Is it possible to capture, using Wireshark, regular data sent by another machine inside my Wireless LAN?
Asked
Active
Viewed 627 times
1
-
Not without some additional trickery. For example, by setting up a fake AP. Note, you still won't be able to see the https traffic, you need to utilize a https proxy for that. – peterh Apr 05 '19 at 16:14
-
@Glorfindel I am not so sure, that question asks for the capture, which is much easier, and not for also the decryption (maybe interception). Although the real question is probably also the decoding. – peterh Apr 05 '19 at 16:17
1 Answers
0
Not really. Use airodump-ng for that. airodump-ng will provide PCAP-files that can be examined with Wireshark.
[edit] some explanation, because of downvote and comment:
Theoretically, you could put your Wlan card in monitoring mode
sudo ifconfig wlan1 down
sudo iwconfig wlan1 mode monitor
and use both tools to monitor the network. Ideally, you would use an interface that you reserve specifically for this purpose.
In practice though, we often see a factor more packets in the airodump output than in the wireshark output. This is not uncommon: others have reported this as well. Some have suggested that it might be a driver issue, but I have seen this on multiple Wlan devices (with different kernel modules).
So my advice is still: use airodump-ng for that.
Ljm Dullaart
- 1,897
- 4
- 11
-
Why not? Just set the wireless antenna to monitor mode and listen to that interface. Wireshark can also create pcap files btw. – Azteca Apr 05 '19 at 20:56
-