Ok, so I want to do some tests on my network. I have a wireless network, with a WPA2 password. I have the password, it's my own router. I have 3 laptops in here, and I want to capture all the traffic from the router with Wireshark.
I've first set my wireless network in monitor mode (I am using Manjaro linux, and I've set it into monitor mode with airmon-ng), and I've tried to see the traffic. I've started wireshark with mon0, and there were only encrypted wireless 802.11 packets. If I set it for my real wireless card, I get traffic but only from my IP address.
How can I monitor all the traffic on the network (decrypted, and from all IPs) if I have the password, and I can even get a 4 Way handshake if it's needed.
I've tried from wireshark with:
Edit -> Preferences -> Protocols -> IEEE 802.11 -> New -> wpa-psk and in the Key box: "AP:password" but I get an Invalid key format error.
Any ideas ?
So the idea is to get all the traffic on a secured WPA2 access point, if you know everything and you even have access to the router.
When installed on Windows 7 or later (including Win7, Win8 and Win10) with option "Support raw 802.11 traffic (and monitor mode) for wireless adapters" selected, all the wireless adapters can be selected in Wireshark so as to capture raw 802.11 traffic.
Wireshark can decrypt WEP and WPA/WPA2 in pre-shared (or personal) mode. WPA/WPA2 enterprise mode decryption works also since Wireshark 2.0, with some limitations. You can add decryption keys using Wireshark's 802.11 preferences or by using the wireless toolbar. Up to 64 keys are supported.
The problem seems to be that you are attempting to add a password when you have opted to enter a Pre-Shared Key(PSK). If you want to provide a password for decryption you need to enter it by selecting: Edit -> Preferences -> Protocols -> IEEE 802.11 -> New -> wpa-pwd
Also you'll need to tick the 'Enable decryption' box, plus you may need to play with the 'Assume packets have FCS' setting and clicking on Apply till you hopefully see the decrypted packets.
If want to capture packets from machines other than the one you're capturing on you may also need to play with the promiscuous mode setting - trying both on and off in monitor mode.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With