Hi,
>From my machine, is it possible to sniff all network packets at
the network gateway? Is it possible to sniff all packets at my subnet?
The reason I want to do the above is, I want to capture all the google search
queries in a subnet. The search queries are unencrypted and part of the packet
looks like this:
0030 fe c8 61 cc 00 00 47 45 54 20 2f 73 65 61 72 63 ..a...GE T /searc
0040 68 3f 68 6c 3d 65 6e 26 6c 72 3d 26 71 3d 74 61 h?hl=en& lr=&q=ta
0050 72 75 6e 2b 26 62 74 6e 47 3d 53 65 61 72 63 68 run+&btn G=Search
0060 20 48 54 54 50 2f 31 2e 31 0d 0a 48 6f 73 74 3a HTTP/1. 1..Host:
0070 20 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0d www.goo gle.com.
0080 0a 55 73 65 72 2d 41 67 65 6e 74 3a 20 4d 6f 7a .User-Ag ent: Moz
0090 69 6c 6c 61 2f 35 2e 30 20 28 57 69 6e 64 6f 77 illa/5.0 (Window
00a0 73 3b 20 55 3b 20 57 69 6e 64 6f 77 73 20 4e 54 s; U; Wi ndows NT
00b0 20 35 2e 31 3b 20 65 6e 2d 55 53 3b 20 72 76 3a 5.1; en -US; rv:
I captured the above packet from my local machine itself using ethereal. I can
easily extract the search query from the above packet.
I was wondering if it was possible capture all the search queries within the
subnet that I am a part of, using ethereal or any other tool.
Here are some details that may be helpful:
Connection-specific DNS Suffix . : resnet.purdue.edu
Description . . . . . . . . . . . : Linksys LNE100TX Fast Ethernet
Adapter(LNE100TX v4)
Physical Address. . . . . . . . . : XX-XX-XX-XX-XX-XX
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 128.211.200.XXX
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 128.211.200.1
DHCP Server . . . . . . . . . . . : 128.210.11.72
DNS Servers . . . . . . . . . . . : 128.210.11.57
128.210.11.5
Primary WINS Server . . . . . . . : 128.210.10.43
Thanks,
Tarun