问题
I' using wireshark 2.2.3, I want to capture all wireless network traffic using wireshark.
I've tried from wireshark with:
Edit -> Preferences -> Protocols -> IEEE 802.11 -> New -> wpa-psk
and in the Key box: "AP:password", But I get an Invalid key format error.
I don't find to set the promiscuous mode.
Promiscuous mode setting - trying both on and off in monitor mode.
Any body please help to get the wireless network traffic to get my all the request to capture to my team members in the same network.
sudo ifconfig eth0 promisc
[sudo] password for tb-desktop2:
tb-desktop2@tbdesktop2:~$ netstat -i
Kernel Interface table
Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0 1492 0 117205 0 0 0 96232 0 0 0 BMPRU
lo 65536 0 156470 0 0 0 156470 0 0 0 LRU
How to enable monitor mode mon0?
sudo airmon-ng start wlan0
Found 5 processes that could cause trouble.
If airodump-ng, aireplay-ng or airtun-ng stops working after
a short period of time, you may want to kill (some of) them!
PID Name
1081 NetworkManager
1090 avahi-daemon
1107 avahi-daemon
1317 wpa_supplicant
1853 dhclient
Process with PID 1853 (dhclient) is running on interface wlp6s0
Interface Chipset Driver
wlp6s0 Atheros AR9565 ath9k - [phy0]
Still I didn't get the network packets.
回答1:
in the Key box: "AP:password", But I get an Invalid key format error.
If you're trying to enter a password, you need to select wpa-pwd, not wpa-psk. You may also wish to display the Wireless Toolbar via View -> Wireless Toolbar. You can add decryption keys from the toolbar using Decryption Keys... -> New -> Type:WPA-PWD, Passphrase:TBD,SSID:TBD.
If you have an adaptor that integrates with Wireshark, such as an AirPcap adaptor, you can set the Wireless Settings from the toolbar as well.
You can enable promiscuous mode by double-clicking the applicable interface in the main Wireshark page's interface list or through Capture -> Interfaces -> Options or from Preferences -> Capture -> Interfaces: Edit....
All that aside, I'm not sure you'll necessarily be able to capture what you want without enabling monitor mode. I would recommend visiting the Wireshark WLAN (IEEE 802.11) capture setup wiki page and reading the information available there.
回答2:
To capture the traffic just set your antenna in monitor mode, Edit -> Preferences -> Protocols -> IEEE 802.11 is to decrypt traffic, which is another subject.
Type sudo airmon-ng check to check which processes might cause trouble to set your antenna in monitor mode. (You got five in the example you showed).
To kill these processes you can do it manually with kill <Process ID> or you can type sudo airmon-ng check kill
And once everything seems clear, type again sudo airmon-ng start wlan0. To verify if it worked you can check with iwconfig and in wlan0 or wlan0mon MODE should say MONITOR.
There your antenna will capture ALL wireless traffic on the channel it is and you can see that through Wireshark.
来源:https://stackoverflow.com/questions/41935412/how-to-capture-all-wireless-network-traffic-wireshark