Ask Your Question
0

Unable to view my smartphone packets on my wifi

asked 2023-07-30 03:00:52 +0000

petemahndahar gravatar image

I am trying to emulate this video which makes viewing smartphone activity seem so easy:

https://www.youtube.com/watch?v=Hl0Ip...

My setup:

Ubuntu 22.04 Wireshark 3.6.2

I have created a virtual Interface so that I can set it to monitor mode. When I go to Capture Options, Monitor Mode is "--" under both my wifi interface (wlp0s20f3 set to managed mode) and also my virtual interface (mon0 set to monitor mode). Is this normal?

I've entered wpa-psk key from Wiresharks wpa-psk tool to the Decryption keys window. I've also added the wpa-pwd password as well.

I can only access Channel 1 on Wireshark. If I try to change it on the toolbar I get "unable to set channel or offset." So I logged into my wifi and made sure it was using Channel 1.

I've kicked my phone off of the wifi and put it back on and don't see any eapol data from my phone. I've used the ubuntu commands to turn off and on the wifi interface, the virtual interface, the network manager.

In the youtube video it's so easy! Any suggestions for where I should go from here?

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2023-07-30 16:27:06 +0000

petemahndahar gravatar image

updated 2023-07-31 08:23:44 +0000

grahamb gravatar image

Ok, I figured it out and want to post the answer for other people on how it worked for me. I don't know why the sequence of events is important, but it is important.

First have your phone forget the wifi connection so it disconnects and doesn't have the password saved.

You basically want to start with nothing going:

sudo service NetworkManager stop
sudo ip link set <interface> down

create a virtual interface that can be on and on monitor mode while Network Manager is down:

sudo iw phy phy0 interface add mon0 type monitor
sudo ip link set mon0 up

Start up wireshark.

Go to Edit -->Preferences --->Protocols ---> IEEE 802.11. Make sure "Enable decryption" is checked. Edit and add decryption keys. Enter your password for wpa-pwd and/or psk key for wpa-psk. Hit OK. Without doing this you won't be able to see anything other than the eapol traffic.

Go back to the welcome page and click on mon0. Filter for "eapol" because this will show when a new device enters the network and you can confirm that your phone is being seen by wireshark.

Connect your phone to the wifi network by entering the password. You should see eapol traffic now. You can confirm by looking at the mac address.

Now you can filter by dns and http or whatever you want to filter for and see the traffic!

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2023-07-30 03:00:52 +0000

Seen: 1,786 times

Last updated: Jul 31 '23