TN.Frank Posted September 19, 2014 Posted September 19, 2014 Ok, just watched the latest HakTip where Sunbs is going over how to use WireShark and it's got me interested again so I've installed it into my Manjaro install and need to know how to set things up so I can use it. There's no capture options coming up when I look for them. What do I need to do or add to be able to see my wifi in order to capture some packets? Thanks in advance for any help ya'll can give. Quote
i8igmac Posted September 19, 2014 Posted September 19, 2014 I did not watch the episode. But I will try to provide a quick set of instructions. once you have Wireshark up and running and you see data flowing, you can filter out specific traffic... http example try clicking on a specific packet, the bottom window you will see IP address and other specific information that you can filter through,in this window it's like a drop down menu continue to drop down until you find a specific string that you would like to filter. right click on the IP address and apply as filter, you can also right click the port number and click OR AND NOT SELECT using this right click method you can learn the filtering language. you could copy this string and paste into the command line with other applications Quote
i8igmac Posted September 19, 2014 Posted September 19, 2014 I did not watch the episode. But I will try to provide a quick set of instructions. once you have Wireshark up and running and you see data flowing, you can filter out specific traffic... http example try clicking on a specific packet, the bottom window you will see IP address and other specific information that you can filter through,in this window it's like a drop down menu continue to drop down until you find a specific string that you would like to filter. right click on the IP address and apply as filter, you can also right click the port number and click OR AND NOT SELECT using this right click method you can learn the filtering language. you could copy this string and paste into the command line with other applications Quote
TN.Frank Posted September 19, 2014 Author Posted September 19, 2014 (edited) It's getting it up and running that's the problem. I see no sources to pull data from in my list. It tells me that there are no interfaces on which a capture can be done. Edited September 19, 2014 by TN.Frank Quote
TN.Frank Posted September 19, 2014 Author Posted September 19, 2014 (edited) Ok, so help me figure this one out. If I open WireShark from the icon in my menu list I can't capture any packets but if I open it from Terminal with "sudo wireshark" then I can capture packets but I get some warnings about how it's not good to run WireShark as root, yada, yada, yada. Anyway, can someone give me a reader's digest version of how I can set up WireShark so I can open it with the icon and have privileges to capture packets without having to run as root? I read the web page on this but it's just all so much gibberish to me, need it in simple terms please. Setting network privileges for dumpcap 1. Ensure your linux kernel and filesystem supports File Capabilities and also you have installed necessary tools. 2. "setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' /usr/sbin/dumpcap" 3. Start Wireshark as non-root and ensure you see the list of interfaces and can do live capture. Ok, so can someone translate this for me? Yes, my Manjaro Xfce install has the capabilities but what other tools do I need? what do I do with #2 on the list? Just type it into Terminal or something? Edited September 19, 2014 by TN.Frank Quote
TN.Frank Posted September 19, 2014 Author Posted September 19, 2014 Ok, went to here: https://wiki.archlinux.org/index.php/wireshark Did this: sudo gpasswd -a "ME" wireshark did a reboot and Bob's my mom's brother. Quote
TN.Frank Posted September 19, 2014 Author Posted September 19, 2014 Ok so I'm able to capture my own traffic and I've figured out how to set wlan0 in Wireshark to monitor mode so that should be capturing other people local traffic from their wifi. Now I just need to know what to do with all this data,LOL. This IS something that I'm going to learn and figure out one way or the other because I think it would be a useful tool to have in my toolbox. Quote
TN.Frank Posted September 20, 2014 Author Posted September 20, 2014 Alright, I went into promiscuous mode and monitor mode and captured some packets. When I looked at my wifi connection drop down it had my wifi card listed but said "device not ready" but I did get some packets so where did they come from? Quote
barry99705 Posted September 20, 2014 Posted September 20, 2014 Should point you in the right direction. http://wiki.wireshark.org/CaptureSetup/WLAN Quote
TN.Frank Posted September 20, 2014 Author Posted September 20, 2014 Thanks for the link. I'm thinking that I need to go into Terminal and set my wifi card to monitor mode, i.e. mon0 in order for Wireshark to be able to use monitor mode, that's why it was saying "device not ready". Anyway, I'll read the link in a bit, thanks again. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.