This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Hello, I am no guru when it comes to sniifers so I need some guidance. I want to run a sniffer (Wireshak) on my PC (LAN Ethernet) or laptop (Wifi 802.11b/g) to capture/sniff all data on my home network. I have D-Link WRT110 router with WPA2, with some laptops and smartphones connected to it. I want to check what my kids are doing, the web sites they visit, the chat rooms and even reading the chat history (like Whatsapp on smartphones). Is that possible to do with Wireshark or I need something else? If possible: - What version of Wireshark do I need? - Once installed, what parameters do I need to set? - Once captured, do I need to decrypt the datd and if yes, how?

This question is marked "community wiki".

asked 26 Oct '12, 10:08

torontoguy's gravatar image

torontoguy
1222
accept rate: 0%


As per my reply, Wireshark, Network Monitor, and other network analyzers aren't really designed for people who just want to know what sites their children are visiting, they're designed for technical users such as network software developers, network administrators/managers/troubleshooters, and the like, who need to know technical details about what traffic is going over a network.

You might be better off with software designed for the average user or, at least, the average parent - and designed for the purpose of monitoring network activity on other people's machines, rather than for the purpose of capturing raw network traffic and letting you look at it in detail for whatever you might be trying to find. Some Googling found, for example, Symantec's Norton Online Family and McGruff SafeGuard. You may have to install software on their PC's and smartphones to use it; make sure whatever you install supports whatever operating system their PCs and smartphones are running.

permanent link

answered 28 Oct '12, 23:06

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196
accept rate: 19%

I have D-Link WRT110 router

(I assume you mean "Linksys WRT110 router" - I couldn't find any WRT110 product on D-Link's Web site, but I did find one on Cisco's page for Linksys products.)

I want to check what my kids are doing, the web sites they visit, the chat rooms and even reading the chat history (like Whatsapp on smartphones). Is that possible to do with Wireshark

Yes, if either

  1. you use a hub or network tap on the connection between the router and your Internet modem (cable modem, DSL modem, etc.) and plug your PC into it on the Ethernet connection (which might cause problems with its Internet access, including resolving host names from IP addresses)

or

  1. you run a Wi-Fi sniffer in monitor mode (which means your laptop can't be running Windows if you're using Wireshark, but if your laptop is running Windows Vista or later, Microsoft Network Monitor might be able to capture in monitor mode if the adapter and driver support it) and the sniffer supports WPA2 decryption (which Wireshark does) and you keep it capturing continuously so that every time your kids' machines connect to the Wi-Fi network you capture the setup packets (which means you don't get to clamshell it or let it go to sleep - you'd probably be best off running dumpcap from the command line).

In either case you'll probably have to end up doing continuous captures, which means you'll have a lot of data to dig through if you want to catch them surfing pr0n or whatever.

What version of Wireshark do I need?

Probably any sufficiently modern version would do, but the newer, the better - go for the latest 1.8 version.

Once captured, do I need to decrypt the datd

Yes, as you're using WPA2.

and if yes, how?

Thus. Note, however, that, atop any WPA2 link-layer encryption, the services they're using might also use, for example, SSL/TLS encryption over TCP. Wireshark can decrypt SSL if it's built with the right support libraries (I don't know what support libraries various versions of Wireshark on various OSes are built with) and RSA key exchange is used and you can provide the RSA keys, as per that documentation.

permanent link

answered 26 Oct '12, 18:16

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196
accept rate: 19%

Thank you Guy Harris. Sorry, I am using Linksys right now. D-Link is my very old one.

Again, I am not that guru when it comes to setting up/configuring these applications so I am hoping for some steps. What I gather from your answer is: - Traffic capture: I use Microsoft Network Monitor since I am running Windows Vista. Hopefully that will be supported on my adapter and driver. - Since my wifi is WPA2 I need to decrypt it Option 1: Use Wireshark (latest is 1.8.3) Option 2: Perhaps I use another tool? - Since there is SSL/TLS encrytption too, again I need to decrypt it Option 1: Use Wireshark Option 2: Use something else

I am not sure if I will get all these combinations right without messing up.

PS: I am not sticking to Wireshark. I just brought it up as an example. In fact I see there are 8 sub-files under (Stable Release 1.8.3) and I am not sure if I need to install all of them. http://www.wireshark.org/download.html

(26 Oct '12, 22:13) torontoguy

As you're using Windows, Wireshark can't capture in monitor mode (it could capture if you bought an AirPcap adapter).

Yes, you would need to set up decryption for WPA2; I don't know whether Network Monitor can do that, but Wireshark can read captures saved from Network Monitor.

If your kids' internet access includes any secure sites, you'll also have to decrypt SSL/TLS; I don't think Network Monitor can do that.

(27 Oct '12, 13:33) Guy Harris ♦♦

As for the 8 sub-files, they're 8 different versions of Wireshark, for different operating systems and types of hardware:

  • The source code is for OSes for which neither the Wireshark developers nor the OS vendor supply a binary version - binaries are supplied for Windows, so that's not an issue.

  • The OS X versions are, obviously, for OS X, not Windows.

  • The U3 and PortableApps versions are specialized versions; you put them on a flash drive and stick the flash drive into a machine on which Wireshark isn't installed and run it from the flash drive.

(27 Oct '12, 13:36) Guy Harris ♦♦

That leaves the Windows Installer versions. If you have a 64-bit PC running 64-bit Windows, you probably want the 64-bit version, as it can handle larger captures; otherwise, you need the 32-bit version, as the 64-bit version won't work.

(27 Oct '12, 13:37) Guy Harris ♦♦

For an average user this stuff seems complicated. I installed Microsoft Network Monitor and it captures load os stuff and I don't seem successful in understanding what I am capturing. Once I I understand MNM I will move to Wireshark. For the time being all I need is capture Whatsapp conversations on smartphones. If I can get this, I will be more than happy. I searched for that and it doesn't seem there is an easy way.

The straight forward solution is to use e.g., combination of MNM and Wireshark but that is steps above the average user knowledge.

(28 Oct '12, 22:17) torontoguy

Neither Wireshark nor Network Monitor nor most if not all other network analyzers are designed for people who just want to find out what sites their kids are going to; they're designed for network software developers, network managers and troubleshooters, and other people who need to know technical details about what traffic is going over a network.

(28 Oct '12, 22:57) Guy Harris ♦♦
showing 5 of 6 show 1 more comments
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×134

question asked: 26 Oct '12, 10:08

question was seen: 15,659 times

last updated: 11 Nov '12, 09:08

p​o​w​e​r​e​d by O​S​Q​A