This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Hello!

We are 2 students assigned to build a PC that is able to "sniff" packets from our mobile devices (both iOS and Android). We have no experience with packet capture or Wireshark before and need some help with what Wifi card we should buy. We can adjust to different operative systems (prefer linux) but we need help to find a card that we know is capable of capturing packets from mobile devices. And if there is anything more we should be aware of before we buy a card you are welcome to tell us. We have attached a photo you can take a look at if the text is not clear to you.

alt text

asked 02 Apr '14, 05:03

pervan's gravatar image

pervan
1113
accept rate: 0%

What do you mean by "WiFi", is it 802.11 a.k.a. WLAN, or are you talking about 3G/4G/UMTS/LTE?

(02 Apr '14, 05:11) Jasper ♦♦

802.11 (WLAN). So the thing we need is a 802.11 card to use as an access point and capture the packets comming from our mobile devices, we just dont know what card to use.

(02 Apr '14, 05:16) pervan

There's a whole lot of info on the WLAN capture page on the wiki. Have a look at that and then come back with any further questions you have.

permanent link

answered 02 Apr '14, 05:07

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%

Reading the wikipage right now and taking notes, so thanks for that! //The other student

(02 Apr '14, 05:32) JET

You could also just set up a dedicated WLAN access point that you hook up to the university network and force the devices to use it. Then capture on the ethernet link, if that's easier.

For capture cards you could use AirPCAP adapters, or almost any device on linux as long as you manage to put them in monitor mode.

permanent link

answered 02 Apr '14, 05:21

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

We've looked at the AirPCAP adapter now and we'll run it by our teacher/handler and see what he thinks, so thanks for the tip!

"You could also just set up a dedicated WLAN access point that you hook up to the university network and force the devices to use it. Then capture on the ethernet link, if that's easier."

Yeah this seems to be something more what we had in mind. Guess we could have been a bit clearer on that from the start! So we should be able to use, for an example,an AirPCAP adapter as an AP that we force our mobile devices to use?

(02 Apr '14, 05:44) JET

I doubt you can use the capturing adapter as a tethering device. Keep in mind that WiFi cards are half duplex, and when capturing you will only be able to read packets from the air, not send anything. AirPCAP does not behave like a normal WiFi card, it is record only - unless using the injection feature, which I haven't used so far.

My approach would be to use the dedicated AP, have the mobile devices connect to it, and then capture their traffic on the wired connection to the university network by SPAN/TAP.

(02 Apr '14, 05:48) Jasper ♦♦
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×1,620
×238
×134
×73
×61

question asked: 02 Apr '14, 05:03

question was seen: 5,998 times

last updated: 02 Apr '14, 05:48

p​o​w​e​r​e​d by O​S​Q​A