This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

HI everyone

So I am trying some experimentation: I have disabled wifi security and i go on http website. If I capture from my PC I can see my trafic and can get my password and login send without security. If I ask some one to go on this website from an other pc I can see everything where is going but I can't see his password.

How it's possible ??

NB:I am on ubuntu and he is on windows .

thank you for explanation

This question is marked "community wiki".

asked 13 Dec '11, 13:04

vring6's gravatar image

vring6
1112
accept rate: 0%

Have you checked that he is not connecting with https? Do you see any traffic from your friend's computer? There are a number of factors that might influence this; promiscuous mode isn't really one of them. Just because the interface is in promiscuous mode doesn't mean that it will change the upper-layer protocol behaviors.

(13 Dec '11, 14:50) multipleinte...

HI

yes I am on http website, I can see every page he goes, on the same page from my computer i see password and from his computer i am not sure but i seems to be a cookie.

I don't understand

(14 Dec '11, 08:45) vring6

From your comments, I infer that your friend has already logged in to the website before you attempt to capture traffic and that this information is stored in a cookie, resulting in no login credentials being transmitted. Have your friend log out from the website first, and then follow the exact same procedure as you did to log in. This should remove any differences from your setup an your friend's so that you can capture traffic as expected. Of course, this assumes that your friend is cooperative and that you have permission to do this.

permanent link

answered 14 Dec '11, 09:24

multipleinterfaces's gravatar image

multipleinte...
1.3k152340
accept rate: 12%

edited 14 Dec '11, 09:25

Yes I have permission to do this my friend is with me and we try many(login and log out) times because firstly we think not every packet were captured I also try on many website with http and one of mine

(14 Dec '11, 09:33) vring6

Sniffing your own traffic for your password can be a security test (e.g., to see whether an application is sending your password securely). On the other hand, sniffing for other people's passwords is almost always malicious, and IMO, there is no good reason to do it.

(14 Dec '11, 09:57) helloworld

where do you see i am sniffing people's password i am on my own network and my friend is on his laptop with me. I just want to prove that I can see password on http website on unsecure wifi network and for now I can't and I want to understand why because there is no encryption system and i can see where does he goes

(14 Dec '11, 10:03) vring6
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×293
×43
×26

question asked: 13 Dec '11, 13:04

question was seen: 4,246 times

last updated: 14 Dec '11, 10:04

p​o​w​e​r​e​d by O​S​Q​A