This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Hello! I am new to Wireshark, and I'm using an Alfa AWUS036h USB Wireless adapter on Backtrack5 r3. I set up the alfa card and set it to monitor mode. Then i ran Wireshark, using the mon0 interface i created. Then i used airodump-ng and found the channel to use.

The adapter manages to capture packets, but only with protocol 802.11, NBNS, UDP, and SSDP (And some other protocols, but these are the ones that are captures the most). Especially the 802.11 is overflowing wireshark. And the thing i want to capture is HTTP.

What have I done wrong?

Thank you! I really appreciate help.

And sorry if there is something obvious I have overlooked, as mentioned I am new.

asked 13 Jun '13, 04:37

cheesedoodal's gravatar image

cheesedoodal
11223
accept rate: 0%

edited 13 Jun '13, 11:38

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196

Using encryption on WLAN? WPA/WEP whatever?

(13 Jun '13, 06:30) Landi

No, it is open. I am using my own router for testing, so I removed encryption. At least, on the router page I set Security mode to Disabled. My router is a Belkin router.

(14 Jun '13, 10:59) cheesedoodal

Open doesn't mean not encrypted. Wireless has OPEN authentication and TKIP/AES encryption on most of today's systems. You'd better doublecheck on that

(14 Jun '13, 14:07) Landi

The NBNS, UDP, and SSDP packets are probably broadcast packets, and you're probably on a protected network (encrypted with WEP or WPA/WPA2).

On a protected network, broadcast packets are transmitted in a fashion that allows all packets on the network to see their contents, as that's the intent of broadcasting; if they're encrypted, your 802.11 adapter may be decrypting them and handing them to the host, so Wireshark can see them.

Unicast packets are, however, encrypted in a way that is intended not to allow hosts other than the intended recipient to see their contents, i.e. they're intended not to be easily sniffable. Wireshark can, in some cases, decrypt those packets; you will need to supply the password for the network and, for WPA/WPA2, you will have to be running in "personal" mode and will have to capture the 4-way handshake as the hosts join the network.

permanent link

answered 13 Jun '13, 11:37

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196
accept rate: 19%

Thank you for your response, but my network is open, so I don't believe it is encrypted.

(14 Jun '13, 11:00) cheesedoodal
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×293
×166
×114
×2
×2

question asked: 13 Jun '13, 04:37

question was seen: 6,707 times

last updated: 14 Jun '13, 14:07

p​o​w​e​r​e​d by O​S​Q​A