This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Can’t capture HTTP on my Wi-Fi network

0

Hello! I am new to Wireshark, and I'm using an Alfa AWUS036h USB Wireless adapter on Backtrack5 r3. I set up the alfa card and set it to monitor mode. Then i ran Wireshark, using the mon0 interface i created. Then i used airodump-ng and found the channel to use.

The adapter manages to capture packets, but only with protocol 802.11, NBNS, UDP, and SSDP (And some other protocols, but these are the ones that are captures the most). Especially the 802.11 is overflowing wireshark. And the thing i want to capture is HTTP.

What have I done wrong?

Thank you! I really appreciate help.

And sorry if there is something obvious I have overlooked, as mentioned I am new.

asked 13 Jun '13, 04:37

cheesedoodal's gravatar image

cheesedoodal
11223
accept rate: 0%

edited 13 Jun '13, 11:38

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196

Using encryption on WLAN? WPA/WEP whatever?

(13 Jun '13, 06:30) Landi

No, it is open. I am using my own router for testing, so I removed encryption. At least, on the router page I set Security mode to Disabled. My router is a Belkin router.

(14 Jun '13, 10:59) cheesedoodal

Open doesn't mean not encrypted. Wireless has OPEN authentication and TKIP/AES encryption on most of today's systems. You'd better doublecheck on that

(14 Jun '13, 14:07) Landi

One Answer:

0

The NBNS, UDP, and SSDP packets are probably broadcast packets, and you're probably on a protected network (encrypted with WEP or WPA/WPA2).

On a protected network, broadcast packets are transmitted in a fashion that allows all packets on the network to see their contents, as that's the intent of broadcasting; if they're encrypted, your 802.11 adapter may be decrypting them and handing them to the host, so Wireshark can see them.

Unicast packets are, however, encrypted in a way that is intended not to allow hosts other than the intended recipient to see their contents, i.e. they're intended not to be easily sniffable. Wireshark can, in some cases, decrypt those packets; you will need to supply the password for the network and, for WPA/WPA2, you will have to be running in "personal" mode and will have to capture the 4-way handshake as the hosts join the network.

answered 13 Jun '13, 11:37

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196
accept rate: 19%

Thank you for your response, but my network is open, so I don't believe it is encrypted.

(14 Jun '13, 11:00) cheesedoodal