Hi everyone, My home network consists of several PC's connected via Ethernet...as well as 2 laptops, 2 Ipads and 2 smartphones connected via WIFI (WPA2/TKIP). Ultimately I plan on using Security Onion to monitor all of my devices; however as a first step I tried to see if I could view all of the traffic via Wireshark, and I am only able to see the traffic from the laptop that I do the sniffing on. Obviously that laptop is connected to my WPA2 protected WLAN. I have tried using Wireshark both in Windows 7 as well as in Linux (Backtrack) but the same thing happens. In Backtrack I am able to use airmon-ng and put the adapter into monitor mode, and can see the 802.11 control frames etc. But no matter what I seem to do, I am unable to get this to work. I have even checked and unchecked "promiscuous mode" in Wireshark. My plan had been to use a DD-WRT router configured as a wireless repeater bridge to be the source for Security Onion. Even using the repeater bridge, which is already connected to my SSID, I am only able to see the traffic coming off the machine I use for sniffing. I do get a lot of ARP and other broadcast traffic to other IPs on my WLAN, but no TCP packets. I know for a fact that I used to be able to sniff all traffic - I distinctly remember testing Driftnet out. I was wondering if this has something to do with Windows 7; but it shouldnt make a difference in Backtrack Linux. I have posted this question on DD-WRT's forum as well as Backtracks but have received no responses. I have also searched via Google but have come up with a bunch of conflicting answers. BTW I have tried going into preferences and configuring the encryption key in the 802.11 settings. The problem is I am unable to set the channel via the wireless toolbar - both in Windows and Linux, when I display the wireless toolbar, almost everything on it is grayed out. And once last thing - when I tried this last and was successful at sniffing all traffic I might have been using WEP. Would changing to WPA2 cause this?? Any help that you can give me would be greatly appreciated. Mike This question is marked "community wiki". asked 16 Jun '13, 03:42 foolio |
Are you using an AirPcap radiotap?
I too would like to see the answers to your questions. However, you may want to go through your post and clarify what exactly your questions are in a 1. 2. 3. format so the experts here can cherry-pick what they want to answer and leave other questions/clarifications to others.
BTW, my admittedly novice sense is that your problem may be the wireless NIC or the NIC's driver you're attempting capture with. I know there are some NICs out there that are set up to do this (monitor mode, promiscuous mode, etc.) and some aren't.
You may want to detail the make/manufacturer/chipset of the NIC you're using and the drivers you're using for both Windows and Linux.
Also, I've run into n00b problems with packet capture due to misconfigured adapter settings when using virtual machines (e.g., running a BackTrack VM inside a Mac-host on VMWare Fusion). If you're using virtual machines you may also want to detail your settings there, too.