2

I am working in wireshark. I am monitoring the wifi traffic on the same network. We have 6 pc's there and one machine was installed on wireshark to capture wifi traffic. I got my team mates Ip address in the endpoint list. My machine have installed wiresahrk. whenever they ping to my machine. my machine ip : 192.168.1.214. and others are: 192.168.1.31, 164,188,242. and they ping a request to my m/c I can capture that request. And if 192.168.1.188 machine send a http request to a local server to other ip like 164, 31 . I couldn't capture that http request. Its hows only mdns protocol.. here is the screenshot..

Why I can't capture the http request ? Why other team mates IP (188-->164.31) was not capture ? Anyone please help me

I am working in ubuntu machine.

My router type is : Belkin Surf N150 Wireless Modem Router, F9J1001 v1.

enter image description here

toastmaster
  • 109
  • 1
  • 2
  • 8
  • Is your wireless protected by password? WEP? WPA? WPA2? – Ricardo Reimao Feb 08 '17 at 09:39
  • Take a look on this: https://wiki.wireshark.org/HowToDecrypt802.11 – Ricardo Reimao Feb 08 '17 at 09:52
  • @RicardoReimao yes I did all this you can see this.This is my previous post http://superuser.com/questions/1173822/how-to-capture-wlan-ieee-802-11 – toastmaster Feb 08 '17 at 09:55
  • 1
    Ok listen, nobody going to tell you what you want to hear because you are very persistent in asking how to perform a MiTM attack, which sounds like you have malicious intents. Moreover, Wireshark works exactly how it is supposed to! And perhaps you should read again the answer below, especially the second paragraph. I think I've said enough already... – user633551 Feb 08 '17 at 19:05
  • @user633551 Hai first I did down the wlp6s0 and then i add monitor mode. then up the wlp6s0 and open wiresahrk. after then I open another terminal I put the command iwconfig I shows like in mode : managed why ? – toastmaster Feb 09 '17 at 04:18
  • @user633551 I edited my post please check – toastmaster Feb 09 '17 at 10:09

2 Answers2

2

Wireshark doesn't show you all the network traffic in a network. It shows you the network traffic that arrives on or leaves one of your computer's network interfaces.

So if you send an HTTP request to one of your team's computers, or if one of your team members sends an HTTP request to your computer, wireshark on your machine will pick it up. But wireshark can't pick up requests that don't pass your network interface.

You can put your wifi network card into promiscious/monitor mode to capture all packets in the air, even if they're not meant for your machine, but wireshark alone can't do that. So if you can't see packets not targeted at you, the reason is that your wifi adapter is not in monitor mode and by default filters all packets not targeted at you.

Out of Band
  • 9,293
  • 1
  • 23
  • 30
  • 1
    2 possibilities: First, are you sure you have a wifi adapter that supports monitor mode? Not all do on linux, and will fail without error messages. Another: Are you using the same access point as your team? If you don't (e.g. if they're too far away from you), chances are your card can't capture their physical wifi signals. – Out of Band Feb 08 '17 at 10:37
  • did you configure your wifi adapter to automatically connect to an access point? If it does, it will change back to managed mode (as your edited post suggests it does) once the network manager connects to the ap again. Try to disable automatic management of your wifi adapter by the network manager. – Out of Band Feb 08 '17 at 10:46
0

Pascal is right. You must have a driver that goes either into promiscuous mode (I can see unicast, but I'm not involved in the conversation) or monitor mode (I'm in promiscuous and I can see the 802.11 headers). This is a driver discussion, vs a Wireshark discussion. Wireshark displays, libpcap or winpcap captures.

https://wiki.wireshark.org/CaptureSetup/WLAN#Turning_on_monitor_mode

Hope that helps.

Betty
  • 1