Kenta Kentson wrote:
I'm new to wireshark and have just started to learn it, but I'm having
problems monitoring my network.
In my network there are three stationary computers, the one I have
wireshark on is the only linux (ubuntu) one I have. (The other ones are
windows.) Well to get to my problem..
192.168.1.6-----------|
Hub-----|
192.168.1.4-----------| |
Router (Switch?) 192.168.1.1?
192.168.1.2---------------------|
Well, when I run wireshark on my own computer (192.168.1.6) or the one
connected too the same hub it works flawless. But when I'm trying to
sniff 192.168.1.2 or 192.168.1.1 (which is the router, right?) I hardly
get anything. When I'm sniffing 192.168.1.1 I get a few random pakates
and when I'm sniffing 192.168.1.2 I don't get anything.
I would be glad for any help I could get, thanks in advance, kenta.
Read:
http://wiki.wireshark.org/CaptureSetup
particularly the part about switches.
Oh, and one other thing. I'm been playing around sending messages over
msnms from one of my computer to another, I was happily surprised to
find out that you actually could find/sniff the messages with wireshark.
Mail on the other hand is much harder, I now they go through port 25,
but it seems like finding what they contains is hard to find out,
encryption?
But if they are encrypted, shouldn't I be able to sniff the key as well?
I should hope not! Else it would defeat the purpose of the encryption
(which is to prevent eavesdroppers--which is what you are when using
Wireshark--from seeing what is being transmitted). Wireshark can
decrypt some (extremely weak) encryptions and also some strong ones if
you give it the right information (the key) but the key should not be on
the wire (so as to make it hard to decrypt).
