Saturday, December 6, 2014

Capturing WiFi Packets in Monitor Mode With Wireshark

I've used Wireshark for looking at different network packets and their contents. However recently I wanted to observe WiFi networks around me using Wireshark without actually connecting to any of those networks. For this purpose we have to run our wireless card in monitor mode which allows us to eavesdrop WiFi packets in wireless networks around us passively. I searched in the web to learn how to do it in my Asus laptop which runs Ubuntu 12.04 LTS. So, I'm writing down how I did it in my platform. There's an important thing to keep in mind that not all the wireless cards support monitor mode. If your wireless card doesn't support it, you are in trouble.

Steps to follow in a terminal:

// setting wlan0 to monitor mode
sudo ifconfig wlan0 down
sudo iwconfig wlan0 mode monitor
iwconfig wlan0
sudo ifconfig wlan0 up

// install wireshark if you haven't yet
sudo apt-get install wireshark

// run wireshark with root priviledges
sudo wireshark

Now Wireshark GUI window will open up and then you can select your wlan0 interface to start capturing packets. Following screenshot shows my Wireshark window with various WiFi packets.

Wireshark window with captured WiFi packets


References:





No comments:

Post a Comment