Jump to content

Is it possible to intercept all decrypted traffic on a wifi network using kali?


Recommended Posts

Hello everybody,

I'm a starting user of kali linux.

And i have a question about the possibility of using a tool like wireshark or airodump-ng on *one* kali linux client to monitor *all* traffic on my wifi network (also data requests from other clients -> http, smtp, ftp, etc).

So far i've been able to intercept all traffic from 1 client to the router, and have played around with wifi in monitor mode (using airmon-ng).

I imagine something like below, but with added decryption using my wpa2 password might be able to work (not sure how to do it though):

airmon-ng start wlan0
airodump-ng -c (channel) --bssid (bssid) -w filename mon0

But so far i've not been able to find the right documentation (or maybe it's just not possible),

Can anybody point me in the right direction with this?

Thanks in advance for any ideas or information.

Best regards,

Link to comment
Share on other sites

Are you a starting user of Kali Linux, or are you a starting user of Linux and you chose Kali to start with?

I realise I might start sounding like a stuck record, but if you're not comfortable running Linux, Kali is without a doubt the WORST place to start. It's like starting to drive in an F1 race car while your bicycle still has its training wheels on. Seriously, Wireshark runs just fine on Ubuntu, Suse, Redhat and all the other big brands out there. If you're new to Linux, start with something like that.

Wireshark will show you ALL the traffic it sees. If you monitor the frequency your AP is listening on, you should see everything from everyone on that frequency. If there's another AP on a different frequency (of channel if you must), you likely won't see any of its traffic. If the other AP is on the same frequency, you will.

Start reading here. On the left there's the Documentation. If you have a specific question, please feel free to ask.

Link to comment
Share on other sites

It depends from where and how you are sniffig. On an Open WiFi access point(no WEP or WPA) Wireshark will show you all unencrypted traffic you can see based on your cards capabilities(*what you see depends on monitor mode vs managed mode), but not all traffic for others UNLESS their traffic is unencrypted.

If on WPA access points, or even a wired network, then only if their traffic is flowing through your machine can you see it(unless you're on a hub that broadcasts everything, no one should have a hub in use today, but is the easiest way to tap a lan using a hub in between switches and rotuers to see all traffic on a network).

If you have a router with tcpdump capabilities, then you can dump specific local IP data to a pcap and open in wireshark later which does not require Kali(It's really the tools in Kali you want to be familiar with, which Kali to me, is the best place to get your feet wet), but the easiest way to capture another machines traffic is a MITM attack, which afterwards wireshark will see all the "unencrypted" traffic. It still won't show you SSL/TLS or VPN related traffic other than it's encapsulated bits, for which you would need something like SSL strip, ettercap, or DNS binding attacks to force them off SSL and through your own server(which you cna start various services in Kali for web server and DNS attacks). VPN traffic would be a bit harder, but the most I've seen for VPN attacks is leaking the end users real IP address. I've yet to see attacks that show the decrypted traffic, but sure some "insert nation state of your choice that has weakened encryption standards for their own gain" here.

I don't think the OS matters as much as your knowledge of working with linux in general, and understanding the fundamentals behind the attacks for which each tool serves to carry out those attacks. Learning from Kali vs any other Distro in my opinion, would be the same, except with Kali, you don't have to go through the PITA setup of getting most tools to work or installed with all their dependencies. Kali is a bit more refined these days than the older Back|Track was, and in the 2.0 update coming next month, things are going to be more like a mainstream debian/ubuntu based desktop and an everyday driver.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...