The packets coming through are all from my own device, but the other devices connected to my wireless network (a PC, and a mobile phone) are not showing up at all. I did some research, and put it in "monitor mode", but doing that changes the way the captured data looks. They are no longer color coded, they are just plain text, and it doesn't seem to be tracking any of the information I want, all the results are now protocol: 802.11 The only way to fix it, is to uncheck monitor mode, but doing that will only show me my own traffic. Any idea what I should do? asked 12 Mar '13, 22:33  dingoes45 |
One Answer:
That's probably because your network is encrypted (WEP or WPA/WPA2), and, when you capture in monitor mode, the unencrypted packets are given to Wireshark by the kernel (BPF). If you are on an encrypted network, and you want to capture other machines' traffic, you will have to get the password for your network, and configure Wireshark to be able to decrypt that traffic. For WPA/WPA2, this means that you will need to capture the traffic from those machines at the beginning of an encrypted session, which may require you to disconnect them from the network, start Wireshark, and reconnect them to the network. (After all, the whole point of encrypting a network is to make it harder to sniff it....) answered 12 Mar '13, 22:53  Guy Harris ♦♦ |
Thanks, that's what I figured. I did, however, try that as well. And assuming I understood it correctly, I entered wpa-pwd:(password):(ssid) into the field. It still changes nothing in terms of the results I see when on monitor mode.
Is there something else I should be doing after I enter the network information?
Note that, as I said in my answer, if your network is a WPA/WPA2 network, you can only decrypt traffic to or from a given machine if you capture the initial EAPOL handshake. As the Wireshark Wiki page I linked to says: