I know that you can sniff packets from other computer in network by mitm attack using arpspoof, but why to bother if you can turn on monitor mode and sniff all trafic(if I understand correctly monitor mode lets you sniff all packets). Of course I have key to the network so I can decipher it.
Asked
Active
Viewed 760 times
2 Answers
1
You're correct, but only for wireless clients. If you want to trick wired clients into routing their packets to you instead of the real router, you'd want to arpspoof. This way allows you to capture both wired and wireless client's data.
xorist
- 870
- 4
- 15
-
erm, CSMA still uses a shared medium. – symcbean Aug 28 '18 at 11:30
-
Thank you very much. What about promiscuous mode? Is it the same as monitor mode but for ethernet? – Adrian Rudy Dacka Aug 28 '18 at 11:34
-
@Adrian Rudy Dacka, this link should help answer your question. https://security.stackexchange.com/questions/36997/what-is-the-difference-between-promiscuous-and-monitor-mode-in-wireless-networks – xorist Aug 28 '18 at 11:42
1
Because monitor only allows you listen you in. You need arpspoof to invoke a response from a server or interfere with an existing communication channel
symcbean
- 18,278
- 39
- 73