3

I am using Windows 10. I just installed Wireshark 2.2.1. I am connected over a wifi network with security type WPA2-Personal. Many people are connected on this same network. I have the password of this wifi. I would like to be informed about 3 things:

  1. What is the step by step approach to redirect other people's packets into my computer using Wireshark?
  2. How to prevent the man in the middle to capture packets from my computer?
  3. Is it illegal to sniff other people's packets?

Thank you

DataMiner
  • 31
  • 2
  • 4
    Please restrict yourself to one problem per question. Apart from that, questions about legality are off-topic here but should be asked at law.stackexchange.com. Also: wireshark is a tool for passive analysis only and can not redirect packets to your system. – Steffen Ullrich Oct 30 '16 at 08:05

1 Answers1

2

What is the step by step approach to redirect other people's packets into my computer using Wireshark?

For this you need to poison the arp cache of target machine , as you are on windows you can use a very powerful tool CAIN for that , that you will be able to watch traffic

you need to add your PSK in wireshark 802.11 setting in preference list 

WPA/WPA2 Enterprise/Rekeys

As long as you can somehow extract the PMK from either the client or the Radius Server and configure the key (as PSK) all supported Wireshark versions will decode the traffic just fine up to the first eapol rekey.

Eapol rekey is often enabled for WPA/WPA2 enterprise and will change the used encryption key similar to the procedure for the initial connect, but it can also be configured and used for pre-shared (personal) mode. Wireshark 2.0 (v1.99.6rc0-454-g1439eb6 or newer) is needed if you want decode packets after a rekey. that as you mentioned you have

How to prevent the man in the middle to capture packets from my computer?

Add a static arp entry of your Local network gateway in your arp table , it will prevent you from arp MIMT for your outbound traffic

But with Client isolation and tempory keys poisoning is that that easy , you need to use a packet craft to posion other client by broadcasting arp using AP mac and gtk key for your broadcast encryption

Is it illegal to sniff other people's packets?

yes , it not a legal deed

Arjun sharma
  • 660
  • 3
  • 20
  • While a static ARP entry will help against ARP spoofing it will not against other techniques for man in the middle, like DHCP spoofing or DNS spoofing. It also does not help if the attacker already has a man in the middle in the path of the packet, i.e. access to mirror port of a router or similar. – Steffen Ullrich Oct 30 '16 at 08:14
  • If dhcp server these servers are not on local network ,like almost always are, than all of these attacks need arp poisioning ..no other aproach – Arjun sharma Oct 30 '16 at 08:49
  • You don't need ARP spoofing for DHCP spoofing since the DHCP request is sent by the client to a broadcast address and the client does not even know from which MAC address the DHCP response should come from. And with DHCP spoofing you can just declare yourself as the gateway and thus you are getting all outgoing packets without the need of ARP poisening. – Steffen Ullrich Oct 30 '16 at 08:53
  • Do yo think , apart from open WiFi, your broadcast will reach other stations ? – Arjun sharma Oct 30 '16 at 08:57
  • The whole idea of a local broadcast as done with a DHCP request is that it reaches all computers inside the local network. DHCP is used to get IP address and gateway and the client just asks loudly in the whole network if anybody has an IP address (and maybe a gateway) for him. – Steffen Ullrich Oct 30 '16 at 08:59
  • It seems intresting ? Want to have conversation over it ? Chat ? Let's c who can convince other ? – Arjun sharma Oct 30 '16 at 09:04
  • Let us [continue this discussion in chat](http://chat.stackexchange.com/rooms/47670/discussion-between-8zero2-ops-and-steffen-ullrich). – Arjun sharma Oct 30 '16 at 09:09