RonnieJ Posted October 31, 2011 Share Posted October 31, 2011 Hey guys... So I have tried wireshark through linux and windows platform without luck... I'm trying to capture the WIFI http traffic on my own wireless network at home, but without luck... I have changed the wifi interface so it listens on the same channel as the router is using but I only pickup the traffic between the router and the computer running wireshark. The interface is running in promiscuous mode.. Any ideas what I could do? When I use linux I used airmon-ng to enable monitor mode but I wasent able to set the channel as it said -1 all the time.... thats why im trying the windows way at the moment... /Ronnie Quote Link to comment Share on other sites More sharing options...
RonnieJ Posted October 31, 2011 Author Share Posted October 31, 2011 Oh I see I created it in the wrong category! Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted October 31, 2011 Share Posted October 31, 2011 Question would be does your card support promiscuous mode? Quote Link to comment Share on other sites More sharing options...
RonnieJ Posted October 31, 2011 Author Share Posted October 31, 2011 Question would be does your card support promiscuous mode? And that is a good question... I have no idea... I have read a lot of issues with the broadcom wireless adaptors and monitor mode... not sure its an issue with promiscuous mode. It dosent seem to complain in wireshark when I enable it. Quote Link to comment Share on other sites More sharing options...
RonnieJ Posted October 31, 2011 Author Share Posted October 31, 2011 Maybe I should acquire a wifi dongle that is known to work perfectly... you know any? Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted November 1, 2011 Share Posted November 1, 2011 If you google that question you would get an answer. Alpha is a well known good one. I have a broadcomm in my old laptop and it works just fine with injection (BCM4306). Also with wireshark you have to run as Administrator (in windows) or run as root/create the proper permissions for linux/BT5 Quote Link to comment Share on other sites More sharing options...
bobbyb1980 Posted November 1, 2011 Share Posted November 1, 2011 I've had good results with both Atheros and Ralink based cards, there's a ton of them out there. The alfa is going to be the funnest though. Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted November 1, 2011 Share Posted November 1, 2011 (edited) I also have 2 USB cards that work. Linksys WUSB600N V1 and V2 My i5 laptop has Atheros :D Edited November 1, 2011 by Mr-Protocol Quote Link to comment Share on other sites More sharing options...
digip Posted November 1, 2011 Share Posted November 1, 2011 1 - What card do you have 2- What OS Even if you didn't put it into monitor mode, it should still pick up your own packets with any valid Ethernet NIC, wired or wireless. Monitor mode is only for wireless cards that support it, but that comes after seeing if wireshark can even use the NIC in question. Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted November 2, 2011 Share Posted November 2, 2011 1 - What card do you have 2- What OS Even if you didn't put it into monitor mode, it should still pick up your own packets with any valid Ethernet NIC, wired or wireless. Monitor mode is only for wireless cards that support it, but that comes after seeing if wireshark can even use the NIC in question. Nope. Windows 7 you need to run as "Administrator" and linux you either need to run as root (which is not recommended), or create the proper permissions to allow it to capture packets. Quote Link to comment Share on other sites More sharing options...
digip Posted November 2, 2011 Share Posted November 2, 2011 Again what card, and what OS. If Linux, some cards require you to configure them while the nic is down, which means you have to manually make changes to it, then bring it up. Type in ifconfig down nicID iwconfig nicid mode monitor rate 1M ifconfig nicid up promisc Replace nicid with that of your card, ex: eth0, ath0, etc. Windows 7, does not do monitor mode unless its a specific type of wifi dongle with special drivers, ie: airpcap cards. If it gets any errors on this manually, you can then see where its failing. Also, when capturing in airodump, you can specifiy the channel in the cli, no need to set the card to the channel ahead of time. That way if you want to restart airodump-ng on a different channel, you can do that on the fly. I personally never use airmon-ng to start my cards up though, I only use airodump to create pcap files after manually putting my card in monitor mode. Reason being is I also have a ralink RT73, which I use iwpriv commands to do prism stuff and change different things specific to the card. Airmon doesn't help with this. Nope. Windows 7 you need to run as "Administrator" and linux you either need to run as root (which is not recommended), or create the proper permissions to allow it to capture packets. Assuming he is admin, if not, use sudo with those commands, but that didn't seem to be an issue since he said he was able to see some traffic, just wasn't sure from which OS. Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted November 2, 2011 Share Posted November 2, 2011 Only way to get it to capture in Win7 is to right click, run as Administrator. Even if you are an "Administrator" account. Quote Link to comment Share on other sites More sharing options...
digip Posted November 2, 2011 Share Posted November 2, 2011 Only way to get it to capture in Win7 is to right click, run as Administrator. Even if you are an "Administrator" account. Thats not true. I run wireshark, both portable and installed, and don't have to "run as administrator" right click it to make it work in windows 7. Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted November 2, 2011 Share Posted November 2, 2011 I do or it will not capture packets. Quote Link to comment Share on other sites More sharing options...
digip Posted November 3, 2011 Share Posted November 3, 2011 I do or it will not capture packets. Thats weird. Are you using Home edition? I'm running 64-bit Pro edition, and don't have any problems with it. Fully patched, SP1, all computability updates. I recall when 7 first came out, certain programs(notepad++ for example) wouldn't run unless I did that, but never had issue with Wireshark. All versions of Wireshark work for me with no right click start as admin to run it. Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted November 3, 2011 Share Posted November 3, 2011 (edited) 64 bit Pro. i just did a reinstall i'll try it again. Edit: I think my thing was before. i did not let WinPCap run on startup, so i would have to run as administrator so it would fire up winpcap. Edited November 3, 2011 by Mr-Protocol Quote Link to comment Share on other sites More sharing options...
digip Posted November 3, 2011 Share Posted November 3, 2011 64 bit Pro. i just did a reinstall i'll try it again. Edit: I think my thing was before. i did not let WinPCap run on startup, so i would have to run as administrator so it would fire up winpcap. Yeah, I have it installed as a service, but set to manual. It never starts, but does what it needs to I guess. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.