Jump to content

Wireless Snifing With Wireshark


Recommended Posts

Hi all,

Hope someone can help plz.

Ive recently been playing around with WiFi, recently cracking WEP and WPA1/2.

So what I wanted to do next was start to sniff the wireless networks I was on, other devices traffic (doing this on my own network so dont worry ;) )

So I booted up BT

Put my ALFA awus036h card into monitor mode using airmon-ng

Authenticated onto my WPA2 network

Obtained an ip address

Fired up Wireshark and Tshark but all I could view was my own traffic (On BT) and the traffic my target (other laptop) was sending out on broadcast.

Ive looked at the Wireshark settings but cant for the life of me work out what I am missing

Any help?


Commands I used -

ifconfig wlan0 down

airmon-ng start wlan0

wpa_supplicant -Dwest -imon0 -c /etc/wpa_supplicant.conf (to connect to my AP, using mon0 not wlan0)


fired up wireshark and listened on mon0.... but nothing


Also I tried using both RTL8187 driver and R8187

RTL8187 authenticated but couldnt see anything

R8187 would not authenticate

Link to comment
Share on other sites

1) Do you have AP isolation enabled on your wireless router?

2) Make sure airmon-ng is set to listen on a channel, but what baffles me here is that you are authenticated to your wireless network, so technically you should be able to sniff your wireless traffic.

3) Your backtrack machine is it on, a laptop or on a desktop computer? (make sure only the alfa network card is enabled, all other nics disabled).

Edited by Infiltrator
Link to comment
Share on other sites

Thanks for the reply.

1. I dont know what you mean by AP isolation, could you expand please?

2. Thats what I thought, but I then decided it was probably due to Monitor mode not working correctly.

As I understand it you cant just join a network and fireup wireshark, the interface will ignore all traffic apart from broadcast and unicast for its IP. (correct me if I am wrong)

I will try and specify the channel its on.

3. Its on my desktop, yup I was just running the one network card and was ensuring that was the one I was using in wireshark, it was in my list as mon0.


Link to comment
Share on other sites

AP isolation, is a security feature in wireless routers that helps prevent MITM attacks. It works by isolating each wireless client from each other. So you might want to check if your router has this feature turned on.

Edit: I just went over your post again, and realized that you haven't specified a channel for airmon-ng to listen on.

airmon-ng start wlan0 6

Edited by Infiltrator
Link to comment
Share on other sites

You can't connect on mon0 while trying to do monitor mode. mon0 should be in monitor mode to listen to traffic around you. In order to connect to an access point, it would put the card in managed mode, which only shows your own traffic. Generally, if you have a card with two radios/antennas like the alphas and realteks, you run airmon and you should then get two wifi adapters under ifconfig -a. One to monitor and inject from, and the other to associate and connect with. 1 should be in monitor mode, while the other is in managed mode. Also, if you have only 1 card that has only 1 radio/antenna, then you need two physical cards to do both monitor mode and managed mode for connecting.

Link to comment
Share on other sites

  • 5 weeks later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...