This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

How to set wireshark on monitor mode

0

Hi all,

I'm working on my project and it requires me to capture traffic on a network. below is the description of the scenario:

I'm running wire-shark on a Kali Linux virtual machine installed on a mac air laptop.

I want to capture the traffic on the router network using the wire-shark installed on the kali linux.

current i only receive DNS, ARP, ICMP Traffic. I do need help to achieve the following

  1. How can i set the network on a monitor mode.
  2. how do i successful capture tcp traffic and other relevant traffic.

Thanks

asked 13 Jan '17, 12:13

edafe's gravatar image

edafe
6112
accept rate: 0%


2 Answers:

0

answered 13 Jan '17, 12:27

Amato_C's gravatar image

Amato_C
1.1k142032
accept rate: 14%

0

You really can't set monitor mode with your current setup. If you are on a VM, as you describe, all interfaces are virtual and further 'wired'. So @Amato's links are certainly appropriate, especially the wired one. If you want wireless traffic, you need direct access to the wireless hardware which does not really come through a VM (in general).

Why not capture on the MAC directly? If you use @Amato's wireless link, you will find the MAC will go into monitor mode nicely and pick up lots of wireless frames. It's actually a great tool for wireless traffic capture.

Alternatively, add a USB wifi adapter and pass the USB into the VM and then you could have Linux put the device into monitor mode, etc.

Also if you just need the network traffic for some purpose, wired traffic capture is much easier.

answered 13 Jan '17, 14:31

Bob%20Jones's gravatar image

Bob Jones
1.0k2515
accept rate: 21%