Menu
So, I'm running Ubuntu Linux on my laptop, and Android 4.0.4 on my mobile (I don't think this is relevant, but just in case). I've got my laptop unassociated from any networks, and my mobile is on my network and has been assigned (by DHCP) the IP of 192.168.0.109.
On my laptop, I did this:
ifconfig wlan0 down && airmon-ng start wlan0 && ifconfig wlan0 up .. this created my mon0 interface for promiscuous mode, if I'm not mistaken.
I fired up Wireshark, attached it to mon0 and assigned a display filter of ip.addr == 192.168.0.109, go back to my mobile, and navigate to a few websites. I get absolutely nothing.
The step listed here - unable to read packets captured from wifi network using wireshark - do not help either.
Anyone tell me what I'm doing wrong? :(
Thanks!
296
You can only see mobile phone traffic if it's Wi-Fi traffic; sindy posted a link to the page in the Wireshark Wiki that explains how to do Wi-Fi captures. You can't capture traffic that goes over the mobile phone network (GSM/cdmaOne, UMTS/CDMA2000, LTE, etc.).
You're probably on a switched network, and running Wireshark on a machine that's not sending traffic to the switch and not being sent any traffic from other machines on the switch. ARP packets are often broadcast packets, which are sent to all switch ports.
The problem I was having was that the wifi card I was using wasn't giving errors when I switched modes, but it didn't support them none-the-less.
Using another card worked.
Thanks!
157
Set the WPA or WPA2 key by going to:
wpa-pwd with a value like myPassword:mySSID.You might need monitor mode (promiscuous mode might not be sufficient). Also, make sure the device connects after you started monitoring (as Wireshark needs the handshake packets to decrypt).
See also these instructions.
30
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
