I am running wireshark on a kali linux computer. I have an alfa usb wireless device. When I set my computer to run in monitor mode, wireshark does not see any tcp packets. I have been struggling with this for a few months now. When I first switched from a windows machine, I was seeing lots of tcp packets. But it seems that over time I started seeing less and less. Now I see nothing. It doesn't make any sense at all to me. And I don't have any capture or display filters on. asked 17 Nov '15, 13:41 rlwhiterose |
Have you set the wlan card to the correct WI-FI channell? maybe this related question can give you a hint: https://ask.wireshark.org/questions/47226/capture-80211ac-frames-in-monitor-mode
Thanks for the tip. But I don't really want to sniff a specific channel. I want to sniff everything. I have to do some more testing today, but I may have come up with something that works, even though it doesn't make any sense to me. When it wasn't working I was setting my computer to monitor mode like this:
ifconfig wlan1 down
iwconfig mode monitor
ifconfig wlan1 up
It seems to work when I do it like this:
ifconfig wlan1 down
iwconfig mode managed
ifconfig wlan1 up
ifconfig wlan1 down
iwconfig mode monitor
ifconfig wlan1 up
That was working great yesterday. Going to do some more testing today.
If you want to capture on more than one channel you can find some info here: https://wiki.wireshark.org/CaptureSetup/WLAN/ -> Section: channel hopping
Thanks for the link Christian. I will check it out.