Network monitoring tools

[richy22]

Hi.

Possibly a rather noob or silly question here but here goes...

I want to be able to see what ip addresses certain devices are talking to. Namely a gps app on my phone, it talks to a website to download the maps and I want to see the ip address of the server its talking too.

I have wireshark on my laptop here but all that monitors is the ip addresses that the laptop goes too. Im using a SKY sagemcom f@st2504n router.

Is it even possible to do that?

 

[Adam.]

Wireshark should do it.... :s

I used to use it to grab the ISO image URL that the Microsoft auto downloader used behind the scenes.

 

[Jon.G]

Are you looking for something that produces a log file of all IP's that a device has connected to?

I think maybe a bit more information on the phone/app might be useful. As if its an iPhone for example I doubt you'd be able to upload anything to the phone to see what servers the app was pinging.

 

[Homer-Simpson]

One way would be to use something like fiddler

http://conceptdev.blogspot.co.uk/2009/01/monitoring-iphone-web-traffic-with.html

Depending on how the app gets the maps it might help.

 

[richy22]

I'm using an HTC so android.

When I open up wireshark on the laptop and look for my phones IP address I don't see it pop up, I assumed that was because I was only monitoring what the laptop was doing?

 

[Chapster5]

What about

Spiceworks

Scans the whole network and monitors it and its activity for all devices may be of some help

Free too

 

[Homer-Simpson]

I'm using an HTC so android.

When I open up wireshark on the laptop and look for my phones IP address I don't see it pop up, I assumed that was because I was only monitoring what the laptop was doing?

It is the same concept, just tell your android to use the proxy.

What exactly are you telling wireshark to do? What device are you capturing packets on?

 

[ChrisR]

I'm using an HTC so android.

When I open up wireshark on the laptop and look for my phones IP address I don't see it pop up, I assumed that was because I was only monitoring what the laptop was doing?

Yes by default you'll only see what's passing through your laptop.

What you could do is perform a 'man in the middle' attack on your phone using the laptop so that all the phone traffic goes through the laptop

Or probably easier to get a traffic sniffer installed on the phone, or get some logs off your router.

*edit*

Yeah Homer's post above about using a web proxy such as fiddler or burp is probably easier

 

[sbridgey]

I would use CAIN.

http://www.oxid.it/cain.html

 

[ChrisR]

I would use CAIN.

http://www.oxid.it/cain.html

Aye makes arp poisoning easy as, useful tool.

 

[sbridgey]

I usually use it for snooping on other peoples web browsing.

 

[ChrisR]

tut tut

 

[Homer-Simpson]

Correct me if I am wrong but depending on his hardware he should be able to capture wireless traffic fine with wireshark, if his laptops wireless card/drivers allow him to put it into a monitor mode or promiscuous (if he has associated with the same wireless network) then it should be good to go. Talking him through it though is what made me suggest fiddler etc it will probably be easier for him

 

[ChrisR]

yup with right hardware and software that'll work, but as you say other ways are probably less hassle to explain or sort out.

 

[sn00p]

Use the laptop as a bridge, i.e connect to the Internet via Ethernet and then share the connection via wifi and then you'll be able to use wire shark to capture packets.

The other ways I've done stuff like this in the past is to use a HUB (note hub, not router) because it will send all packets to all ports.

You also need to hope that they're not using SSL, otherwise you won't be seeing anything interesting.

 

[ChrisR]

You also need to hope that they're not using SSL, otherwise you won't be seeing anything interesting.

For what he wants it for it shouldn't matter as he just wants ips.