Jump to content

Wireshark Not Collection Packages From Wifi

RonnieJ

By RonnieJ
in Hacks & Mods

 Share

Recommended Posts

RonnieJ Newbie

RonnieJ

Posted
Posted

Hey guys...

So I have tried wireshark through linux and windows platform without luck...

I'm trying to capture the WIFI http traffic on my own wireless network at home, but without luck... I have changed the wifi interface so it listens on the same channel as the router is using but I only pickup the traffic between the router and the computer running wireshark. The interface is running in promiscuous mode.. Any ideas what I could do?

When I use linux I used airmon-ng to enable monitor mode but I wasent able to set the channel as it said -1 all the time.... thats why im trying the windows way at the moment...

/Ronnie

Link to comment
Share on other sites
RonnieJ Newbie

RonnieJ

Posted
  • Author
Posted

Question would be does your card support promiscuous mode?

And that is a good question... I have no idea...

I have read a lot of issues with the broadcom wireless adaptors and monitor mode... not sure its an issue with promiscuous mode. It dosent seem to complain in wireshark when I enable it.

Link to comment
Share on other sites
Mr-Protocol Grand Master

Mr-Protocol

Posted
Posted

If you google that question you would get an answer. Alpha is a well known good one. I have a broadcomm in my old laptop and it works just fine with injection (BCM4306).

Also with wireshark you have to run as Administrator (in windows) or run as root/create the proper permissions for linux/BT5

Link to comment
Share on other sites
digip Newbie

digip

Posted
Posted

1 - What card do you have 2- What OS

Even if you didn't put it into monitor mode, it should still pick up your own packets with any valid Ethernet NIC, wired or wireless. Monitor mode is only for wireless cards that support it, but that comes after seeing if wireshark can even use the NIC in question.

Link to comment
Share on other sites
Mr-Protocol Grand Master

Mr-Protocol

Posted
Posted

1 - What card do you have 2- What OS

Even if you didn't put it into monitor mode, it should still pick up your own packets with any valid Ethernet NIC, wired or wireless. Monitor mode is only for wireless cards that support it, but that comes after seeing if wireshark can even use the NIC in question.

Nope. Windows 7 you need to run as "Administrator" and linux you either need to run as root (which is not recommended), or create the proper permissions to allow it to capture packets.

Link to comment
Share on other sites
digip Newbie

digip

Posted
Posted

Again what card, and what OS. If Linux, some cards require you to configure them while the nic is down, which means you have to manually make changes to it, then bring it up.

Type in ifconfig down nicID

iwconfig nicid mode monitor rate 1M

ifconfig nicid up promisc

Replace nicid with that of your card, ex: eth0, ath0, etc.

Windows 7, does not do monitor mode unless its a specific type of wifi dongle with special drivers, ie: airpcap cards.

If it gets any errors on this manually, you can then see where its failing. Also, when capturing in airodump, you can specifiy the channel in the cli, no need to set the card to the channel ahead of time. That way if you want to restart airodump-ng on a different channel, you can do that on the fly. I personally never use airmon-ng to start my cards up though, I only use airodump to create pcap files after manually putting my card in monitor mode. Reason being is I also have a ralink RT73, which I use iwpriv commands to do prism stuff and change different things specific to the card. Airmon doesn't help with this.

Nope. Windows 7 you need to run as "Administrator" and linux you either need to run as root (which is not recommended), or create the proper permissions to allow it to capture packets.

Assuming he is admin, if not, use sudo with those commands, but that didn't seem to be an issue since he said he was able to see some traffic, just wasn't sure from which OS.

Link to comment
Share on other sites
digip Newbie

digip

Posted
Posted

Only way to get it to capture in Win7 is to right click, run as Administrator. Even if you are an "Administrator" account.

Thats not true. I run wireshark, both portable and installed, and don't have to "run as administrator" right click it to make it work in windows 7.

Link to comment
Share on other sites
digip Newbie

digip

Posted
Posted

I do or it will not capture packets.

Thats weird. Are you using Home edition? I'm running 64-bit Pro edition, and don't have any problems with it. Fully patched, SP1, all computability updates. I recall when 7 first came out, certain programs(notepad++ for example) wouldn't run unless I did that, but never had issue with Wireshark. All versions of Wireshark work for me with no right click start as admin to run it.

Link to comment
Share on other sites
digip Newbie

digip

Posted
Posted

64 bit Pro. i just did a reinstall i'll try it again.

Edit: I think my thing was before. i did not let WinPCap run on startup, so i would have to run as administrator so it would fire up winpcap.

Yeah, I have it installed as a service, but set to manual. It never starts, but does what it needs to I guess.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...