barry Posted March 15, 2012 Share Posted March 15, 2012 Hi all, Hope someone can help plz. Ive recently been playing around with WiFi, recently cracking WEP and WPA1/2. So what I wanted to do next was start to sniff the wireless networks I was on, other devices traffic (doing this on my own network so dont worry ;) ) So I booted up BT Put my ALFA awus036h card into monitor mode using airmon-ng Authenticated onto my WPA2 network Obtained an ip address Fired up Wireshark and Tshark but all I could view was my own traffic (On BT) and the traffic my target (other laptop) was sending out on broadcast. Ive looked at the Wireshark settings but cant for the life of me work out what I am missing Any help? ----------------------------- Commands I used - ifconfig wlan0 down airmon-ng start wlan0 wpa_supplicant -Dwest -imon0 -c /etc/wpa_supplicant.conf (to connect to my AP, using mon0 not wlan0) dhclient fired up wireshark and listened on mon0.... but nothing ------------------------------ Also I tried using both RTL8187 driver and R8187 RTL8187 authenticated but couldnt see anything R8187 would not authenticate Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted March 16, 2012 Share Posted March 16, 2012 (edited) 1) Do you have AP isolation enabled on your wireless router? 2) Make sure airmon-ng is set to listen on a channel, but what baffles me here is that you are authenticated to your wireless network, so technically you should be able to sniff your wireless traffic. 3) Your backtrack machine is it on, a laptop or on a desktop computer? (make sure only the alfa network card is enabled, all other nics disabled). Edited March 16, 2012 by Infiltrator Quote Link to comment Share on other sites More sharing options...
barry Posted March 16, 2012 Author Share Posted March 16, 2012 Thanks for the reply. 1. I dont know what you mean by AP isolation, could you expand please? 2. Thats what I thought, but I then decided it was probably due to Monitor mode not working correctly. As I understand it you cant just join a network and fireup wireshark, the interface will ignore all traffic apart from broadcast and unicast for its IP. (correct me if I am wrong) I will try and specify the channel its on. 3. Its on my desktop, yup I was just running the one network card and was ensuring that was the one I was using in wireshark, it was in my list as mon0. Cheers Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted March 16, 2012 Share Posted March 16, 2012 (edited) AP isolation, is a security feature in wireless routers that helps prevent MITM attacks. It works by isolating each wireless client from each other. So you might want to check if your router has this feature turned on. Edit: I just went over your post again, and realized that you haven't specified a channel for airmon-ng to listen on. airmon-ng start wlan0 6 Edited March 16, 2012 by Infiltrator Quote Link to comment Share on other sites More sharing options...
digip Posted March 16, 2012 Share Posted March 16, 2012 You can't connect on mon0 while trying to do monitor mode. mon0 should be in monitor mode to listen to traffic around you. In order to connect to an access point, it would put the card in managed mode, which only shows your own traffic. Generally, if you have a card with two radios/antennas like the alphas and realteks, you run airmon and you should then get two wifi adapters under ifconfig -a. One to monitor and inject from, and the other to associate and connect with. 1 should be in monitor mode, while the other is in managed mode. Also, if you have only 1 card that has only 1 radio/antenna, then you need two physical cards to do both monitor mode and managed mode for connecting. Quote Link to comment Share on other sites More sharing options...
arcane Posted April 15, 2012 Share Posted April 15, 2012 (edited) I get the same thing when I try to sniff packets with wifi. Home routers act more like a switch then a hub. Try arp spoofing and see if that works :) Edited April 15, 2012 by arcane Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.