Results 1 to 2 of 2

Thread: Wireshark - only broadcast packets captured - run out of ideas!

  1. 2014-10-20 #1
    Jack2012
    Jack2012 is offline Junior Member
    Join Date
    2014-Oct
    Posts
    1

    Wireshark - only broadcast packets captured - run out of ideas!

    Hi,

    Im trying to capture the http traffic from my second laptop on my wifi network.

    My setup:

    Kali VM on OS X with TP LINK WN822N external adapter - packet injection test successful. also captures WPA handshakes fine.

    "Victim" - my Win 7 laptop, placed right next to me.

    Both machines connected to test wifi network, SSID TestWifi on channel 4, WPA encrypted

    Current process:

    run airmon-ng wlan0 4 to get mon0 fixed to channel 4

    run wireshark. capture on mon0, both promiscuous and monitor mode enabled on capture options.

    Result: Only broadcast packets received.

    Test: Capturing on wlan0, i see my traffic from Iceweasal browsing on Kali, see nothing of victim browsing.

    Ive also tried:

    ifconfig wlan0 down, makes no difference
    being connected/disconnected from TestWifi

    Questions:

    I assume wlan0 has to stay connected to TestWifi? Isnt the http traffic still encrypted between the AP and client? So im assuming one of my adapters has to be connected to the network, otherwise how else will i see it?

    Grateful for any pointers
    Thanks
  2. 2014-10-22 #2
    repzeroworld
    repzeroworld is offline Senior Member
    Join Date
    2013-Jun
    Posts
    125
    Quote Originally Posted by Jack2012 View Post
    Hi,

    Im trying to capture the http traffic from my second laptop on my wifi network.

    My setup:

    Kali VM on OS X with TP LINK WN822N external adapter - packet injection test successful. also captures WPA handshakes fine.

    "Victim" - my Win 7 laptop, placed right next to me.

    Both machines connected to test wifi network, SSID TestWifi on channel 4, WPA encrypted

    Current process:

    run airmon-ng wlan0 4 to get mon0 fixed to channel 4

    run wireshark. capture on mon0, both promiscuous and monitor mode enabled on capture options.

    Result: Only broadcast packets received.

    Test: Capturing on wlan0, i see my traffic from Iceweasal browsing on Kali, see nothing of victim browsing.

    Ive also tried:

    ifconfig wlan0 down, makes no difference
    being connected/disconnected from TestWifi

    Questions:

    I assume wlan0 has to stay connected to TestWifi? Isnt the http traffic still encrypted between the AP and client? So im assuming one of my adapters has to be connected to the network, otherwise how else will i see it?

    Grateful for any pointers
    Thanks
    SECURITY MECHANISMS (LESS HTTP MORE HTTPS)
    There are alot of website using https protocols instead of http..so if you are sniffing packets, you will find very few http packets and most of these packets are transmitted by website having no secure socket layer encryption (if you try going to an underground website or let say ebay-without loggin in you will find you are capturing http traffic)...

    Try using browsing a website ON YOUR LAPTOP where no https encryption exists and see if you are capturing (you will not a a "key/lock" next to the URL bar for unsecure sites.)..if you are still not capturing http traffic..try filter your traffic as follows:
    eth.addr eq <mac address of victim> && eth.addr eq <mac address of Access Point> in the filter bar
    this will show all traffic between your laptop (victim) and the AP ONLY.

Similar Threads

  1. Finding WPA Keys Broadcast In Clear
    By mmusket33 in forum How-To Archive
    Replies: 23
    Last Post: 2017-08-20, 09:14
  2. Arpspoof broadcast
    By lika in forum General Archive
    Replies: 0
    Last Post: 2016-09-16, 14:45
  3. Non-Wifi packets in Wireshark?
    By IVIUPPET in forum General Archive
    Replies: 1
    Last Post: 2015-10-06, 18:33

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules