Setting promiscuous mode in WIFI card

1

I am on a home network behind a router and I want to capture traffic b/w router and other devices like PCs. All the devices are connected using Wi-Fi with the router.

My Wi-Fi driver is ath9k, I know my card is capable, tried setting card in promisc mode using commands "ifconfig wlp1s0 promisc" and also tried insering "PROMISC=yes" in ifcfg- script.

When executing command netstat -i I am able to see Flg=BMPRU, but when I run tcpdump or wireshark I only see unicast traffic to my PC.

I am using Centos 7.

Vikram Singh

Posted 2014-11-29T19:29:20.890

Reputation: 275

1http://wiki.wireshark.org/CaptureSetup/WLAN#Promiscuous_mode – Goz – 2014-11-29T19:47:36.483

Answers

3

It's a Wi-Fi network, so you need monitor mode; promiscuous mode generally doesn't work very well in Wi-Fi adapters.

Note that, if your network is a "protected" network, using WEP or WPA/WPA2, you will need to use Wireshark, or some other network analyzer that can decrypt the encrypted packets on a protected network, and will need to provide it with the network's password. For WPA/WPA2, you will also need to capture the initial "EAPOL handshake" for each device whose traffic you want to capture, which may require putting those devices to sleep before you start the capture, starting the capture, and waking them up after you start the capture. See the Wireshark Wiki page on decrypting 802.11 for more information.

(Remember, the whole point of WEP and WPA/WPA2 is to make it hard to sniff the network!)

user164970

Posted 2014-11-29T19:29:20.890

Reputation:

Asked: 2014-11-29T19:29:20.890

Viewed: 3 522 times

Active: 2014-11-29T21:42:22.243