This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Hi,

Here is my situation. I got a AWUS036NHE card and install it on a Ubuntu machine. I managed to put the AWUS in monitor mode , installed gpk and wireshark and right now I see the card in wireshark. I also managed to set up the card in monitor mode in wireshark and I try to listen to trafic in my wireless network which is WPA2 encrypted. I have an STB that connects to my router to access video content. Beside video content there are http requests, DNS resolutions and I can see all these if I run the STB through wired network, through my 2 network card computer set up in ICS in Windows. In this wired configuration, the capture is done in promiscuous mode and under protocol I see DNS, HTTP, RTMP....etc. When I switch to wireless and go in monitor mode I only see 802.11 frames under protocol and I wasn't able to figure yet how to extract usefull information from those frames. When I talk about useful information I am only referring strictly to communication information like DNS names that the STB is trying to access, HTTP requests, RTMP requests and their respective IP addresses. I am not interested in the payload, respectively the video content or HTTP page content. I know that the communication between STB and router is encrypted, but I do have the WPA2 key. I noticed that Wireshark can decrypt the frames, but when I wanted to add the key I only had WEP and WPA in Wireshark. Do I have to install some extra modules to get WPA2 decryption in Wireshark, or it should work by filling my wireless key under WPA password? Any idea how can I extract a useful conversation from these frames once decrypted, in order for me to make sense.... Any help is appreciated. I am very beginner with Ubuntu/Linux, so if anything needs to be added in Ubuntu/wireshark, please write me all the commands....Do not assume I know how to do this or that... It took me a whole day to install wireshark and put the AWUS adapter in monitor mode....

Thank you.

Regards,

Joe

asked 12 Jan '16, 07:10

Joe%20Smith's gravatar image

Joe Smith
1111
accept rate: 0%


There are some helpful resources just a Google away:

  1. The Wireshark Wiki page on Wireless LAN Capture.
  2. The Wireshark Wiki page on 802.11 Decryption.
permanent link

answered 12 Jan '16, 07:30

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×165
×86
×30

question asked: 12 Jan '16, 07:10

question was seen: 2,111 times

last updated: 12 Jan '16, 07:30

p​o​w​e​r​e​d by O​S​Q​A