If you are using a display filter of eth.addr xx:xx:xx:xx:xx:xx and you are not seeing any information being displayed/sniffed, then the traffic for that MAC address is not passing through the port you're sniffing on.
You can use a list for your MAC's in one display filter, but not a range, unless you switch to IP's instead of MAC's. For instance, tshark -i 1 -R 'eth.addr eq xx:xx:xx:xx:xx:xx or eth.addr eq xx:xx:xx:xx:xx:xx'
IP Sniffer is a suite of IP Tools built around a packet sniffer. The packet sniffer can work on all Windows versions using either: the new raw socket implementation of Windows2000 (driverless), WinPcap (needs to be installed), a NDIS protocol (needs to be installed, no reboot). The sniffer has basic features like filter, decode, replay, parse. To circumvent this, many IP address scanning tools use a different type of packet to check if an IP address is responding. The Best IP Scanners For the Mac. Our selection of IP address scanning tools for the Mac includes both commercial software and free and open-source tools. Most of the tools are GUI-based although some are command-line. Wi-Fi router with OpenWrt to sniff for MAC addresses We need to install a passive security system that keep track of smartphones entering specific areas. Our idea is to use a Wi-Fi router with OpenWrt and develop (or adapt) a module that 'sniff' packet exchange before a smartphone connects to it. Angry IP Scanner. Despite being deceptively simple Angry IP Scanner does exactly what one would.
If you are trying to trace MAC's on the switch you are also connected to, then you'll want to sniff from a port which is spanned/mirrored to the port which has inbound/outbound traffic of that switch, so that you will see all the traffic coming in and out of the switch.
(I'm assuming the traffic you are looking for is traveling to a destination on another switch, outside the network, or at least to your gateway).
By specifying the MAC address filter, eth.addr eq xx:xx:xx:xx:xx:xx you are filtering for all traffic to and from that associated MAC address. Like the MAC address, The LLC logical link control protocol is also layer 2, but is upper sublayer of Data Link Layer and won't affect the ability to capture the traffic unless you specify llc as a filter and there isn't any llc traffic, then you would get the blank screen.
Hope this is helpful,John
- Kali Linux Tutorial
- Kali Linux Useful Resources
- Selected Reading
The basic concept of sniffing tools is as simple as wiretapping and Kali Linux has some popular tools for this purpose. In this chapter, we will learn about the sniffing and spoofing tools available in Kali.
Burpsuite
Burpsuite can be used as a sniffing tool between your browser and the webservers to find the parameters that the web application uses.
To open Burpsuite, go to Applications → Web Application Analysis → burpsuite.
To make the setup of sniffing, we configure burpsuite to behave as a proxy. To do this, go to Options as shown in the following screenshot. Check the box as shown.
In this case, the proxy IP will be 127.0.0.1 with port 8080.
Then configure the browser proxy which is the IP of burpsuite machine and the port.
To start interception, go to Proxy → Intercept → click “Intercept is on”.
Continue to navigate on the webpage that you want to find the parameter to test for vulnerabilities.
In this case, it is metasploitable machine with IP 192.168.1.102
Go to “HTTP History”. In the following screenshot, the line marked in red arrow shows the last request. In Raw and the hidden parameter such as the Session ID and other parameter such as user name and password has been underlined in red.
mitmproxy
mitmproxy is an SSL-capable man-in-the-middle HTTP proxy. It provides a console interface that allows traffic flows to be inspected and edited on the fly.
To open it, go to the terminal and type “mitmproxy -parameter” and for getting help on commands, type “mitmproxy –h”.
To start the mitmproxy, type “mitmproxy –p portnumber”. In this case, it is “mitmproxy –p 80”.
Mac Address Scanner Free Download
Wireshark
Wireshark is one of the best data packet analyzers. It analyzes deeply the packets in frame level. You can get more information on Wireshark from their official webpage: https://www.wireshark.org/. In Kali, it is found using the following path - Applications → Sniffing & Spoofing → wireshark.
Once you click wireshark, the following GUI opens up.
Click “Start” and the packet capturing will start as shown in the following screenshot.
Mac Network Scanner Free
sslstrip
sslstrip is a MITM attack that forces a victim's browser to communicate in plain-text over HTTP, and the proxies modifies the content from an HTTPS server. To do this, sslstrip is 'stripping' https:// URLs and turning them into http:// URLs.
To open it, go to Applications → 09-Sniffing & Spoofing → Spoofing and MITM → sslstrip.
To set it up, write to forward all the 80 port communication to 8080.
Sniff For Mac Addresses Software
Then, start the sslstrip command for the port needed.