Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

asked 2018-12-17 17:44:14 +0000

Marcolino gravatar image

Confused about wifi sniffing

Hi, First of all, I've read the documentation and I've some doubts about the use of the monitor or promiscuous mode. I ever known that the monitor mode is for sniffing all radio signals, included the unauthenticated networks (such as airodump flow). Instead the promiscuous mode is for grab all the packets on the same network. Well, I tried both of them, but no one works.

A) Monitor mode I used the alfa network ant (model: aws036h) in monitor mode setting the wpa-psk of the target network. I see a lot of packets but they seems to be unreadable like this:

201058 239.024383028 RealtekS_14:b5:b5 (00:e0:4c:14:b4:b3) (TA) AsustekC_a5:af:a9 (1c:b1:2c:a5:ae:a9) (RA) 802.11 58 802.11 Block Ack, Flags=........C

B) Promiscuous mode I only see my outgoing packets. For example, if I try to visit a HTTP website on my local machine I can see the plaintext content of packets.

I need to understand if i'm failing the approach or I need a paritcoular configuration to sniff the wifi local network. Another think, i also tried to use ettercap and sometimes, with the comand:

ettercap -T -M ARP /xx.xx.xx.xx//

I can see the packets correctly from foreign machine/s but other times the victim machine seems to be dossed like the arp poisoning is working bad. Why ?

Thanks for now

click to hide/show revision 2
None

updated 2018-12-17 18:02:39 +0000

Guy Harris gravatar image

Confused about wifi sniffing

Hi, First of all, I've read the documentation and I've some doubts about the use of the monitor or promiscuous mode. I ever known that the monitor mode is for sniffing all radio signals, included the unauthenticated networks (such as airodump flow). Instead the promiscuous mode is for grab all the packets on the same network. Well, I tried both of them, but no one works.

A) Monitor mode I used the alfa network ant (model: aws036h) in monitor mode setting the wpa-psk of the target network. I see a lot of packets but they seems to be unreadable like this:

201058  239.024383028   RealtekS_14:b5:b5 (00:e0:4c:14:b4:b3) (TA)  AsustekC_a5:af:a9 (1c:b1:2c:a5:ae:a9) (RA)  802.11  58  802.11 Block Ack, Flags=........C
Flags=........C

B) Promiscuous mode I only see my outgoing packets. For example, if I try to visit a HTTP website on my local machine I can see the plaintext content of packets.

I need to understand if i'm failing the approach or I need a paritcoular configuration to sniff the wifi local network. Another think, i also tried to use ettercap and sometimes, with the comand: 

# ettercap -T -M ARP /xx.xx.xx.xx//

/xx.xx.xx.xx//

I can see the packets correctly from foreign machine/s but other times the victim machine seems to be dossed like the arp poisoning is working bad. Why ?

Thanks for now

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2