You are not logged in.
- Topics: Active | Unanswered
#1 2009-09-02 18:52:44
- aport
- Member
- From: San Diego
- Registered: 2008-02-20
- Posts: 99
Wireshark Wi-Fi sniffing
I've got a WEP access point and I'd like to be able to sniff traffic going between the AP and devices other than my computer.
I'm not trying to crack this or anything; I've got the WEP key and such. One of my clients is having difficulting connecting to the AP and I'd like to see Probe Requests / Probe Responses going between them.
If anyone knows of a guide or tutorial to setting this up, I would greatly appreciate it. Thanks!
Offline
#2 2009-09-02 23:51:48
- brendan
- Member
- From: UK
- Registered: 2009-05-16
- Posts: 130
- Website
Re: Wireshark Wi-Fi sniffing
run wireshark on the network card on the clients computer?
Other than that you'll need to use a hub to be able to view the connections from the routers side or set up port mirroring if you have a switch/router that supports that.
Offline
#3 2009-09-03 03:11:48
- aport
- Member
- From: San Diego
- Registered: 2008-02-20
- Posts: 99
Re: Wireshark Wi-Fi sniffing
run wireshark on the network card on the clients computer?
Other than that you'll need to use a hub to be able to view the connections from the routers side or set up port mirroring if you have a switch/router that supports that.
This is a wireless network. Thanks though.
My Wi-Fi adapter does support monitor mode, and it has a separate interface wlan0mon. I can start Wireshark on this interface and see loads of traffic, mostly beacon broadcasts, from all the wireless APs in range. What I would like to do is focus on only one of these access points and decrypt the traffic between the AP and ALL clients. I have the WEP key already.
I've tried using airocrack w/ tcpdump and I did see unencrypted traffic, though it was only between myself and the AP.
Offline
#4 2009-09-04 07:53:42
- gaten
- Member
- Registered: 2009-09-04
- Posts: 5
Re: Wireshark Wi-Fi sniffing
I would use airodump-ng for this. Try something like:
airmon-ng wlan0 start
airodump-ng mon0 -t WEP -d [BSSID] -w pcapfileThat should produce a file called "pcapfile.cap". This is a file that contains the captured wireless traffic (still encrypted).
Use airdecap-ng to unencrypt it with your key:
airdecap-ng -b [BSSID] -w [WEP KEY]Note that the -b [BSSID] is probably redundant, as airdump-ng should have only captured that traffic anyway.
That should produce "pcapfile-dec.cap", which you can then open up with wireshark.
Please note that Wireshark can do all this by itself, I simply don't know how.
Hope that helps.
In a world full of liars, is an honest man a fool or a hero?
Offline
#5 2009-09-04 15:39:13
- joephantom
- Member
- From: Latinoamérica
- Registered: 2008-01-09
- Posts: 94
- Website
Re: Wireshark Wi-Fi sniffing
You could also try kismet.
By striving to do the impossible, man has always achieved what is possible. Those who have cautiously done no more than they believed possible have never taken a single step forward - Mikhail Bakunin
Offline
#6 2009-09-05 09:19:04
- aport
- Member
- From: San Diego
- Registered: 2008-02-20
- Posts: 99
Re: Wireshark Wi-Fi sniffing
Thanks guys.
I was having some trouble getting my wireless card into monitor mode. Instead of creating a mon0 it gave me a wlan0mon which *seemed* like it was working, but not really. I rebooted (OH NOES) and used airmon-ng start wlan0 again and all was well.
Wireshark can decrypt live traffic which is pretty bitchin. You just type in the WEP key and off it goes.
Offline