Capture on WiFi works for all but device I'm interested in
I'm trying to sniff traffic to / from a Meross smart plug I have on my network. I am using wireshark in Kali on a virtual machine with a USB wifi adapter (RTL8812AU). I was able to successfully put the adapter into monitor mode and decrypt traffic on my WPA2 network, and I'm able to see other traffic such as to and from the Kali VM, traffic on my host computer, and my smartphone.
What I am not able to find is any traffic to the smart plug. According to my router, the plug has the IP of 192.168.0.125, and if I try to filter by that on wireshark I see nothing. I am able to filter by my host computer's IP, and the IP of my phone and that traffic appears perfectly normal (this is after the WPA2 handshake, decryption works correctly). When I check on the routers "traffic statistics" page it is showing that the number of packets sent / received to the smart plug increases when I turn it on and off, but Wireshark still doesn't show any data for that IP.
All these devices are connected to the same network (Only using the 2.4 for this test, 5Ghz is under a different SSID), I have no capture filters, and no display filters other than for the smart plug's IP. What could I be missing?
Hi, I have the same issue and I can't see any traffic from/to meross device...any idea? Thanks
"All these devices are connected to the same network"
Can you ping the Meross from the Kali VM? Is there in entry in the ARP cache for it?
If it responds to the ping then you can set a filter for ICMP to see the traffic to/from the Meross. That would help to verify that you can receive traffic from it.
'routers "traffic statistics" page it is showing ...'
1. Does the router have a ping utility and if so does the Meross respond to a ping?
This will give you a more consistent way to generate packets instead of power cycling.
2. If the router is the DHCP server handing out the 192.168.0.125 address, verify the MAC its assigned to.