This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Sniffing packets from mobile devices, what wifi card to use?

0

Hello!

We are 2 students assigned to build a PC that is able to "sniff" packets from our mobile devices (both iOS and Android). We have no experience with packet capture or Wireshark before and need some help with what Wifi card we should buy. We can adjust to different operative systems (prefer linux) but we need help to find a card that we know is capable of capturing packets from mobile devices. And if there is anything more we should be aware of before we buy a card you are welcome to tell us. We have attached a photo you can take a look at if the text is not clear to you.

alt text

asked 02 Apr '14, 05:03

pervan's gravatar image

pervan
1113
accept rate: 0%

What do you mean by "WiFi", is it 802.11 a.k.a. WLAN, or are you talking about 3G/4G/UMTS/LTE?

(02 Apr '14, 05:11) Jasper ♦♦

802.11 (WLAN). So the thing we need is a 802.11 card to use as an access point and capture the packets comming from our mobile devices, we just dont know what card to use.

(02 Apr '14, 05:16) pervan

2 Answers:

3

There's a whole lot of info on the WLAN capture page on the wiki. Have a look at that and then come back with any further questions you have.

answered 02 Apr '14, 05:07

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%

Reading the wikipage right now and taking notes, so thanks for that! //The other student

(02 Apr '14, 05:32) JET

2

You could also just set up a dedicated WLAN access point that you hook up to the university network and force the devices to use it. Then capture on the ethernet link, if that's easier.

For capture cards you could use AirPCAP adapters, or almost any device on linux as long as you manage to put them in monitor mode.

answered 02 Apr '14, 05:21

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

We've looked at the AirPCAP adapter now and we'll run it by our teacher/handler and see what he thinks, so thanks for the tip!

"You could also just set up a dedicated WLAN access point that you hook up to the university network and force the devices to use it. Then capture on the ethernet link, if that's easier."

Yeah this seems to be something more what we had in mind. Guess we could have been a bit clearer on that from the start! So we should be able to use, for an example,an AirPCAP adapter as an AP that we force our mobile devices to use?

(02 Apr '14, 05:44) JET

I doubt you can use the capturing adapter as a tethering device. Keep in mind that WiFi cards are half duplex, and when capturing you will only be able to read packets from the air, not send anything. AirPCAP does not behave like a normal WiFi card, it is record only - unless using the injection feature, which I haven't used so far.

My approach would be to use the dedicated AP, have the mobile devices connect to it, and then capture their traffic on the wired connection to the university network by SPAN/TAP.

(02 Apr '14, 05:48) Jasper ♦♦