Packet Sniff over Wi-Fi

wireshark sniffing packet
9,880

That's all way too hard if you're using Linux. Most wireless cards nowadays support monitor mode, which allows to use them to capture all packets, including 802.11 Management and Control frames, on a single channel.

If your wireless card supports this mode (chances that it does), then do the following (I assume that you are using a Debian-based distro:

$ sudo su
# aptitude install aircrack-ng
# airmon-ng start wlan0
# airodump-ng mon0

At this point, you should see a list of wireless networks and connected clients. Note the channel number on which your network/client is running. You'll need it to lock your NIC on a particular channel: now it switches all channels sequently to detect every network.

^C
# airodump-ng mon0 -c $channel

You don't really need any of airodump-ng output, it is just used to set channel. Also you can use iw/iwconfig to use it or just connect to the network (yes, you can simultaneously be connected to a network and use monitor mode), but this is easiest and error-prone way.

Now you can start Wireshark and point it to mon0 interface. You'll be able to see all packets travelling through your network. If you want to see only data packets, use this filter: wlan.fc.type_subtype == 0x20.

As a note, I want to say that this is probably possible on Windows, but is harder and range of supported adapters is much narrower, as there are no standard API for monitor mode in Windows.

Share:
9,880

Related videos on Youtube

Nicholas Stuart
Author by

Nicholas Stuart

Updated on September 17, 2022

Comments

  • Nicholas Stuart
    Nicholas Stuart over 1 year

    I've got a non-PC wireless client, and I'm wondering about some of its connections. I want to see the actual packets being exchanged from the net to my device over a Wi-Fi connection.

    I have Wireshark running on a PC and am watching traffic go by on the network, but whenever the device loads information from the net, it doesn't show up on the sniffer. I have it set to promiscuous mode, but still nothing.

    Does anyone know how to make something be seen by a packet sniffer?

    • HiFi
      HiFi over 13 years
      Wireshark only shows you your traffic on your computer, not your network. Doing it network wide requires a special setting on the router which doesn't normally exist
    • Nicholas Stuart
      Nicholas Stuart over 13 years
      Okay, so I can't mod my router to help show traffic on the network, what about setting linux up as a router. I'd enable wifi on the device, then setup a linux box as a DHCP server, set it up as a "gateway" and all IP_Forwarding, would this all that linux box to view the packets passing through?
    • Karl Bielefeldt
      Karl Bielefeldt over 13 years
      Yes, that would work. You just need the router to be between the wireless interface and the Internet.
    • Spiff
      Spiff over 13 years
      @Lord.Quackstar grossly oversimplified. Sniffers like Wireshark can put your interface into promiscuous mode, so it sees all traffic on your hub, regardless of address. If you're on a switch, you won't see others' unicast traffic, but you'll still see their multicast/broadcast traffic. If you have a manageable switch (no router needed) you can enable port mirroring so another port's traffic gets copied to your sniffer's port so you can see it. 802.11 monitor mode sniffers even can see all traffic on an entire 802.11 channel, regardless of which wireless AP / network it is on.
    • Spiff
      Spiff over 13 years
      To whoever voted to close: This not off-topic at all. This is a PC network sniffing / Wireshark question, nothing really Android-specific about it at all.
    • Nicholas Stuart
      Nicholas Stuart over 13 years
      @Spiff and a Router would qualify as a "switch", so the unicast info isn't being seen by every host. So would putting the gateway as a linux machine with IP_FORWARD enabled work?
    • HiFi
      HiFi over 13 years
      @Spiff And please tell me how many consumer grade routers/switches let you setup a "sniffer port" or forced global rebroadcasting?
    • Spiff
      Spiff over 13 years
      @Lord.Quackstar, your question seems like a non-sequitur. I took issue with the first 23 words of your comment, not the last 4.
  • Nicholas Stuart
    Nicholas Stuart over 13 years
    Thanks for this recommendation, but my Wifi doesn't work with it.
  • whitequark
    whitequark over 13 years
    @Nicholas: doesn't work with what? Linux? Monitor mode? Can you post name or PCI/USB IDs of your NIC so I can check if it really supported?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Capturing wireless traffic (using Wireshark)
Sniffing Facebook chats with Wireshark
how to capture only SMTP using latest Wireshark 2.2.6 or later
How to filter packets with distinct source address in wireshark?
Usefulness of packets in wireshark? SSDP protocol, rather than HTTP?
How do I limit packet capturing in Wireshark to only a specific protocol?
Sniffing the Router for Packets
Wireshark filtering for one network
Can I collect wireless packets using Wireshark while being connected to the Internet via cable?
Wireshark only capturing beacon frames