Hi So I am trying to capture my LAN traffic ( all traffic from all devices on my LAN ) on my Macbook Pro over Wifi. I have "use promiscuous mode on all interfaces" enabled in capture options. However when I run the capture, I am only able to capture all traffic from my macbook and broadcast packets from all other devices on the LAN. I have set my router on WPA/WP2 personal mode. I am aware other devices in my LAN will have their traffic encrypted because of this. I don't mind seeing the encrypted traffic , But i still want to capture it. How do I go about doing that ? Regarding decryption: I tried capturing all traffic from all devices on my LAN by enabling monitor mode. I understand I need to capture EAPOL handshake of the device I am trying to decrypt. Is this correct ? What happens if I don't capture the EAPOL handshake of my laptop but I do capture the handshake of another device? Does that mean I can decypt the packets of the other device but not of my laptop.? Or do I need EAPOL of both my laptop and the other devices to decrypt anything ? asked 13 Mar '14, 18:25  Sukhvir Notra edited 13 Mar '14, 19:29  Guy Harris ♦♦ |
One Answer:
As one of the tags you put on your question suggests, you need monitor mode, not promiscuous mode; promiscuous mode doesn't necessarily do anything useful on Wi-Fi adapters. See the WLAN (802.11) Capture Setup page on the Wireshark Wiki for more details. As for decryption (which should have been asked in a separate question): See the How To Decrypt 802.11 page on the Wireshark Wiki. answered 13 Mar '14, 19:27 Guy Harris ♦♦ edited 13 Mar '14, 19:29 |
Yes I tried using monitor mode. Could you please answer my questions under the " Regarding decryption" heading in my question