Packet Analyzer

gfisher99 · 06-26-2002

Has anyone found a packet analyzer that easily finds the "workgroup" or "domain" names after finding a Wireless AP? Trying to use ethereal and its kinda tricky to use and you have to sort thru tons of info to find anything.. I am using this in-house at my company to check for security holes... Will be travelling to our other offices soon to check them too. Anyone have anything??

Id appreciate it...

Thanks
G

Base-Head · 06-26-2002

have u tried ettercap? its available at sourceforge.net

richcorbs · 06-26-2002

Assuming that you have associated with the AP and can capture traffic using Ethereal, do the following two things:

1) Set the capture filter to "dst port 138" to minimize the traffic you capture.

2) During a capture set the display filter to "browser.command == 0x0c" (that's zero-x-zero-c). It will capture and display all the Domain/Workgroup announcements broadcast to the local subnet.

After/during the capture, Ethereal's "Info" field should have some text like this:

Domain/Workgroup Announcement WORKGROUP...

where "WORKGROUP" is the name of the domain or workgroup being announced. Getting the info you are after should be as simple as scrolling down through the list.

On my network these announcements happen every 15 minutes or so. I'd probably capture for 30 minutes or so to be sure I got everything.

Hope this helps.

Rich

-Long time registered user, first time poster.

gfisher99 · 06-26-2002

trying that right now, thanks for the quick replies!!!

G

apoLLon · 06-26-2002

just tried this out and it works great !!

thanx for the hint

06-26-2002	#1 (permalink)
gfisher99 Registered Member Join Date: Jun 2002 Posts: 4	Packet Analyzer Has anyone found a packet analyzer that easily finds the "workgroup" or "domain" names after finding a Wireless AP? Trying to use ethereal and its kinda tricky to use and you have to sort thru tons of info to find anything.. I am using this in-house at my company to check for security holes... Will be travelling to our other offices soon to check them too. Anyone have anything?? Id appreciate it... Thanks G

06-26-2002	#2 (permalink)
Base-Head Registered Member Join Date: Jun 2002 Location: so cal : ) Posts: 21	have u tried ettercap? its available at sourceforge.net __________________ i r newbie

06-26-2002	#3 (permalink)
richcorbs Registered Member Join Date: Apr 2002 Location: Utah Posts: 7	browser.command == 0x0c Assuming that you have associated with the AP and can capture traffic using Ethereal, do the following two things: 1) Set the capture filter to "dst port 138" to minimize the traffic you capture. 2) During a capture set the display filter to "browser.command == 0x0c" (that's zero-x-zero-c). It will capture and display all the Domain/Workgroup announcements broadcast to the local subnet. After/during the capture, Ethereal's "Info" field should have some text like this: Domain/Workgroup Announcement WORKGROUP... where "WORKGROUP" is the name of the domain or workgroup being announced. Getting the info you are after should be as simple as scrolling down through the list. On my network these announcements happen every 15 minutes or so. I'd probably capture for 30 minutes or so to be sure I got everything. Hope this helps. Rich -Long time registered user, first time poster. Last edited by richcorbs : 06-26-2002 at 12:52 PM.

06-26-2002	#5 (permalink)
apoLLon Olymp's Stumbler Join Date: May 2002 Location: /dev/null Posts: 64	just tried this out and it works great !! thanx for the hint __________________ \|<€€þ !ŧ ®€4\|_, apoLLon ..:: All your 802.11b are belong to us ::..

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

06-26-2002	#4 (permalink)
gfisher99 Registered Member Join Date: Jun 2002 Posts: 4	trying that right now, thanks for the quick replies!!! G