Hello promiscuous doesn't seem to work, i can only see broadcast and and packets addressed to me,I use an alfa adapter, with chipset 8187L, when i use wireshark with promiscuous mode, and then use netstat -i, i can't see that "p" flag, and if i spoof another device i can see his packets help me please, I need it in my work "I'm a student" asked 25 Mar '16, 08:04  Salim Bitam showing 5 of 13 show 8 more comments |
One Answer:
If you have read the capture page, then why the question whether you really need monitor mode to capture (foreign, non-data or not-to-you) traffic? [Btw, the answer is: Yes, you really do need monitor mode]. Can you please describe the exact steps you tried to do the capture? answered 27 Mar '16, 11:54  jmayer |
OS and Wireshark version?
I use last version of wireshark, i tried with ubuntu, kali linux 1 && 2, Is it true that, to sniff on wireless network, only monitor mod works, not promiscuous?
Have you read the wiki page on wireless capture?
Yes sir trust me I did, i spent 15 days searching how to solve this problem, but i can't :/ , I even asked experimented persons, they told me that they use only monitor mod
I made my AP open, and when i capture with wireshark, i disconnect everyone first, but still doesn't work
Can you explain why do you need to use exactly promiscuous mode on a wireless card, given that you know that on many (if not most) wireless cards it does not work the same like on wired Ethernet? What makes monitoring mode unacceptable for your purpose?
Yes, I need to make it work on promiscuous to be able to detect NICs on promiscuous mode
So the submission of your work is "identify all NICs on the machine which are currently running in promiscuous mode", and the data captured in that mode are actually not so important and you only wanted to use their contents as a proof that the card is in promiscuous mode?
noo, i want to identify each device's NIC of my network if it's running in promiscuous mode
OK, so in a minimalistic case, you would have two machines. Machine A's NIC could be switched between normal and promiscuous mode, and machine B would run a software which would find out whether machine A's NIC is currently running promiscuous mode or not?
Thaaaat's it :) , my problem is I can't sniff with promiscuous mode, only monitor mode works, so Did it work for you without the monitor mode please, you would save my life
I'm afraid I'm not that powerful :-) The point is that if you really need this to work with wireless NICs, that goal is nearly impossible to obtain.
With wireless in general, promiscuous mode makes little sense: if encryption is used, each STA uses its individual session keys (even if built from a common pre-shared key) to encrypt the communication with the AP, so when STA's wireless adaptor receives a packet for another STA, it cannot decipher it. Therefore, even though you're right that without encryption (i.e. after making your AP open as you wrote) it could work, the wireless NIC drivers usually don't care much about promiscuous mode implementation, or simply do not support it at all.
So to test your solution on a wireless network, you'd have to find one of few wireless NIC models which do support promiscuous mode and install it into your machine A,
So I'd recommend you to take an Ethernet patchcord and fulfil the submission using wired Ethernet.
Okay Thank you a lot for your time :) I have a better idea now