Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

Wireshark can't sniff smartphones traffic even if it correctly sniffes laptop traffic

Hi all,

I'm using Wireshark to sniff traffic of my home wi-fi network, where different smartphones and 1 laptop (name it: PC_target) are connected via Wi-Fi (no cable connection at all, just wifi). Wireshark is running on a second laptop (name it: PC_wireshark), and it has been properly configured so that I'm perfectly able to sniff AND DECRYPT all traffic generated from PC_target (EAPOL, HTTP, DNS, TCP, ICMP and so on). I see every packet, even if those packets are not directed to PC_Wireshark. This is possible because I properly set network interface to Monitor Mode, set proper channel, set IEEE 802.11 decription, properly set WPA password:SSID, waited for laptop to disconnect and reconnect to the network, got EAPOL packets, and so on. So in the end, I can 100% sniff laptop traffic.

Problem is that, when I perform same exact steps in order to sniff traffic from one of the available smartphones, I don't get any EAPOL packet and so can't sniff anything that is encrypted. I'm really stuck since I can't understand why same configuration allows me to sniff PC_target, but doesn't allow me to sniff smartphones.

Can someone help?

Wireshark can't sniff smartphones traffic even if it correctly sniffes laptop traffic

Hi all,

I'm using Wireshark to sniff traffic of my home wi-fi network, where different smartphones and 1 laptop (name it: PC_target) are connected via Wi-Fi (no cable connection at all, just wifi). Wireshark is running on a second laptop (name it: PC_wireshark), and it has been properly configured so that I'm perfectly able to sniff AND DECRYPT all traffic generated from PC_target (EAPOL, HTTP, DNS, TCP, ICMP and so on). I see every packet, even if those packets are not directed to PC_Wireshark. This is possible because I properly set network interface to Monitor Mode, set proper channel, set IEEE 802.11 decription, properly set WPA password:SSID, waited for laptop to disconnect and reconnect to the network, got EAPOL packets, and so on. So in the end, I can 100% sniff laptop traffic.

Problem is that, when I perform same exact steps in order to sniff traffic from one of the available smartphones, I don't get any EAPOL packet and so can't sniff anything that is encrypted. I'm really stuck since I can't understand why same configuration allows me to sniff PC_target, but doesn't allow me to sniff smartphones.

Can someone help?