am using Linksys right now. D-Link is my very old one.
Again, I am not that guru when it comes to setting up/configuring these applications so I am hoping for some steps. What I gather from your answer is: - Traffic capture: I use Microsoft Network Monitor since I am running Windows Vista. Hopefully that will be supported on my adapter and driver. - Since my wifi is WPA2 I need to decrypt it Option 1: Use Wireshark (latest is 1.8.3) Option 2: Perhaps I use another tool? - Since there is SSL/TLS encrytption too, again I need to decrypt it Option 1: Use Wireshark Option 2: Use something else
I am not sure if I will get all these combinations right without messing up.
PS: I am not sticking to Wireshark. I just brought it up as an example. In fact I see there are 8 sub-files under (Stable Release 1.8.3) and I am not sure if I need to install all of them. http://www.wireshark.org/download.html
As you're using Windows, Wireshark can't capture in monitor mode (it could capture if you bought an AirPcap adapter).
Yes, you would need to set up decryption for WPA2; I don't know whether Network Monitor can do that, but Wireshark can read captures saved from Network Monitor.
If your kids' internet access includes any secure sites, you'll also have to decrypt SSL/TLS; I don't think Network Monitor can do that.
As for the 8 sub-files, they're 8 different versions of Wireshark, for different operating systems and types of hardware:
The source code is for OSes for which neither the Wireshark developers nor the OS vendor supply a binary version - binaries are supplied for Windows, so that's not an issue.
The OS X versions are, obviously, for OS X, not Windows.
The U3 and PortableApps versions are specialized versions; you put them on a flash drive and stick the flash drive into a machine on which Wireshark isn't installed and run it from the flash drive.
That leaves the Windows Installer versions. If you have a 64-bit PC running 64-bit Windows, you probably want the 64-bit version, as it can handle larger captures; otherwise, you need the 32-bit version, as the 64-bit version won't work.
For an average user this stuff seems complicated. I installed Microsoft Network Monitor and it captures load os stuff and I don't seem successful in understanding what I am capturing. Once I I understand MNM I will move to Wireshark. For the time being all I need is capture Whatsapp conversations on smartphones. If I can get this, I will be more than happy. I searched for that and it doesn't seem there is an easy way.
The straight forward solution is to use e.g., combination of MNM and Wireshark but that is steps above the average user knowledge.
Neither Wireshark nor Network Monitor nor most if not all other network analyzers are designed for people who just want to find out what sites their kids are going to; they're designed for network software developers, network managers and troubleshooters, and other people who need to know technical details about what traffic is going over a network.