I know that WPA/WPA2 encryption is a pretty good safeguard against snooping by people outside a wireless network. But can someone in the network (i.e. who has been given the shared key) monitor/intercept the traffic (e.g. plain http browsing) of another user on the same network?
EDIT: additional scenario: Alice is on wireless; Bob is connected via ethernet cable to the router. Can Alice intercept Bob's traffic?
The short answer is, no, with only the pre-shared key (PSK) you cannot decrypt other user's traffic, but, it is fairly simple to collect the additional information needed to decrypt the traffic. Stations don't directly use the PSK to encrypt packets. Instead, they use the PSK to generate a Pairwise Master Key (PMK) which in turn generates the Pairwise Transient Key (PTK) used for encrypting packets. Both parties, the station and access point (AP), calculate the PTK using nonces (random numbers), the MAC addresses, and a couple other pieces of data combined with the PMK. All the data other than the PSK is in the 4-way handshake and is not encrypted.
So knowing the PSK and collecting the 4 frames of the RSN protocol (a.k.a the 4-way handshake) is enough information to feed into something like Wireshark and decrypt traffic between a station and AP. You can argue that collecting the data from the 4-way handshake is timing sensitive, but several (free) tools exist that allow a third party to forge de-authentication packets enabling an attacker to better predict when to capture this information.
Sadly, the answers to this question are out of date and therefore incorrect. Even user 'ctuffli' claims that the short answer is 'no' while providing a possible way afterwards. It is indeed possible and rather easy to eavesdrop if you are already authenticated inside a WPA/WPA2-PSK wireless network.
Although every wireless client uses individual session keys with the access point (AP), it is possible to perform a de-authentication attack against such a client, which leads to it repeating it's 4-way-handshake with the AP. If this handshake is successfully captured, the attacker can eavesdrop on the data transmitted between victim and AP.
Please note that such an attack is also depending on physical factors, such as the locations of AP, victim and attacker device and may become more difficult through beamforming. Moreover, you need a WIFI adapter that can be put into monitoring mode, which not every model provides.
This attack is inside the standard hacking repertoire and may easily be conducted with tools such as wireshark or aircrack-ng.
Similar questions were posted here and here, where the latter one luckily contains an answer with an update to these circumstances.
No they can't. WPA/WPA2 provides different per session key for data encryption. PSK start with the same passphrase, however each station is given different key for unicast traffic. The only traffic you will see(or decrypt) through sniffer is broadcast packet. So the situation is same as you sniffer traffic when you are connected to wire switch.
q2) No. alice is not able to intercept.
Directly, no. In terms of ARP floods or man-in-the-middle attacks (in ARP or at a higher level), these will be prevented by some access points that can be set to disallow direct traffic between wireless clients. ie all clients can see networks on the uplink side of the AP, but traffic addressed from one wireless client to another will be dropped.
As for whether a wired user can get the traffic, it's complicated. If Bob is passively eavesdropping on a switched port, he won't see much in normal operation. If the wireless and wired networks are one ethernet segment, and the ARP tables in the switching part of the router overflow and it starts broadcasting everything to everyone, then Bob will see everything in the clear. Bob can induce this by ARP flooding, or he can be more subtle and spoof ARP of a router distinct from the access point.
Alice cannot see any of Bob's traffic that does not communicate with other wireless users or broadcast traffic. Alice could see the traffic from Bob to wireless users but the traffic would be encrypted (except possibly for broadcast).
As Joshua said, each computer will have its own session key so other users will not be able to read the data.
