I have an internet connected (WiFi) house alarm and I want to link it to smartthings so I can get it to arm / disarm based on rules. I know it's will be possible to hack the physical remote control with an arduino type device to 'press the buttons' and link it in that way but before I go down that line I'd like to see if it is actually something I can do fully online. I know it is unlikely as it should be linking to the server over a secured link but you never know, plus I figure that the process I go though would mean I can also see what data my other IoT devices are sending where.
I am in full control of my network and have separated the IoT devices from my normal machines via a Ubiquiti Router X using VLANs and firewall rules. The WiFi is served by an AP with an IoT specific SSID (both 5Ghz and 2.4Ghz) linked to the IoT VLAN, the device shares the VLAN with lots of other devices both wired and wireless and of course I know the WPA2-PSK passphrase.
What I'm currently trying to achieve is to capture packets going to and from the WiFi Alarm Hub on my network so I can see all the traffic going to and from the device. Given that I own the network I know this should be relatively easy but I am struggling to actually achieve what I want basically because I have a lot of knowledge missing and I am probably trying to learn too much at the same time (the equivalent of learning to swim by jumping into the North Sea in a storm)... but hey I am wanting to learn.
I have googled and researched and I've come up with what seems to me to be two potential solutions
Get the data (from VLAN?? device??) mirrored to a port on the router and then capture the mirrored data via that port
Capture the data from the air and look at the WiFi traffic between the device and the AP
I can't figure out how to achieve the first one (although I'm sure it is possible given the capabilities of the router) so I've moved to the WiFi option, which probably would be the more useful to learn anyway as not every router is quite as capable. I've borrowed a Tetra thinking this would help but I am going round in circles, I first though I should be able to join the same network over WiFi and the capture the decrypted traffic but nothing I've read indicates this is possible. So I'm left with viewing data over WiFi from the outside (monitor mode) and capturing the encrypted traffic packets with the hope of decrypting it later (on the basis I should logically have the key somewhere).
The last step I've tried is running tcpdump on the pineapple tetra from a kali linux terminal (ssh email@example.com tcpdump -i wlan1mon -U -s 0 -n 'not port 22' -w - | wireshark -k -i -) whilst connected to the Pineapple management AP on the linux machine. I can see packets being captured in wireshark but it appears to be mostly beacons / probes and the occasional data packet based on the final column in wireshark but everything appears to be protocol 802.11 which I'm guessing indicates everything is encrypted
I've attempted to load the decrypt keys into wireshark (Edit > Preferences > IEEE 802.11) based on PSK raw data key from this https://www.wireshark.org/tools/wpa-psk.html but still all I see in the Wireshark capture is 802.11 so I don't think the decrypt it is working properly. I have connected my phone to the target SSID and browsed the net during the capture but I'm not seeing anything in the wireshark capture, I can't even spot the phone browsing traffic in all the packets being captured so not even sure its working properly
What I Need Help With
I am very new to this level of networking but I am trying to learn
Am I heading in the right line?
Is tcpdump the right tool for this or is there a better solution?
Is there any way I can reduce what is coming in on the packet capture so it just focuses on the SSID or better the device I am interested in?
Is there anything I am not doing, that needs to be done to decrypt the data in the capture?
Are there alternatives to achieve the capture of packets I want wirelessly that I've not discovered yet?
Am I even approaching this in the right way?
An exact line by line solution to achieve what I want would be great but most of all I would like to understand what I am doing and how it works, so even if you aren't able to give the step by step guide pointers into what I may be doing wrong will be gratefully received.