How would I setup a Man-in-the-middle scenario with windows XP. Wireshark is capturing all packets to the man-in-the-middles's ip but won't pass it through to the end device. It seems I can only capture off one Interface at a time. asked 17 Sep '10, 06:50  jbajema |
4 Answers:
As @SYNbit points out, Wireshark only captures traffic. It doesn't modify or retransmit them. You should be able to bridge the interfaces in XP, then capture traffic on one of the physical interfaces or on the bridge. On Ubuntu you can bridge interfaces using brctl. answered 17 Sep '10, 08:55  Gerald Combs ♦♦ |
I was distracted by the "man-in-the-middle" title, this usually means some active program doing decryption and re-encryption or some data injection. If the whole purpose is to sit in between a connection and capture all the traffic, you might want to use a switch with port mirroring capabilities. You can than attach your PC with wireshark to the configured mirroring port to see all traffic to/from the system that you want to monitor. There are a couple of low-price switches offering you this capability: (For the netgear, check the online forum. It does some strange stuff with icmp that has been solved in a beta release of the software. And it can only be configured with a little windows based program) answered 18 Sep '10, 00:13  SYN-bit ♦♦ |
That is because Wireshark is not man-in-the-middle software and therefore does not forward packets. It's a diagnostics tool to analyze network traffic with. answered 17 Sep '10, 07:24 SYN-bit ♦♦ |
Building the bridge and monitoring it works... for a bit, then blue screens the pc. But at least I can capture the info I require, Thanks gerald answered 17 Sep '10, 21:15 jbajema Please use "add new comment" to respond to answers. This will keep your response next to the "answer" that you are responding to, while an "answer" will move up and down depending on the votes it gets. You can use "More -> Convert to comment" to change your "answer" into a comment... (18 Sep '10, 00:16) SYN-bit ♦♦ Cool! I hadn't noticed the "Convert to comment" feature! @jbajema I tested it using one of your other answers. Hope that's OK. (18 Sep '10, 17:48) Gerald Combs ♦♦ |
I don't beleive that is correct as I have seen it done with Ubuntu. I am trying to do the same thing in the windows environment with the exact laptop and external ethernet adapter with no luck.