tcpdump picking up everything on wireless network

casperdaghost · 03-23-2013, 04:39 PM

tcpdump -XX -vvv -s0 -i en1
used the above command to check out what is getting published on the network. this messages is between my wife's computer 192.168.1.5 and this network device called a sonos 192.168.1.4 - it s an external stero system - it is currently playing the pandora playlist from the wifes computer . my ip address is 192.168.1.7. i am connected to a wireless router which i is 192.168.1.1

my question is I really do not understand why i am picking up this traffic since it is listed from 192,168.1.4 to 1.5 and i am 192.168.1.7

like i did not think i cold pick up traffic directed to another ip address

Code:


11:41:08.944300 IP (tos 0x0, ttl 64, id 38119, offset 0, flags [DF], proto TCP (6), length 1500) 192.168.1.4.td-postman > 192.168.1.5.csms2: ., cksum 0x430d (correct), 1:1449(1448) ack 1 win 5840 <nop,nop,timestamp 289995991 654466042>
    0x0000:  20c9 d0b9 3269 000e 585a 4a52 0800 4500  ....2i..XZJR..E.
    0x0010:  05dc 94e7 4000 4006 1cdb c0a8 0104 c0a8  ....@.@.........
    0x0020:  0105 0419 0d48 0f98 6828 585e 5404 8010  .....H..h(X^T...
    0x0030:  16d0 430d 0000 0101 080a 1148 fcd7 2702  ..C........H..'.
    0x0040:  5bfa 4e4f 5449 4659 202f 6e6f 7469 6679  [.NOTIFY./notify
    0x0050:  2048 5454 502f 312e 310d 0a48 4f53 543a  .HTTP/1.1..HOST:
    0x0060:  2031 3932 2e31 3638 2e31 2e35 3a33 3430  .192.168.1.5:340
    0x0070:  300d 0a43 4f4e 5445 4e54 2d54 5950 453a  0..CONTENT-TYPE:
    0x0080:  2074 6578 742f 786d 6c0d 0a43 4f4e 5445  .text/xml..CONTE
    0x0090:  4e54 2d4c 454e 4754 483a 2036 3836 330d  NT-LENGTH:.6863.
    0x00a0:  0a4e 543a 2075 706e 703a 6576 656e 740d  .NT:.upnp:event.
    0x00b0:  0a4e 5453 3a20 7570 6e70 3a70 726f 7063  .NTS:.upnp:propc
    0x00c0:  6861 6e67 650d 0a53 4944 3a20 7575 6964  hange..SID:.uuid
    0x00d0:  3a52 494e 434f 4e5f 3030 3045 3538 3541  :RINCON_000E585A
    0x00e0:  3441 3532 3031 3430 305f 7375 6230 3030  4A5201400_sub000
    0x00f0:  3030 3030 3139 370d 0a53 4551 3a20 3430  0000197..SEQ:.40
    0x0100:  0d0a 0d0a 3c65 3a70 726f 7065 7274 7973  ....<e:propertys
    0x0110:  6574 2078 6d6c 6e73 3a65 3d22 7572 6e3a  et.xmlns:e="urn:
    0x0120:  7363 6865 6d61 732d 7570 6e70 2d6f 7267  schemas-upnp-org
    0x0130:  3a65 7665 6e74 2d31 2d30 223e 3c65 3a70  :event-1-0"><e:p
    0x0140:  726f 7065 7274 793e 3c4c 6173 7443 6861  roperty><LastCha
    0x0150:  6e67 653e 266c 743b 4576 656e 7420 786d  nge>&lt;Event.xm
    0x0160:  6c6e 733d 2671 756f 743b 7572 6e3a 7363  lns=&quot;urn:sc
    0x0170:  6865 6d61 732d 7570 6e70 2d6f 7267 3a6d  hemas-upnp-org:m
    0x0180:  6574 6164 6174 612d 312d 302f 4156 542f  etadata-1-0/AVT/
    0x0190:  2671 756f 743b 2078 6d6c 6e73 3a72 3d26  &quot;.xmlns:r=&
    0x01a0:  7175 6f74 3b75 726e 3a73 6368 656d 6173  quot;urn:schemas
    0x01b0:  2d72 696e 636f 6e6e 6574 776f 726b 732d  -rinconnetworks-
    0x01c0:  636f 6d3a 6d65 7461 6461 7461 2d31 2d30  com:metadata-1-0
    0x01d0:  2f26 7175 6f74 3b26 6774 3b26 6c74 3b49  /&quot;&gt;&lt;I
    0x01e0:  6e73 7461 6e63 6549 4420 7661 6c3d 2671  nstanceID.val=&q
    0x01f0:  756f 743b 3026 7175 6f74 3b26 6774 3b26  uot;0&quot;&gt;&
    0x0200:  6c74 3b54 7261 6e73 706f 7274 5374 6174  lt;TransportStat
    0x0210:  6520 7661 6c3d 2671 756f 743b 504c 4159  e.val=&quot;PLAY
    0x0220:  494e 4726 7175 6f74 3b2f 2667 743b 266c  ING&quot;/&gt;&l
    0x0230:  743b 4375 7272 656e 7450 6c61 794d 6f64  t;CurrentPlayMod
    0x0240:  6520 7661 6c3d 2671 756f 743b 4e4f 524d  e.val=&quot;NORM
    0x0250:  414c 2671 756f 743b 2f26 6774 3b26 6c74  AL&quot;/&gt;&lt
    0x0260:  3b43 7572 7265 6e74 4372 6f73 7366 6164  ;CurrentCrossfad
    0x0270:  654d 6f64 6520 7661 6c3d 2671 756f 743b  eMode.val=&quot;
    0x0280:  3026 7175 6f74 3b2f 2667 743b 266c 743b  0&quot;/&gt;&lt;
    0x0290:  4e75 6d62 6572 4f66 5472 6163 6b73 2076  NumberOfTracks.v
    0x02a0:  616c 3d26 7175 6f74 3b38 2671 756f 743b  al=&quot;8&quot;
    0x02b0:  2f26 6774 3b26 6c74 3b43 7572 7265 6e74  /&gt;&lt;Current
    0x02c0:  5472 6163 6b20 7661 6c3d 2671 756f 743b  Track.val=&quot;
    0x02d0:  3426 7175 6f74 3b2f 2667 743b 266c 743b  4&quot;/&gt;&lt;
    0x02e0:  4375 7272 656e 7453 6563 7469 6f6e 2076  CurrentSection.v
    0x02f0:  616c 3d26 7175 6f74 3b30 2671 756f 743b  al=&quot;0&quot;
    0x0300:  2f26 6774 3b26 6c74 3b43 7572 7265 6e74  /&gt;&lt;Current
    0x0310:  5472 6163 6b55 5249 2076 616c 3d26 7175  TrackURI.val=&qu
    0x0320:  6f74 3b70 6e64 7272 6164 696f 2d68 7474  ot;pndrradio-htt
    0x0330:  703a 2f2f 6175 6469 6f2d 7376 352d 7431  p://audio-sv5-t1
    0x0340:  2d33 2e70 616e 646f 7261 2e63 6f6d 2f61  -3.pandora.com/a
    0x0350:  6363 6573 732f 3630 3733 3730 3235 3034  ccess/6073702504
    0x0360:  3437 3932 3439 3532 393f 7665 7273 696f  479249529?versio
    0x0370:  6e3d 3426 616d 703b 616d 703b 6c69 643d  n=4&amp;amp;lid=
    0x0380:  3130 3035 3131 3833 3926 616d 703b 616d  100511839&amp;am
    0x0390:  703b 746f 6b65 6e3d 7271 7341 386a 7977  p;token=rqsA8jyw
    0x03a0:  4859 6734 4570 364a 6761 4274 567a 4d54  HYg4Ep6JgaBtVzMT
    0x03b0:  434e 4833 6a25 3242 5450 444b 5364 4a78  CNH3j%2BTPDKSdJx
    0x03c0:  6435 7825 3242 5676 396e 7571 3269 3161  d5x%2BVv9nuq2i1a
    0x03d0:  4773 774f 6b39 6d44 496e 5165 4438 6e71  GswOk9mDInQeD8nq
    0x03e0:  496b 4967 4d25 3242 4172 3934 3244 6352  IkIgM%2BAr942DcR
    0x03f0:  3975 6972 5245 5058 5959 6c51 3546 5250  9uirREPXYYlQ5FRP
    0x0400:  5754 5171 7036 734a 3152 7032 4768 5a64  WTQqp6sJ1Rp2GhZd
    0x0410:  6771 506c 4b45 4c49 594b 6561 3151 6925  gqPlKELIYKea1Qi%
    0x0420:  3242 7025 3246 6f47 7874 5a58 496c 786f  2Bp%2FoGxtZXIlxo
    0x0430:  2532 4233 7361 7775 3662 6a69 564f 4e55  %2B3sawu6bjiVONU
    0x0440:  574f 5239 7a41 5669 656e 4565 6f57 5576  WOR9zAVienEeoWUv
    0x0450:  4e76 4365 5625 3242 6a71 6f35 4325 3242  NvCeV%2Bjqo5C%2B
    0x0460:  4a59 326b 3132 5a64 4b35 4771 7850 466f  JY2k12ZdK5GqxPFo
    0x0470:  3257 4357 4c5a 7078 6a33 7a73 5855 4736  2WCWLZpxj3zsXUG6
    0x0480:  5278 766f 7468 4777 5176 3461 5034 7470  RxvothGwQv4aP4tp
    0x0490:  3363 4351 5147 5137 2532 4631 4825 3242  3cCQQGQ7%2F1H%2B
    0x04a0:  4438 6469 4c54 4430 4f71 4625 3242 6572  D8diLTD0OqF%2Ber
    0x04b0:  5068 594d 6358 597a 6e50 3652 3464 346f  PhYMcXYznP6R4d4o
    0x04c0:  4254 346c 4359 7769 5136 7269 7359 7443  BT4lCYwiQ6risYtC
    0x04d0:  716c 3572 784c 6655 7133 6845 4e34 4649  ql5rxLfUq3hEN4FI
    0x04e0:  4b33 436c 6e6d 7245 3865 417a 6e42 6c42  K3ClnmrE8eAznBlB
    0x04f0:  6233 3944 6e6a 4d67 6275 4952 5675 7343  b39DnjMgbuIRVusC
    0x0500:  6237 4433 6b6a 616d 566f 6431 4a51 2661  b7D3kjamVod1JQ&a
    0x0510:  6d70 3b61 6d70 3b61 3d68 7474 7025 3361  mp;amp;a=http%3a
    0x0520:  2532 6625 3266 636f 6e74 2d63 6831 2d31  %2f%2fcont-ch1-1
    0x0530:  2e70 616e 646f 7261 2e63 6f6d 2532 6669  .pandora.com%2fi
    0x0540:  6d61 6765 7325 3266 7075 626c 6963 2532  mages%2fpublic%2
    0x0550:  6661 6d7a 2532 6638 2532 6632 2532 6638  famz%2f8%2f2%2f8
    0x0560:  2532 6630 2532 6630 3830 3330 3230 3136  %2f0%2f080302016
    0x0570:  3038 3238 5f35 3030 575f 3530 3048 2e6a  0828_500W_500H.j
    0x0580:  7067 2661 6d70 3b61 6d70 3b6d 3d31 3932  pg&amp;amp;m=192
    0x0590:  3265 6136 3231 6535 3438 3563 6263 3866  2ea621e5485cbc8f
    0x05a0:  3965 6162 3761 6362 3366 3261 3866 3438  9eab7acb3f2a8f48
    0x05b0:  3239 3030 3635 3030 3830 3731 3937 3834  2900650080719784
    0x05c0:  6330 3234 6136 6465 3066 3732 3036 3532  c024a6de0f720652
    0x05d0:  3134 3631 3763 3162 3665 3964 3263 6137  14617c1b6e9d2ca7
    0x05e0:  6363 3235 6137 3363 3865                 cc25a73c8e

acid_kewpie · 03-23-2013, 05:19 PM

All traffic on that interface will be captured and displayed. This doesn't happen on a wired netwrok these days as with a switch connecting multiple machines, the traffic is never placed on the cable your machine is connected to. This didn't used to be the case with hubs, but that's (almost totally) ancient history now. But all wireless recievers can always see all traffic on the network as it's literally in the air, there is no mechanism by which it's not readable by all devices that are correctly connected to that AP. All devices MUST see all traffic, as there's nothing else to say whether it is for them or not.

casperdaghost · 03-23-2013, 05:39 PM

so my neighbor could potentially see my wife's playlist?

acid_kewpie · 03-23-2013, 05:43 PM

no, it's only for devices on the same ESSID. So actually... no, not unless you've bad security on your home router and they steal your wifi.