So, I wanted to capture packets from the wifi that require all of the users to login(browser login) before they can surf the web. I want to monitor the packets so that I know what website they surf. Is that possible? Please i really need help. asked 21 Jan '16, 02:06  Lokthar |
This is a static archive of our old Q&A Site.
Please post any new questions and answers at ask.wireshark.org.
Are you cuurently able to capture WiFi traffic?
It appears the WLAN is utilizing a captive portal where users are redirected before being able to surf the web.
If you could provide more detail on the issue or post a capture (to cloudshark or Google Drive) that would be most helpful.
Or I'd put it another way, do you capture using monitoring mode of a wireless adaptor or you have access to the wire because you are somehow affiliated to the infrastructure?
As @Amato_C has mentioned, the purpose of a "browser login" to a WLAN actually isn't encryption but access control. It just means that the infrastructure behind the AP redirects any http GETs coming from a given user to the infrastructure's own web login page, and blocks any non-http traffic from the IP address the AP has assigned to that user, until that user logs in at this "welcome to our WiFi" page (or just clicks "I accept the conditions of use of this WiFi", whatever). After successfully forcing the user to fill in the required data and accept the conditions of use, the infrastructure starts routing all traffic from/to that user's IP transparently.
So between the user device and the AP, the http GET always contains the IP address of the real destination even before they log in (unless the infrastructure would respond DNS queries about the servers' fqdns with extremely short-lived answers pointing to its own web server).
Whether the WiFi connection between the clients and the AP is encrypted or not is an independent issue. Usually it isn't, because
in public WLANs, client security is not the WLAN owner's key concern,
in enterprise WLANs, browser login is rarely used because client security and access control are addressed together, e.g. using individual WPA keys.
Owh I'm sorry, i forgot to mention, after i login(browser login) by typing by id and password, i can only capture my packets, not other user's packets. PS: im new to wireshark and not an IT expert.so im not quite understand what u guys stated above, sowiee~. i hope u guys can help me, T-T
In that case, the fact that the WLAN you talk about uses "browser login" to control user access to internet is irrelevant.
So if we leave aside the legal issues associated to doing so in a network whose owner you are not affiliated to, to capture traffic unrelated to your PC in a wireless network, you would need to use monitoring mode of your PC's WLAN adapter instead of the promiscuous one you are probably using.
So think again whether you really want to do that, and then go through the Wireshark wiki and this site searching for the "monitoring mode" topic.
Thx allot sindy, god bless you!