Posts tagged sniffing

Sniffing Traffic on Your Home Router or Hub

I’ve always knew it was possible to sniff traffic on your home network but every time I tried, I always ended up sniffing ‘management type packets’ (e.g. arp requests, syns, acks, etc). I’d never really seen any useful information come across the wire so I pretty much wrote off the idea of sniffing.

Recently I had done a little deeper dive related to some work I’m doing in class and discovered some of the things I’d done wrong in the past. So here’s a short post on sniffing traffic on your home network. Take a minute to understand the concepts and be responsible with your sniffing activities. (more…)

Sniff Open Wireless Traffic with Mac OS X

Sniffing open wireless traffic can be pretty interesting and entertaining. It’s amazing to see what gets transferred across a network. Just make sure you’re doing it legally.

Sniffing on Mac OS X is very similar to sniffing on any other operating system with a few small caveats.

1. Install MacPorts

This is the best package manager IMHO for OS X. You’ll need to install Apple XCode Developer tools prior to installing MacPorts. The install page details all that information here It’s all very simple double click and install DMG

2. Install Wireshark

Open a Terminal:

nobody@nobody:~$ sudo port install wireshark

If you just start Wireshark at this point, no interfaces will show up. Your user needs to own /dev/bpf in order to use the interfaces.

3. Create a Startup Script

Create this small script in /usr/bin/wireshark_start

osascript -e "do shell script "chown $USER /dev/bpf*" with administrator privileges";
wireshark &

Give it full execute permissions

nobody@nobody:/usr/bin$ sudo chmod +x wireshark_start
4. Configure Wireshark & Start Sniffing

Start Wireshark

nobody@nobody:~$ wireshark_start

Once Wireshark is open, choose Capture->Options, choose Interface ‘en1′, ensure ‘capture packets in monitor mode’ is enabled, click Start!

You should now be capturing packets. You’re pretty much ‘drinking from a fire hose’ so you need to make sure you utilize Wireshark’s Filter section. e.g. to filter http traffic, type in ‘http’ in the filter box and hit apply.

Go to Top