1
I am running Ubuntu Linux and have installed wireshark on it. I can see the incoming and outgoing traffic just fine. Now I want to see the traffic from other devices which are on my LAN. So, I did:
$ ifconfig wlan0 promisc
Now I pick up my phone which is on the same network (LAN) and go to stackoverflow.com. Now I come back to wireshark stop the capturing and then filter the traffic with http but there is nothing. What did I miss?
Anonymous
Posted 2015-08-29T06:27:24.297
Reputation: 113
0
I infer from "wlan0" that this is a Wi-Fi network. That means you need to capture in monitor mode. If this is a "protected" network, using WEP or WPA/WPA2 to encrypt traffic, you will also need to supply the password for the network to Wireshark and, for WPA/WPA2 networks (which is probably what most protected networks are these days), you will also need to capture the phone's initial "EAPOL handshake" when it joins the network, so you'd want to put your phone to sleep (turning it off should put it to sleep), start a capture, and then wake it up (turn it on) and access Stack Overflow.
See the Linux section of the "how to capture on an 802.11 network" page and the "how to decrypt 802.11 traffic" page on the Wireshark Wiki.
See this Ask Ubuntu question and answer. Check
– agtoever – 2015-08-29T08:11:01.857netstat-ifor the P flag after you set promisc via ifconfig. If it's not there: big chance your nic and/or driver doesn't support promiscious mode.