Dear all, I'm encountering the following problem. I'm trying to run promiscuous mode on the standard network adapter on the macbook air running Mountain Lion. As you well know, MBAir does not have a LAN input thus the capture mode should always work over wifi. The issue is that I ONLY capture the packets from the localhost and thus none of the packets of the rest of IPs from the same network. I tried to run on "monitor mode" but I cannot properly check none of the HTTP.REQUESTS nor I can I do appropriate cookie analysis. I'm testing a web service in a MAMP server installed in the same network but can't see the none of the interaction. Does anyone know what may be the issue here? Thank you and best regards asked 31 Mar '13, 10:39  monkey edited 31 Mar '13, 11:43  Guy Harris ♦♦ |
One Answer:
The issues is that you're probably on a "protected", i.e. encrypted, Wi-Fi network. On a wired LAN, there's normally no link-layer encryption, so if you can capture the traffic (which might involve more than just promiscuous mode, e.g. a "mirrored port" on a switch), the network analyzer can dissect it past the link layer. On a wireless LAN, there's often link-layer encryption, i.e. WEP or WPA/WPA2, so, even if you could capture the traffic, you would, at best, only be able to dissect traffic to and from your own machine without having the password for the WLAN and, if WPA or WPA2 is being used, the initial setup packets for the other machines. See the how to decrypt 802.11 page on the Wireshark Wiki for more details. answered 31 Mar '13, 11:42 Guy Harris ♦♦ |
