one more thing, it only seems like my activity is being put up onto wire shark and im in a college dorm so i know im not the only one on. any idea why it is like that and how can i change it?
Seems like you are on a switched network which means only traffic directed to your client will be send to your machine (network card). Thats basically the difference between a hub and a switch. If you were connected to a hub you would see all traffic cause the hub just sends out the data to all connected clients. Wireless Access Points work the same way as a hub. There are some other things you are able to see cause they are send as a broadcast (directed to all clients on a subnet) which brings us to your next question.
on my server there are lines that are saying stuff like "hey who is xxx.xxx.xxx.xxx respond to xx.xxx.xxx.xxx" and i was wondering how to send packets like that to the router
This is a standard ARP request and a pretty good example for traffic that is send as broadcast. ARP is a layer 2 protocol and every client has a ARP table which gets dynamically updated in a specific time interval. The ARP table is used to create a IP Address - MAC binding. You can use tools like ettercap or you can script your own with python/scapy (its the most simple way) to perform ARP Protocol based attacks. This for example would be a way to capture traffic which is normally not visible for you (just a very basic explanation). If you want to learn more about ARP and the attack and the way network administrators are able to stop it please read this one (shameless plug.. lol)
http://evilzone.org/tutorials/network-securtiy-features-and-how-to-get-pass-part-1-dynamic-arp-protection/EDIT:
lol.. I really had the feeling I am repeating what I already said and it is true. Its the third reply on the first page of that thread
+1 Very good... couldn't havb done it better by myself and I am using wireshark nearly everyday for my job. Nice that you mentioned that wireshark can even be used for doing good stuff like hunting network performance issues (e.g. looking for TCP Retransmissions and analyse why you have them).
Now that you have explained how people can find interessting stuff in a capture file they surely want to know how to capture stuff. I just want to add some ideas for further reading. You need to know that your capture quality depends on the point where you are capturing. For doing some analysis you should capture on both machines, the sender and the recipiant and compare your results later. Normally you will capture on your own box and for this you will only be able to see the traffic regarding your own machine (and some broadcasts like DHCP Discover and Request). Some things you can use to see a little bit more.
1. If you have access to a managed network switch you can implement a mirror port
2. Do some ARP poisoning like I have explained http://evilzone.org/tutorials/network-securtiy-features-and-how-to-get-pass-part-1-dynamic-arp-protection/
3. You can use some DHCP attacks (I am writing on a tutorial about that at the moment)
4. Use a Network Tab (google for it, they can be easily build by yourself)
Do you know the difference between a switch and a hub? Basically the switch only sends the traffic to the regarding port while a hub just sends it out to all ports. This means a hub is very nice for capturing. As I said before, an WLAN accesspoint is just working the same way as a hub.
Again... thanks for that great tutorial. You will become a great networking guy if you go on with this.
You guys should just read all posts on a thread before you start to ask questions.. lol
@Griffon Bossi: please edit your post and do not double post. If skidiot.h sees this he will not be amused
Damn.. nearly forgot it.. you guys really make me jealous. Can I join the Buttseckz Daemon, skidiot?.. we can make it a real orgy
lol
