1

I'm using netcat -l 555 option to communicate between two computers on port 555, is there any way I can eavesdrop to whats going on in that conversation from a 3rd computer connected to the same WLAN by listening to the port somehow? (Im arpspoofing and every packet is transfered through my machine first)

Using Kali linux.

Improve this question
4
  • Presumably you could run tcpdump or the like
    – Eric Renouf
    Commented Dec 20, 2016 at 12:06
  • @EricRenouf tcpdump is not showing any closed ports so eavesdropping cant be done.
    – eyal360
    Commented Dec 20, 2016 at 14:52
  • I'm not sure what closed ports have to do with tcpdump, it doesn't need to open any ports to see what packets are out there, similarly, wireshark should be able to find things going over the air nearby so Mark's suggestion could well solve your problem
    – Eric Renouf
    Commented Dec 20, 2016 at 15:14
  • @EricRenouf thanks for the comment, actually in WLAN wireshark only captures packets(in the entire network) in LLC protocol which, you can say, is "raw formation", and im looking for the TCP formation which has the data on its payload without any encryption whatso-ever.
    – eyal360
    Commented Dec 20, 2016 at 19:47

1 Answer 1

Reset to default
2

Wireshark is a great tool for packet debugging. You can set up a display or capture filter and listen for that port.

tcp.port == 555

Also a nice link on the wireshark wiki on capture filters. https://wiki.wireshark.org/CaptureFilters

Improve this answer
10
  • maybe I should have mentioned that im eavesdropping from a 3rd computer and the entire communication is wireless on the same WLAN
    – eyal360
    Commented Dec 20, 2016 at 14:32
  • So why can't you run wireshark on that third computer?
    – FMaz
    Commented Dec 20, 2016 at 16:15
  • If you are unable to, it might be due to network driver not supporting promiscuous mode, but I never encountered such adapter/driver.
    – loa_in_
    Commented Dec 20, 2016 at 17:16
  • @Krazor because wireshark only show the packets payload if it is sent to you, if you are sniffing every packet in the WLAN then it captures it in "LLC protocol formation" which is a sub-layer above the first layer and below the second layer and in charge of communication and transfering information , hence Im looking for a tool to eavesdrop the specific port on the specific host, that way I will get the TCP protocol with the right information and not the LLC protocol one which is more general.
    – eyal360
    Commented Dec 20, 2016 at 19:43
  • @loa_in_ it does support promiscuous and monitor mode.
    – eyal360
    Commented Dec 20, 2016 at 19:43

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .