This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Quick Question. Need help monitor mobile devices connect to my network

0

Hello, I have a situation that I have to research. The short story is my niece has had to come stay with us after getting into trouble numerous times. My wife decided to give her a cell phone. Against my better judgement, we did and now I need to monitor her while she is under my roof. In reading thru your website I saw that Wireshark has the capabilities to track wireless devices that communicate with the network. My question is, can I monitor her yahoo/msn messenger conversations using your software? I have already informed her that I will be monitoring her SMS messages remotely using monitoring software. However she is very smart for a teenager and she cranked up her activity on yahoo and MSN and not used her SMS at all recently. Found the loophole I guess. So I need to target her chat platforms now because she deletes every conversation after she finishes her chats.

So I'm on windows 7, use Verizon Fios for my internet, everyone in the house connects to the same network for WiFi, and I have all of the cell phone information, i.e. IP address. Can someone please help me get started on what needs to go into the setup for Wireshark if its possible. I'm a web developer so I'm pretty computer savvy, just not in the networking arena. I'm still going thru your documentation but wow, a lot of that is clearly over my head. Thanks in advance.

Concerned Uncle

asked 21 Mar '13, 08:06

Tigercane's gravatar image

Tigercane
16115
accept rate: 0%


One Answer:

1

If you want to monitor what's going out onto the internet you need to find a way to either capture data at the router (if it allows to do that, it needs to have a monitoring option for this), or you can capture wireless traffic using an AirPCAP adapter (at least if you want to capture wireless data using a Windows PC). In the latter case you'll need to decrypt the packets since I guess your AP is encrypted - at least I hope it is.

Don't get your hopes up though... Yahoo, MSN etc do encrypt their protocols nowadays in most cases, so even if you manage to capture the packets you'll only see the encrypted stuff. There is no way of reading anything unless you can break the application encryption, which I doubt.

answered 21 Mar '13, 08:19

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

[Updated] The comments field would not let me type enough to fit in that area so I posted this under answer. Sorry for that.

Jasper, first and foremost, thanks for the speedy reply. I guess I was misinformed from the article that I read on Wi-Fi Eavesdropping which you can refer to here:

http://www.nowiressecurity.com/articles/wi-fi_eavesdroppers_hackers_see_unsecured_open_wireless_network.htm

It talks about what can be access from unsecured wireless networks. So I made the assumption that if someone with no direct access to your home and hardware could pull information directly from your wireless network, the premise of that idea could also work for what I was trying to do. The article actually uses your application and took a screen shot of an intercepted yahoo message captured over the network.

Is that they are doing there different that what Wireshark is intended to do? The protocol that was used to capture the Yahoo message was listed as "ARP". Not sure if that helps. Again thanks for all of your help! Its very much appreciated.

(21 Mar '13, 09:05) Tigercane

[I converted your answer for you]

Okay, that article is talking about unencrypted networks, which I hope you don't run at home - WPA/WPA2 encryption is mandatory nowadays in my opinion ;-)

Basically, it is a question of what you niece is doing. If she is using unencrypted application protocols you can capture and read what she is doing, maybe with the minor obstacle of having to decrypt your own WiFi packets first.

ARP has nothing to do with it, it is a protocol for address resolution and sometimes used in attacks to capture packets that you'd normally not get.

(21 Mar '13, 09:27) Jasper ♦♦

Ahh Ok. Yes my network is encrypted so I assumed inside of it, I could bypass all of that can be able to see the info that is getting posted to the router to go out into the wild. I will have to check to see if my router allows for monitor capturing. I suppose I could load up Linux as a dual boot on my laptop but if the packets I get from the chat programs are also encrypted, I suppose it will not be of much help.

(21 Mar '13, 09:32) Tigercane