Ask Your Question

Why cant I see SSDP protocol packets when using Wifi Monitor mode on Ubuntu

asked 2018-01-13 14:24:20 +0000

ianc gravatar image

updated 2018-01-13 14:26:05 +0000

I'm looking to snoop on an SSDP conversation between two devices on Wifi. I've set up a WireShark instance on a Ubuntu machine and configured a "Monitor" device using these instructions:

However when I now capture via the mon0 device I only see 802.11 protocol packets and can't see any SSDP packets

I had tried just ticking the the "monitor" box on the interfaces list but it would not stay "ticked". The output of iw dev is:

        Interface mon0
                ifindex 4
                wdev 0x2
                addr c8:f7:33:8a:dc:07
                type monitor
                txpower 15.00 dBm
        Interface wlp2s0
                ifindex 3
                wdev 0x1
                addr c8:f7:33:8a:dc:07
                type managed
                channel 2 (2417 MHz), width: 20 MHz, center1: 2417 MHz
                txpower 15.00 dBm

Is there away to capture a SSDP conversation in Monitor mode?

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted

answered 2018-01-13 14:43:13 +0000

Bob Jones gravatar image

You are likely capturing this traffic, but you can't see it because it is encrypted. To decrypt:

There could be other root causes of your issue, but with the limited information I think this is the most likely cause. Be sure you are on the correct channel.

edit flag offensive delete link more


I cheated and just turned off encryption. I wouldn't recommend it as an approach but I live in the countryside :-)

ianc gravatar imageianc ( 2018-01-13 16:42:43 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2018-01-13 14:24:20 +0000

Seen: 420 times

Last updated: Jan 13 '18