No Data Packets in Monitor Mode Capture
I've seen this question a few times before but none of the posted solutions solved my issue. I can see Probes, Beacons, Acknowledgements, Request-to-sends, Clear-to-sends, and null data frames but not any non-null data.
I am running Wireshark on Kali Linux attempting to sniff wireless traffic. I have the following set up:
Capture Device:
Kali Linux LiveBoot USB
OS: Kali 2020.3 - SMP Debian 5.5.17-1 kali1 (2020-04-21) x86_64
NIC: Panda PAU09-RaLink RT5572 - Driver: rt2800usb as wlan0
Wireshark 3.2.3
AP - Raspberry Pi 4 running Raspbian
I configured HostAPD to use my Raspberry Pi as an access point. It is set to run 802.11g with no security. The set up on my sniffing system has been:
ifconfig wlan0 down
iwconfig wlan0 mode Monitor
ifconfig wlan0 up
Start wireshark, check the monitor mode checkbox, restart wireshark, and then begin capture. On the client Pi I am connected to the AP and running a script that periodically curls the Apache server on the AP.
Debugging done so far:
- Use Ubuntu VM instead of Kali Liveboot
- Create wlan0mon interface with airmon-ng and listen on that instead (using sudo airmon-ng start to create the virtual interface wlan0mon and used that as my listening interface in Wireshark)
- Connect to AP after putting device into Monitor mode (which I think just switched the interface to Managed as I was then only able to see my traffic)
- Tried different target devices (Iphone, Windows 10 Desktop)
- Adjusted channel settings through Wireshark's wireless toolbar to match the channel my AP is broadcasting on (7)
- Tried different AP (my home router rather than one I configured myself) and done basic web browsing
Any help or ideas would be greatly appreciated, I am not sure why this isn't working.
I also have this problem but in using MacOS Catalina. I was trying on capturing WiFi packets on MacOS Catalina but unfortunately there is No showing captured packets. I had follow the recommended guide in installing Wireshark in macOS Catalina and install alone with the “Install ChmodBPF” from the link (https://www.wireshark.org/docs/wsug_h...) but it is not working. I compare it with my Windows OS machine with the same configuration and it work on capturing live WiFi packets.
What would be I have to do to make it work? Any help is really appreciated with this matter.
Thanks,
Search on
Catalina
and several similar questions/answers are available. No good answers.This one is probably the most recent.
In macOS Mojave and later (the problem predates Catalina), at least some Wi-Fi adapters on newer machines cannot capture if they're associated to a Wi-Fi network, so you have to disconnect from the network if you want to capture in monitor mode. I don't know whether this is a hardware problem or a driver problem (driver design decision?).
The Linux problem discussed here my not be related.
Yes, you are right that you need to disconnect from the network to be able to sniff the packets. There is Network Diagnostic app in MacOS catalina that gives you .pcap file and can open with wireshark. But comparing to Windows machine, live capture in wireshark gives i think better infos. But until now still looking for solution regarding this matter. Thanks for the response guy.
I have this exact problem. Environment is Kali, just installed 2 days ago and updated. I have mesh routers and a Second wifi router, I have searched, and, well, I stop the network connection, or boot with no connection. I use airmon-ng start wlan0 to start monitor mode. I am sudoed to root to run wireshark. I start capturing on wlan0mon, the monitor mode interface created by airmon-ng.
All I see are beacons and sometimes broadcasts. I have tried connecting to my non-mesh router, have double checked the channel, I see the beacons from that router, I put another device on the same wifi, start pinging, and all I see are the beacons and some spanning tree stuff.
I don't see the arp stuff, I don't see the pings. I tried actually connecting to this interface and I get through without an issue, 67% signal strength so it ...(more)