问题
I am connected to my home wifi network using ubuntu 10.10. The protection is WPA2-auto. I want to capture packets from it.
$ sudo iwconfig wlan0 mode monitor
$ sudo wireshark
I try to capture from wlan0. Am connected to the wifi network with an android phone and browsing websites. However I am unable to see unencrypted http packets. I select Edit|Preferences|Capture|Protocols and select 802.11 and select check box to yes for 'decrypt packets'. Still nothing. Any help appreciated.
回答1:
You must capture the association sequence to be able to decrypt the traffic. If you start your capture when the phone is already connected then Wireshark cannot decrypt the packets.
回答2:
Solution: run airmon from the aircrack-ng project to set the wireless card into monitor mode. (this was pointed out by a Wireshark developer on the mailing lists, Guy). Apparently iwconfig does not work properly as it has issues on ubuntu.
airmon-ng start wlan0
This will set it into monitor mode and create interface mon0.
After this, I was able to capture off the mon0 interface using wireshark.
来源:https://stackoverflow.com/questions/8242451/unable-to-read-packets-captured-from-wifi-network-using-wireshark