This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Discovering wireshark

0

Hello guys

Since a few weeks, I started using Wireshark, an amazing program. I discovered some vids on youtube about sniffing etc, so I decided to do some network sniffing on my own network in order to steal my own cookies.

First, I ran 2 browsers on my laptop while capturing my network. On one browser, I logged in onto an website (HTTP) ... I saw results as 'GET...' and so on. Here, I could find my cookies and paste them in Firefox using Greasemonkey.

Now... I ran into a strange thing. I wanted to try this using 2 laptops instead of 2 browsers on 1 laptop. The problem that I encountered is that I didn't receive results such as 'GET...' and so on, but more notifications like 'NOTIFY...'. I looked at different places to find the cookies, but I didn't find it.

The 2 laptops were connected to the same network, on my laptop, the monitor mode was selected (for my router) and the website did have HTTP.

Now... Could anyone tell me what I did wrong? Or do I have to give some more information?

Thank you!

asked 02 Feb '15, 08:21

Olivierm_'s gravatar image

Olivierm_
1111
accept rate: 0%

How are the laptops connected to the router?

(02 Feb '15, 08:28) grahamb ♦

I used a wireless connection (WPA2 secured)

(02 Feb '15, 09:02) Olivierm_

And what is the OS on the 2 laptops?

(02 Feb '15, 09:48) grahamb ♦

One runs os x yosemite and the other windows 7

(02 Feb '15, 13:55) Olivierm_

One Answer:

0

How did you capture? Did you use the second laptop, hoping to capture what the first laptop was doing? If so, you won't get the packets you want unless you configure your network for the capture, e.g. by setting up a SPAN port on a configurable switch.

See http://wiki.wireshark.org/CaptureSetup/Ethernet for more information about capture setups.

answered 02 Feb '15, 08:28

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

Well indeed, I used my laptop (let's say nr. 1) to capture what laptop nr 2 was doing. So: with laptop nr 2, I logged in on a site in order to see, or discover, the cookies via Wireshark on laptop nr 1.

(02 Feb '15, 09:06) Olivierm_

If you're using wireless, you'll probably not be able to decrypt the packets of the laptop no. 2, unless you have the secret key of the access point and captured the full WiFi connection setup.

(02 Feb '15, 09:48) Jasper ♦♦

I also thought of that, but even when I changed my router into an open network, with no security settings, I didn't see anything... That would be like if I was in a shop with an open network sniffing the network, but did not see the right packets. Or not?

(02 Feb '15, 13:57) Olivierm_