Skip to content
Permalink
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

debookee/docs/module_na.rst

Go to file
 
 
Cannot retrieve contributors at this time
NA --- Network Analysis Module NA Module Raw packets of your targets with Wireshark
40 lines (26 sloc) 1.47 KB
Raw Blame
Open in GitHub Desktop

NA --- Network Analysis Module

NA Module

The NA module analyzes in real-time the network traffic of your own Mac and :ref:`intercepted targets <mitm>`.

It currently supports:

  • HTTP
  • DNS
  • TCP
  • DHCP
  • SIP & RTP (VoIP) protocols.

Raw packets of your targets with Wireshark

Some users need more details (or raw data) and use Wireshark for their own traffic. Unfortunately, Wireshark can't intercept traffic like Debookee does, and they can't see their iPhone/Android/Fridge/... raw data.

One idea is to use both Debookee and Wireshark at the same time:

  • Find and select your target with LanScan
  • Launch the NA module to start the interception, but ignore the NA results
  • Start Wireshark on your Mac: you'll see your own traffic as well as the intercepted target's traffic

Tip

For each packet, Wireshark will see the packets coming to your Mac, and the same packet retransmitted transparently by the Mac. Target's traffic in that case will be doubled in Wireshark and you'll see all packets duplicated.

To filter, one idea of display filter could be to hide all outgoing packets of your targets like: !(eth.src == mac_address_of_my_mac && ip.src != ip_of_my_mac) && !(eth.dst == mac_address_of_my_mac && ip.dst != ip_of_my_mac)