unable to capture wifi with monitor mode in wlan0 in VM

asked 2021-10-06 15:12:30 +0000

erik9801 gravatar image

I want to use VM Wireshark to capture WIFI traffic. I use usb wireless adapter connected to VM with wireshark running. but I'm unable to see the wifi traffic from the host or other devices in the same network. I didn't see any traffic in wlan0. I've turned on monitor checkbox in wlan0 but it was turn off automatically. Any ideas? Thanks!!

edit retag flag offensive close merge delete

Comments

USB wifi adapters can be tricky in a VM; best not to do it.

To give yourself the best chance:

  1. Try a different USB mode (USB2 to 3 or vice-versa)
  2. Disable interfering applications on the VM; namely, NetworkManager
Bob Jones gravatar imageBob Jones ( 2021-10-06 16:22:18 +0000 )edit

Thanks Bob. If I don't use external wifi adapter, can I still capture http traffic over WIFI? Am I supposed to use eth0 interface? I thought eth0 interface is for wired. I am confused if 802.11 traffic contain HTTP traffic.

erik9801 gravatar imageerik9801 ( 2021-10-06 16:46:36 +0000 )edit

No, you likely can't use eth0 to capture WiFi traffic. Some options for wireless packet capture include using a Macbook, or booting a laptop into Linux directly via a live USB.

802.11 frames can contain http/https traffic if the system is setup so that that traffic stream goes out over a wireless interface and you are able to pick it up (and decrypt it, if WPA2/3 is in use as it should be).

Bob Jones gravatar imageBob Jones ( 2021-10-07 09:51:33 +0000 )edit
add a comment