Hi, probably a n00b question, but I can't find an answer to it.
I have my Wireshark instaled on Ubuntu within VmWare Workstation. I activated the monitor mode on mon0 with airmon-ng. When I'm listening on that interface (mon0) all I can see is 802.11 protocol and Source/Destination addresses are not displayed as regular IP addresses so I can't figure out where does traffic originated from and where is it going (no IP information).
Is it possible to somehow get frames with their source and destination IP addresses?
Thanks for any help.
asked 21 Jul '13, 02:25
On a protected network (one using WEP or WPA/WPA2), the packets are encrypted (the whole point of protected networks is to make it hard to sniff traffic on them!), and, when captured in monitor mode, what's captured is the encrypted data. You will have to configure Wireshark to decrypt the traffic and, for WPA/WPA2 networks, for each machine whose traffic you want to decrypt, you will need to capture the initial handshake done when the machine joins the network (so you might have to turn your own, and other machines', Wi-FI interfaces off and on again, or put them to sleep and wake them up again, to force them to re-join the network).
answered 21 Jul '13, 12:43
Guy Harris ♦♦