Ask Your Question
0

I want to capture packets from a network (not mine) ...

asked 2018-10-08 23:12:32 +0000

erik8 gravatar image

(I have permission from my neighbour) I have the MAC addr, and I see this networks Bssid (Via Netspot) and have tried many filters in Wireshark fx. eth.addr == XX:XX:XX:XX:XX:XX and eth.dst == +others, but just blank capture screen. What am I doing wrong? I'm using windows , I have also tried to capture a large amount of data in WS, and then implement the filters afterwords, but nothing (Is this the way I must do it? capture first... I have tried with my internal WiFi gard ""a Intel Centrino Wireless-N 2230" and an external "NETGEAR A6100 WiFi" Adapter

Can anyone help a frosen Norwegian out.

edit retag flag offensive close merge delete

Comments

Easiest way is to ask the owner of this network for access to it. The next easiest is with a linux machine with an adapter that supports monitor mode (google for best adapters), then you'll probably also need access to a super computer to crack what is probably WPA2 and don't forget a criminal defense lawyer.

pr0n gravatar imagepr0n ( 2018-10-09 14:59:41 +0000 )edit

1 Answer

Sort by ยป oldest newest most voted
0

answered 2018-10-09 04:08:09 +0000

felixbkk gravatar image

If it is a true wireless capture then the proper filter would be: wlan.addr eq XX:XX:XX:XX:XX:XX. However, if you just using Wireshark to capture off of your Netgear adapter then you most likely won't see any traffic with the BSSID in the capture. You would need to put the device in monitor mode. Typically this can easily be done with a Mac so that you can get all of the wireless frames. Even then, unless the network is open, you probably won't be able to view any data as it's all going to be encrypted.

In general terms what are you trying to troubleshoot?

edit flag offensive delete link more

Comments

First of all THANK YOU for your answer and interest, but when I use NetSpot I can se my neighbours Bssid, AND that his router has a lot of WiFi activety from that MAC/Bssid, its THAT activety i thougt i could capture by inserting a correct filter in wireshark. Is it the monitoring mode you talk abou who is to blame? I do not have a MAC but a pc, is monitoring mode possible? WS is driving in promiscuous mode, but that is somethin else?

Regards Adv. Erik R.J.

erik8 gravatar imageerik8 ( 2018-10-09 10:07:40 +0000 )edit

See the link for some Monitor Mode ideas on your platform:

https://wiki.wireshark.org/CaptureSetup/WLAN

You need both Monitor Mode and Promiscuous Mode for good 802.11 wifi captures; they are not the same. Typically, though, selecting promiscuous mode on a wifi adapter has little control over what the adapter actually does - it either supports it or it doesn't at the driver level when dealing with monitor mode.

There is no filter that is going to help you collect the correct data - once you capture in the correct way, then filtering can be applied to focus on specific subsets of your data, like ONLY your neighbors network, your test network, or whatever.

Bob Jones gravatar imageBob Jones ( 2018-10-09 10:55:40 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

Stats

Asked: 2018-10-08 23:12:32 +0000

Seen: 1,610 times

Last updated: Oct 09 '18