I have WS 2.0.2 running on a laptop capturing packets in promiscuous mode on the wireless interface. I'm interested in seeing the traffic coming and going from say my mobile phone. It's on 192.168.0.41, so in Wireshark I use a capture filter "host 192.168.0.41", have the wireless interface selected and go ... Alas it seems to be capturing almost, but not exactly, no traffic. I tried same with a capture filter of "ether host" followed by my phone' That is, I can see a variety of broadcasts basically and transmissions that involve the laptop running Wireshark, but nothing that doesn't. I can play around on the phone, web browsing and creating traffic, but the traffic is not seen by the laptop. Yet both laptop and phone are side by side on the same WAP. My conclusion is, I'm not in promiscuous mode. Wireshark is not seeing wifi transmissions that are not addressed to the laptop, they are filtered out before Wireshark. The whole point of promiscuous mode, I thought was to enable me to sniff traffic on the airwaves that did not involve my sniffing machine. Something I want specifically to diagnose issues with wifi cameras I'm using and other issues from time to time. Is there some setting at the BIOS or OS level needed for wifi packets not addressed to the laptop to be visible and captured? I'm running Linux Mint 18.1 on a Dell 5110 laptop for what it's worth. I have WS 2.0.2 running on a laptop capturing packets in promiscuous mode on the wireless interface. I'm interested in seeing the traffic coming and going from say my mobile phone. It's on 192.168.0.41, so in Wireshark I use a capture filter "host 192.168.0.41", have the wireless interface selected and go ... Alas it seems to be capturing almost, but not exactly, no traffic. I tried same with a capture filter of "ether host" followed by my phone' That is, I can see a variety of broadcasts basically and transmissions that involve the laptop running Wireshark, but nothing that doesn't. I can play around on the phone, web browsing and creating traffic, but the traffic is not seen by the laptop. Yet both laptop and phone are side by side on the same WAP. My conclusion is, I'm not in promiscuous mode. Wireshark is not seeing wifi transmissions that are not addressed to the laptop, they are filtered out before Wireshark. The whole point of promiscuous mode, I thought was to enable me to sniff traffic on the airwaves that did not involve my sniffing machine. Something I want specifically to diagnose issues with wifi cameras I'm using and other issues from time to time. Is there some setting at the BIOS or OS level needed for wifi packets not addressed to the laptop to be visible and captured? I'm running Linux Mint 18.1 on a Dell 5110 laptop for what it's worth. asked 27 May '17, 04:52 bernd-wechner |
One Answer:
Recommended links: https://wiki.wireshark.org/CaptureSetup/WLAN http://www.aircrack-ng.org/ The first one is how to turn your interface into monitor mode so you can (possibly) see all wifi traffic in the RF environment around you. The second contains some tools that might help you put the interface in the correct mode to capture traffic. Just sniffing on a wifi interface that is in managed mode will not do what you want - sniff the traffic from your phone. There are a lot more subtleties to wifi packet capture that you will need to get through; these links are a start. As well, filtering wifi traffic has a different set of filters. But first, make sure you get 802.11 traffic then you can worry about capture and display filter syntax. answered 27 May '17, 05:06 Bob Jones |