How do I capture all packets on local wifi network using Wireshark settings -

monitoring wifi wireshark sniffing promiscuous
23,911

Ok. After your comments and update, I will try to answer, even though I'm still not sure I'm getting the question right.

I guess you have 2 WiFi devices, lets call "host" the legitimate network device connected to the AP/Router and "sniffer" the one trying to capture the traffic.

If the WiFi network was open (as in, no encryption whatsoever), then you could simply "hear" with the sniffer in monitor/promiscuous mode.

Alas, the WiFi network is encrypted, so, you usually would need first to monitor the traffic to crack that encryption (WEP or WPA2, the latter being the de facto standard this days and the former being absolutely useless, both are vulnerable). The sniffer would try to use one of the cracking methods to get the key.

So, once you have the key for the encrypted network, it's just a matter of entering it in the configuration for Wireshark, so it decrypts before processing:

Edit -> Preferences -> Protocols -> IEEE 802.11

Here you should enable the Enable Decryption checkbox for this, and enter your PSK clicking New, selecting wpa-pwd if you wish to enter the PSK in plaintext, and wpa-psk if you want to get the 256bit key passphrase.

You should now be able to see the traffic that was encrypted due to WPA2. If there is any plain-HTTP traffic, you should see it too.

You could read more in this (very nice) tutorial, which also has screenshots.

Share:
23,911

Related videos on Youtube

user3.1415927
Author by

user3.1415927

Updated on September 18, 2022

Comments

  • user3.1415927
    user3.1415927 over 1 year

    I'm attempting to replicate a 'wifi cafe' setup in a home lab environment. I'd like to demonstrate that unencrypted (non-HTTPS) network traffic on a wifi network can be viewed by other wireless devices. I've seen this in action (ala firesheep) on a wired network.

    I have wireshark configured properly to capture on the wireless interface. I am also able to see and capture 802.11 packets using monitor mode, but I cannot see their content.

    Monitor Mode

    Data is seen

    What settings am I missing, or do I need to decode the WPA2 passphrase to view the data?

    Various settings options

    If I need the passphrase, I have it (given that this is my lab network). If this is the case, is there software to decrypt the data after it has been recorded?

    Update for context and more information for @Leo:

    When I started this process, I used promiscuous mode on the en0 interface (wireless) on a macbook air. I was able to detect network traffic from my local computer to the URL in question, but when viewing the same URL from a different device, I was not able to see that device's traffic.

    This made sense, since I was monitoring the local interface, and the traffic from the target device wasn't flowing through my interface on the macbook. (This makes sense, even though I was in promiscuous mode, the traffic was between the AP (access point), and the target wireless client.)
    I was also monitoring in 'ethernet' mode.

    Then I switched to monitor mode for that interface (see screenshot #3), and all I could see was radio traffic, not the IP within that radio traffic. There was a warning that some network cards would disassociate during monitor mode, which does make sense.

    However, if I can see the radio traffic, I would expect to see all of the radio traffic, which would thusly contain all of the IP, even if it were encrypted. So I would consider it possible I might be able to decrypt the radio packets between the target client and the AP, given the correct wireless passphrase (which again, I have). Perhaps I am missing something in my understanding of the data flow here?...

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Sniffing Facebook chats with Wireshark
Export raw packet bytes in tshark, tcpdump, or similar?
how to capture only SMTP using latest Wireshark 2.2.6 or later
Usefulness of packets in wireshark? SSDP protocol, rather than HTTP?
How do I limit packet capturing in Wireshark to only a specific protocol?
Sniffing the Router for Packets
Wireshark filtering for one network
Can I collect wireless packets using Wireshark while being connected to the Internet via cable?
Wireshark only capturing beacon frames
Wireshark - How do i filter the TCP[RST] packet?