Ask Your Question
0

Why can't I capture other device's packets on the network?

asked 2019-07-05 21:48:38 +0000

Ben321 gravatar image

At the ethernet packet level, I can only see packets between my router and my computer. At the IP address level, I can only see packets with my computer's IP address as either the destination or source address. I can't see any communications between the router and another computer (at the ethernet packet level) or between any 2 other computers on my network (at the IP address level). And this is despite the fact that I put a tick in the check box for promiscuous mode, for my wi-fi adapter in the Wireshark adapters settings, and made sure to select that adapter as my capture adapter. An yes, I'm using the latest NPCap driver installed by the Wireshark installer.

I'm not sure what's wrong. I'm guessing it may have something to do with the fact that my router is using WPA2 encryption, instead of being unencrypted (like an "open" wireless network). Or maybe I need to use a wired connection (rather than wireless connection) when connecting my packet inspection computer to the router. Can anybody here tell me what's wrong? And how do I fix it?

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2019-07-05 22:40:25 +0000

grahamb gravatar image

To see packets between other devices and the Acess Point you'll need to enable "Monitor Mode". See the Wiki page on WLAN capturing for more info, noting the fact that it might not work on Windows.

edit flag offensive delete link more

Comments

Then what's the difference between Promiscuous Mode and Monitor Mode?

I had assumed that Monitor Mode was not needed to capture packets on the same router as the packet sniffing computer, and that only Promiscuous Mode was needed for that.

Furthermore, I had assumed that Monitor Mode was only needed to capture packets to networks you were not connected to, that is not connecting to any network at all and simply "sniffing" wifi packets out of the air and capturing them as raw wifi packets (and then from there capturing the ethernet packets within, and deeper layers if available, assuming that the wifi packet itself was not encrypted which would otherwise prevent deeper capture).

Ben321 gravatar imageBen321 ( 2019-07-05 22:47:33 +0000 )edit

That behaviour is a "feature" of Wireless adaptors. Please read the linked wiki page for more info.

grahamb gravatar imagegrahamb ( 2019-07-06 13:44:41 +0000 )edit

Very interesting. Are there any adapters that DO allow promiscuous mode, without monitor mode, in Windows? I don't (right now) have any particular need to sniff packets from networks I'm not connected to, but I would like to be able to monitor all packets on my current network (which theoretically only requires promiscuous mode, and not monitor mode). And yes my network is open (not encrypted), but it still seems that promiscuous mode is crippled and behaves just as if it were in normal mode (WireShark only shows packets who's source or destination is the computer performing the packet sniffing).

Based on that wiki article, it sounds like this problem is a Windows thing, and that my idea would work fine in Linux, but it also sounds like it has something to do with which wi-fi adapter I'm using. Maybe you could point me to a ...(more)

Ben321 gravatar imageBen321 ( 2019-07-10 02:14:24 +0000 )edit

There's a list of adapters for npcap here.

The issue is with the adapter driver\firmware not Wireshark or npcap. npcap asks the driver if it supports monitor mode, and if so enables the checkbox in the Wireshark UI. Even then, the driver\firmware might be defective so that it doesn't actually work.

Generally folks seem to have more success in this area with Linux.

grahamb gravatar imagegrahamb ( 2019-07-10 07:47:34 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2019-07-05 21:48:38 +0000

Seen: 193 times

Last updated: Jul 05