wireshark i want to sniff on local ip

Question

I have testing environment set up at home with 2 PC´s.

PC 1 ip = 192.168.1.2

PC 2 ip = 192.168.1.4

Gateway = 192.168.1.1

I am sitting on PC 1.

Both computers are on the internet. I tried simply stuff like, going on google and searching, logging in on gmail, using youtube and other things aka. the same.

I want to sniff the HTTP traffic being send from 192.168.1.4, but with many tries i dident succed.

I tried to apply the filter: ip.src == ...1.2 && ip.dst == ...1.4

I also tried to use the PC 2 wlan card and sniff on the mac address, but no luck.

All i ever got was some weird traffic, but no HTTP traffic.

How do i win this?

Answer 1

you need to perform some kind of Man-in-the-Middle attack in order to retrieve the traffic from a target computer, unless you are sitting on a router/switch/gateway. This can be achieved my ARP spoofing a victim, and then forwarding the victim traffic through your own machine and back to the router. Ettercap is a tool you are probably looking for: Ettercap Website. This can be run on Windows and linux but if your on linux try:

# ettercap -Tq -M ARP /PC2// /GATEWAY//

You should now be able to see PC2 traffic in wireshark. This will also HAVE to be HTTP as you aware, HTTPS would require decryption of the session.

Hope this helps.

Answer 2

If all you are interested in HTTP Traffic interception (and modification) use tools such as https://www.owasp.org/index.php/ZAP or my favourite http://portswigger.net/burp/. Burp has a free and professional edition and it looks like the free edition may be sufficient for your purposes.