Logically thinking, unless you know the IP Address range (if you
planning to do it manually) of the target Wireless network, how will
you put your Wireless NIC in promiscuous mode? Even if you somehow
guessed the network range, and configured your wireless card to some
arbitrary static IP Address, still, unless you are part of the
network, why will the packets reach your NIC? I mean, how will the AP
know, that there is one more NIC within my footprint area, to whom
I've to provide service?
In wireless networking, there is a concept called Association ID
(AID). Unless you have that, you are not considered to be part of the
wireless network and hence, even if you put your wireless NIC in
promiscuous mode, you will not receive any packets except beacon
frames.
More Info:
http://my.opera.com/subjam/blog/wireless-card-promiscuous-mode
http://airsnort.shmoo.com/faq.html
All the best!
---
Nikhil Wagholikar
On 5 July 2010 07:20, Sherif El-Deeb <archeldeeb (at) gmail (dot) com [email concealed]> wrote:
>
> "...In-order to sniff on a network, you obviously need to be connected to that network... Promiscuous mode concept comes after you are connected to the network..."
> No my friend, I'm afraid this is not true with Wireless networks, as in the current case, you CAN sniff the data of a wireless network with a card put in Promiscuous mode "heck, that's the purpose of being promiscuous, being able to capture the data that you can _hear_ but not destined to you"... but to make use of the captured data the wireless network has to be either 1- not encrypted at all 2- WEP encrypted and you know the key, then use airdecap-ng to decrypt the captured data 3- WPA/WPA2 encrypted, you know the key AND YOU CAPTURED THE INITIAL FOUR WAY HANDSHAKE, then you can use airdecap-ng to decrypt the traffic.
> Now to the original question, there are some products that opens PCAP files you got from the sniffing or even do it in realtime that'll do wat you want, you should have googled for "msn sniffer" or "IM sniffer" before posting since this question has been answered before a lot, if you prefer doing things manually, last time I tried I could read messages from wireshark directly with ease after some filtering...
> Sherif Eldeeb.
> On Sun, Jul 4, 2010 at 5:23 PM, Nikhil Wagholikar <visitnikhil (at) gmail (dot) com [email concealed]> wrote:
>>
>> Hi Vinicius,
>>
>> In-order to sniff on a network, you obviously need to be connected to
>> that network. Promisious mode concept comes after you are connected to
>> the network. Also, you need to keep in mind, that sniffing on a
>> switched network is not as straight forward as on Hub network. You
>> need to do something extra like ARP cache poisioning in-order to sniff
>> on switched network, else you'll land up sniffing your own data on
>> given network.
>>
>> All the best!
>>
>> ---
>> Nikhil Wagholikar
>>
>> On 2 July 2010 08:14, Vinicius Menezes <cotomax (at) yahoo (dot) com [email concealed]> wrote:
>> >
>> > Hello guys,
>> >
>> > I´m trying to snif msn/mail messages throw wifi.
>> >
>> > It´s necessary be connected to one specific station or just set promiscus mode to get all traffic?
>> >
>> > Thanks
>> >
>> >
>> >
>> >
>> >
>> > ------------------------------------------------------------------------
>> > This list is sponsored by: Information Assurance Certification Review Board
>> >
>> > Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
>> >
>> > http://www.iacertification.org
>> > ------------------------------------------------------------------------
>> This list is sponsored by: Information Assurance Certification Review Board
>>
>> Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
>>
>> http://www.iacertification.org
>> ------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
Logically thinking, unless you know the IP Address range (if you
planning to do it manually) of the target Wireless network, how will
you put your Wireless NIC in promiscuous mode? Even if you somehow
guessed the network range, and configured your wireless card to some
arbitrary static IP Address, still, unless you are part of the
network, why will the packets reach your NIC? I mean, how will the AP
know, that there is one more NIC within my footprint area, to whom
I've to provide service?
In wireless networking, there is a concept called Association ID
(AID). Unless you have that, you are not considered to be part of the
wireless network and hence, even if you put your wireless NIC in
promiscuous mode, you will not receive any packets except beacon
frames.
More Info:
http://my.opera.com/subjam/blog/wireless-card-promiscuous-mode
http://airsnort.shmoo.com/faq.html
All the best!
---
Nikhil Wagholikar
On 5 July 2010 07:20, Sherif El-Deeb <archeldeeb (at) gmail (dot) com [email concealed]> wrote:
>
> "...In-order to sniff on a network, you obviously need to be connected to that network... Promiscuous mode concept comes after you are connected to the network..."
> No my friend, I'm afraid this is not true with Wireless networks, as in the current case, you CAN sniff the data of a wireless network with a card put in Promiscuous mode "heck, that's the purpose of being promiscuous, being able to capture the data that you can _hear_ but not destined to you"... but to make use of the captured data the wireless network has to be either 1- not encrypted at all 2- WEP encrypted and you know the key, then use airdecap-ng to decrypt the captured data 3- WPA/WPA2 encrypted, you know the key AND YOU CAPTURED THE INITIAL FOUR WAY HANDSHAKE, then you can use airdecap-ng to decrypt the traffic.
> Now to the original question, there are some products that opens PCAP files you got from the sniffing or even do it in realtime that'll do wat you want, you should have googled for "msn sniffer" or "IM sniffer" before posting since this question has been answered before a lot, if you prefer doing things manually, last time I tried I could read messages from wireshark directly with ease after some filtering...
> Sherif Eldeeb.
> On Sun, Jul 4, 2010 at 5:23 PM, Nikhil Wagholikar <visitnikhil (at) gmail (dot) com [email concealed]> wrote:
>>
>> Hi Vinicius,
>>
>> In-order to sniff on a network, you obviously need to be connected to
>> that network. Promisious mode concept comes after you are connected to
>> the network. Also, you need to keep in mind, that sniffing on a
>> switched network is not as straight forward as on Hub network. You
>> need to do something extra like ARP cache poisioning in-order to sniff
>> on switched network, else you'll land up sniffing your own data on
>> given network.
>>
>> All the best!
>>
>> ---
>> Nikhil Wagholikar
>>
>> On 2 July 2010 08:14, Vinicius Menezes <cotomax (at) yahoo (dot) com [email concealed]> wrote:
>> >
>> > Hello guys,
>> >
>> > I´m trying to snif msn/mail messages throw wifi.
>> >
>> > It´s necessary be connected to one specific station or just set promiscus mode to get all traffic?
>> >
>> > Thanks
>> >
>> >
>> >
>> >
>> >
>> > ------------------------------------------------------------------------
>> > This list is sponsored by: Information Assurance Certification Review Board
>> >
>> > Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
>> >
>> > http://www.iacertification.org
>> > ------------------------------------------------------------------------
>> >
>>
>> ------------------------------------------------------------------------
>> This list is sponsored by: Information Assurance Certification Review Board
>>
>> Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
>>
>> http://www.iacertification.org
>> ------------------------------------------------------------------------
>>
>
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
[ reply ]