How to use Wireshark to trace the activity of users on the local network?

E

Emiljen2017-11-10 13:10:47

Wireshark

Emiljen, 2017-11-10 13:10:47

Hello.
Users are connected to a Zyxel Kinetic 4G router. It distributes Wi-Fi, and also through it local computers are connected to the Internet. In the evening, the speed of the Internet drops dramatically, because. many incoming employees come, all with their own tablets and laptops. How to use Wireshark to detect an attacker and what exactly is he downloading?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

O

ololo pishpish, 2017-11-10
@ololopishpishrealne

Wireshark only listens on your interface. The answer to your question is written right in the FAQ: No way.
Ettercap with ARP poisoning can do what you want.

G

Griboks, 2017-11-10
@Griboks

If I understand correctly, you need to scan Wi-Fi traffic and figure out who is taking the speed.
1) We translate the network card into monitor mode. (Wireless network card, of course). Not all cards support this.
2) Set up the network card on the router channel.
3) Actually, we start recording traffic from this same wireless interface. (Already in Wireshark).
4) We are waiting for some time (for example, the whole evening). It is done. Now it would be nice to conveniently view the traffic. To do this, go to the Statistics menu and select something convenient, such as Endpoints or I / O Graph
ps
Or, instead of scanning the air, you can connect to the router by setting up traffic mirroring and record statistics on it. Or the router itself does it. Or look into his firmware ...