This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

promiscuous mode on WLAN

0

Dear all,

I'm encountering the following problem. I'm trying to run promiscuous mode on the standard network adapter on the macbook air running Mountain Lion. As you well know, MBAir does not have a LAN input thus the capture mode should always work over wifi. The issue is that I ONLY capture the packets from the localhost and thus none of the packets of the rest of IPs from the same network. I tried to run on "monitor mode" but I cannot properly check none of the HTTP.REQUESTS nor I can I do appropriate cookie analysis. I'm testing a web service in a MAMP server installed in the same network but can't see the none of the interaction.

Does anyone know what may be the issue here?

Thank you and best regards

asked 31 Mar '13, 10:39

monkey's gravatar image

monkey
11112
accept rate: 0%

edited 31 Mar '13, 11:43

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196


One Answer:

1

The issues is that you're probably on a "protected", i.e. encrypted, Wi-Fi network.

On a wired LAN, there's normally no link-layer encryption, so if you can capture the traffic (which might involve more than just promiscuous mode, e.g. a "mirrored port" on a switch), the network analyzer can dissect it past the link layer.

On a wireless LAN, there's often link-layer encryption, i.e. WEP or WPA/WPA2, so, even if you could capture the traffic, you would, at best, only be able to dissect traffic to and from your own machine without having the password for the WLAN and, if WPA or WPA2 is being used, the initial setup packets for the other machines. See the how to decrypt 802.11 page on the Wireshark Wiki for more details.

answered 31 Mar '13, 11:42

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196
accept rate: 19%