Sniff network packets that don't talk to my computer?

Question

How would one sniff wireless network packets that do not pass directly through my computer- without access the the AP or router?

I want to be able to sniff for network traffic (even while encrypted) when authenticated to the network and when not authenticated.

Thanks

Are you talking about wireless or wired? Also, you want to sniff wifi for a network you are *not* authenticated on? — d1str0, Mar 15 '16 at 21:11
@d1str0 Wireless. And I would like to look at both, but I suppose the authenticated network would be easier at first. — userJoe, Mar 15 '16 at 21:13
You CAN capture wireless packets, but they will be useless to you unless you know they key to decrypt them. — xorist, Mar 15 '16 at 21:13
@l1thal, I'm looking at the 'how' to do that. I'm interested in even seeing what "useless" packets look like — userJoe, Mar 15 '16 at 21:14
If you want to learn how to do this, I can show you. Add me on skype - l1thal. otherwise, please change your question to ask 'how' and not 'is it possible' — xorist, Mar 15 '16 at 21:17
I remember in the past you need a certain kind of wifi transmitter capable of driving these sniffing modes, I'm not sure if this is nowa standard or not... I believe there is a way to sniff wifi internet packets via cell phones. — Cryptixer, Mar 16 '16 at 04:10

score 3 · Answer 1 · answered Mar 15 '16 at 23:27

You need to run in monitor mode; promiscuous mode doesn't always work with Wi-Fi adapters (and may not even be supported for Wi-Fi on some OSes or with some Wi-Fi adapters).

Whether Wireshark can do it by itself depends on the OS. On OS X, it can; on Linux, it could, in theory, but for complicated reasons it can't, on most if not all distributions, in practice, so you need aircrack-ng's airmon-ng script to turn monitor mode on, and you can capture after that; on Windows, it can't do it at all except with an AirPcap adapter; on other OSes, maybe, maybe not. See the Wireshark Wiki's page on WLAN capturing for details.

score 2 · Accepted Answer · edited Mar 17 '17 at 10:46

2

Yes. You are looking for promiscuous mode or monitor mode.

https://security.stackexchange.com/a/37000/28585

edited Mar 17 '17 at 10:46

Community

1

answered Mar 15 '16 at 21:15

d1str0

2,348
14
24

Thanks. So would Wireshark do the job by itself or is it necessary to use Aircrack-ng suite...assuming you're authenticated? – userJoe Mar 15 '16 at 21:18
If only it was enough...There are so much more to it than this. – Rui F Ribeiro Mar 15 '16 at 22:37
1

Nope, promiscuous mode won't necessarily work; you probably need monitor mode. – Mar 15 '16 at 23:28

Sniff network packets that don't talk to my computer?

2 Answers2