As the title says, i can capture only broadcast packages while capturing on wlan. That's what i did: sudo airmon-ng start wlan0 , airmon check kill (to kill the process that causes trouble), airmon-ng stop wlan0mon , airmon-ng start wlan0 , and the network adapter succesfully enter in monitor mode. then i sudo wireshark , and start capturing on wlan0mon . But the only thing i can see is a lot of broadcast packages, and some other packages that i don't really care about. Actually i need to capture packages sent and received from my phone, connected by WiFi. What am i doing wrong? [ I tried with ARPspoof, but the phone loses connection (i can see only the DNS requests it send to the rounter. i can't connect e.g. to google.com). ]
asked 27 Mar '16, 03:12
Hikami
6●1●1●2
accept rate: 0%
Several possibilities:
you may be monitoring at a different frequency channel than your WLAN is using
your phone may use a more advanced modulation than your PC's wireless NIC is able to demodulate
you may be using WPA encryption on your network so those frames you "don't care about" may actually be the ones you're interested in but do not look like that due to encryption
your phone may be too far or too close from the monitoring wireless card, causing the signal to be too noisy to be demodulated (too weak signal if too far as well as too strong one if too close may both prevent the receiver from working properly).
If you believe you are monitoring at the proper frequency channel, and your phone is about 2 meters / 7 ft away from your PC while capturing and you still cannot see anything useful, try to publish the resulting capture at cloudshark or at some login-free file sharing service (Google drive, MS OneDrive) and edit your question with a link to it.