3
I've installed Wireshark and configured it to let my user run it with all needed privileges (I enabled dumpcap
and added my user to wireshark
group, then restarted).
Devices are shown and capture starts well. The problem is that only packets sent to and directed to the PC where Wireshark is running are captured. Obviously I enabled Promiscuous mode in the capture options dialog.
For example, if I run Wireshark and then surf the web on Firefox, packets are captured. If I start browsing with my smartphone, instead, no packet is captured (PC and smartphone are connected to the same domestic WiFi network).
I'm working with a WiFi device wlan0
with ath9k
drivers. Here you are the output of ifconfig wlan0
and lspci | grep Wireless
:
lorenzo@XUBUNTU:~$ ifconfig wlan0
wlan0 Link encap:Ethernet HWaddr 5c:ac:4c:32:dc:1d
indirizzo inet:192.168.1.100 Bcast:192.168.1.255 Maschera:255.255.255.0
indirizzo inet6: fe80::5eac:4cff:fe32:dc1d/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1585 errors:0 dropped:0 overruns:0 frame:0
TX packets:1782 errors:0 dropped:0 overruns:0 carrier:0
collisioni:0 txqueuelen:1000
Byte RX:970355 (970.3 KB) Byte TX:401610 (401.6 KB)
lorenzo@XUBUNTU:~$ lspci | grep Wireless
03:00.0 Network controller: Atheros Communications Inc. AR9287 Wireless Network Adapter (PCI-Express) (rev 01)
What I want to achieve is to examine the network traffic of my smartphone using my PC running Wireshark, both connected to the same personal domestic WiFi access point.
Please help me!!
PS: I posted this question on AskUbuntu too, but it not helped me. I re-posted here just because I see there are more Wireshark related answers here than there... Sorry for that.
I cannot use a wired connection with the smartphone :D And yes, I am using WPA (I will try switch temporarly to WEP, but I'm interesed to make it work with WPA). Thank you, I will try those Wireshark settings ASAP, I'm not at home right now. But, that means that the sniffer PC has to be disconnected from the inspected wireless network during sniffing? – lorenzo-s – 2011-12-29T10:34:46.157
@lorenzo-s No, it should work connected, but try both, some parts of how all this works are dependent on the driver implementation. Also give airpcap a go as an alternative to wireshark doing the decryption (wireshark will detect its presence and can configure it) – Paul – 2011-12-29T10:44:53.317
just disable the encryption and try. – Vineet Menon – 2011-12-29T12:37:05.590