0

I've been read a lot about it, but I'm not 100% sure about it. The most clear response I've found is https://security.stackexchange.com/a/167845/163215

So, according to this, in this scenario:

I have a MacBook connected to a network using wifi, and with Wireshark installed and capturing in promiscuous mode. In the same Wifi network, there is a host A that is sending and receiving TCP packets with www.google.es. I do not have access neither to A nor the router.

It's impossible to see in the Wireshark session any of the packets. This is what it's happening in the test that I have done, I only can see a few UDP from the host A.

So, is all of this true? Or do I have any mechanism to see the TCP packets between host A and Google?

Another approach is capturing in monitor mode, but obviously it has an enormous amount of noise. But I have been reading that it's possible to "decrypt" 802.11 traffic with a key using the WPA key but I haven't been able to achieve it yet. What result I would obtain with this? Could be possible to filter the traffic to only packets of my network and then translate them to something with information about IP or TCP layers?

p0kero
  • 1
  • 1
  • Are you sure that you turned your network card into promiscuous mode? Not all cards support it. – Aviv Lo Apr 21 '20 at 23:25
  • WEP used a common key but WPA negotiates individual keys for each client. – user10216038 Apr 22 '20 at 00:06
  • Yes, you can decrypt 802.11 frames just like you want if you have the PSK and the client's handshake: https://wiki.wireshark.org/HowToDecrypt802.11 You can filter on 802.11 management frames just like packets. – multithr3at3d Apr 22 '20 at 03:22
  • Thank you @multithr3at3d, I had read about 12 answers in this website but no that one. – p0kero Apr 23 '20 at 08:01

0 Answers0