Is someone willing to walk me through setup of wireless monitoring?


I bought a switch capable of port mirroring. Use a mac and need to monitor another mac on my wireless network. I need to know how to set up the system and use Wireshark. I don't have a PC or Mac close to the router/switch. I have multiple wireless routers if that matters, but don't have to use them. Thanks

asked 19 Dec '11, 20:30

Yes we were willing to walk everybody through this. Thats why if you use the SEARCH function on this site, there are multiple topics regarding wireless captures and everything related to it.

Plus there is the very nice wireshark wiki explaining everything you need to know!

(20 Dec '11, 01:37) Landi

The Wireshark Wiki is here. You might be interested in the article on CaptureSetup. Additionally, the Wireshark User's Guide may help you as well.

If you have a more specific question, perhaps about a particular step in the process, that is more likely to get a usable answer.

(20 Dec '11, 06:48) multipleinte...

Do you want to monitor the wireless traffic sent to or by the other Mac - in which case the switch won't help, as the port mirroring would catch wired traffic - or do you want to monitor the traffic to or from that Mac that goes through the switch?

(21 Dec '11, 14:49) Guy Harris ♦♦

I would like to monitor all traffic. Both Macs are wireless. Can I place the switch between the router and cable modem? I would like traffic both ways. Is it possible and if so how? I need setup and instructions for Wireshark. I am particularly concerned with email traffic, but all email from other Mac goes through webmail and not a program such as outlook. Any help would be greatly appreciated.

(23 Dec '11, 20:08) becomer

If you truly want to monitor all traffic, i.e. monitor every single network segment on your network, you'll need to tell us how your network is set up, in its entirety. You have at least two Macs on your wireless network, and the fact that you have a wireless network probably means you have a wireless access point - do you have a Wi-Fi router directly connected by Ethernet to your cable modem, or is your network more complicated than that?

(24 Dec '11, 01:12) Guy Harris ♦♦

Guy Harris, I have comcast cable modem, ethernet to wireless router and all traffic goes through the router. I bought a switch with port monitoring thinking I could capture all traffic between router and modem. I would like all traffic as in emails sent and received through outlook, OSx mail and utilizing webmail (yahoo and google). Also if messaging as in facebook, etc is possible.

(28 Dec '11, 20:04) becomer
One Answer:


OK, so that network isn't too complicated. Most of your traffic is probably between the machines with Wi-Fi access and the wireless router, so if you plug the wireless router's Ethernet connection and the cable modem's Ethernet connection into the switch, and set up a monitoring port on the cable modem and plug one of your Mac's Ethernet ports into the monitoring port, and have Wireshark capture traffic on the Ethernet port (en0) and do so in promiscuous mode, you should see all traffic running through the switch - i.e., all Ethernet traffic from the other Wi-Fi machines to and from the Internet.

I.e., with this setup, you don't need to use the monitoring machine's wireless interface to capture all the traffic.

answered 29 Dec '11, 00:37

