Posts tagged sniffing
I’ve always knew it was possible to sniff traffic on your home network but every time I tried, I always ended up sniffing ‘management type packets’ (e.g. arp requests, syns, acks, etc). I’d never really seen any useful information come across the wire so I pretty much wrote off the idea of sniffing.
Recently I had done a little deeper dive related to some work I’m doing in class and discovered some of the things I’d done wrong in the past. So here’s a short post on sniffing traffic on your home network. Take a minute to understand the concepts and be responsible with your sniffing activities. (more…)
Sniffing open wireless traffic can be pretty interesting and entertaining. It’s amazing to see what gets transferred across a network. Just make sure you’re doing it legally.
Sniffing on Mac OS X is very similar to sniffing on any other operating system with a few small caveats.
1. Install MacPorts
This is the best package manager IMHO for OS X. You’ll need to install Apple XCode Developer tools prior to installing MacPorts. The install page details all that information here http://www.macports.org/install.php. It’s all very simple double click and install DMG
2. Install Wireshark
Open a Terminal:
nobody@nobody:~$ sudo port install wireshark
If you just start Wireshark at this point, no interfaces will show up. Your user needs to own /dev/bpf in order to use the interfaces.
3. Create a Startup Script
Create this small script in /usr/bin/wireshark_start
#!/bin/sh osascript -e "do shell script "chown $USER /dev/bpf*" with administrator privileges"; wireshark &
Give it full execute permissions
nobody@nobody:/usr/bin$ sudo chmod +x wireshark_start
4. Configure Wireshark & Start Sniffing
Once Wireshark is open, choose Capture->Options, choose Interface ‘en1′, ensure ‘capture packets in monitor mode’ is enabled, click Start!
You should now be capturing packets. You’re pretty much ‘drinking from a fire hose’ so you need to make sure you utilize Wireshark’s Filter section. e.g. to filter http traffic, type in ‘http’ in the filter box and hit apply.