Hello guys, i decided to come here as my very last resort. I searched maybe the entire google for about 1 week, this is driving me insane. So here's the issue: I own a very small company, and i want to check if my employees are playing farmville or using facebook or whatever sites of that kind, instead of working. So, i'm not going to install remote software, because those are their computers, and i don't want to break that privacy of course. Some friends told me about this program. Here's what i did: 1 - Installed wireshark and winpcap on my computer 2 - started the scan on my wlan interface I did enter on some sites, and it's awesome, i can see what's going on. But soon i realized...that's my own traffic only. I can't see nothing about my employees traffic. So as i was searching google, i found out about the promiscuous mode. Well, i tried both ways, turned it on and off. doesn't help. So i got other friend that said: Hey that sucks on windows, try booting into "backtrack linux dist" , it comes with wireshark and sure will work. Funny thing, i tried backtrack and i can see the computer names on my network, some stuff going on, but that's it. I still can't see any "http" traffic from them. I want to make sure if it's my computer problem, my NIC problem or whatever, so i can buy a proper card or maybe a usb network card? what you guys think? thanks in advance asked 08 Feb '11, 07:54  JackLopez |
3 Answers:
Sometimes switch can be the problem. Once an intelligent switch senses the best rout to send traffic, you could be left out of the so called "loop". Check out "Port Mirroring" switches like this one: NetGear GS108T Just a thought answered 08 Feb '11, 08:17  drewcrewof2 |
Thanks so much. Since i got your reply, i've been reading a lot on that matter. yeah, i will never get anything with my router. i'm gonna check the prices on that one, thanks! answered 08 Feb '11, 09:14 JackLopez I don't think buying a switch will help unless you force your employees to use it by shutting down WLAN for them and having them use a cable connection to that switch. Which is a valid strategy of course, but not a very subtle one if you want to avoid their attention to what you're trying to do ;-) (08 Feb '11, 10:38) Jasper ♦♦ |
You're stumbling over the typical WiFi capture problem - on Windows you can't capture WLAN with Wireshark unless using a special USB capture adapter ("AirPCAP") sold by CaceTech. Check the answer Landi gave on this question: can't capture network traffic Regarding backtrack: it should work, but you still might have to enable monitor mode on the wireless card for Wireshark to see all frames. answered 08 Feb '11, 10:23  Jasper ♦♦ |
He's trying to capture wireless traffic, as in "no cable" -> no switch - you might want to re-read his problem description ;-)