0

I have 3 different devices for my kids connected to my home access point (smartphone, laptop, and iPad). I want to collect the traffic from their devices to monitor what for example they are browsing or watching on YouTube.

My network card is on promiscuous mode but when I run Wireshark I can not find the traffic from their devices. I can only see the device coming to or going from my laptop is this how the promiscuous mode work?

Also, I read about how to change the network card mode to be on monitor mode to collect the traffic, could someone briefly tell me what is the steps to do this?

Also, is there any other way to collect the traffic of my devices or this is the only way?

Improve this question
1
  • It would be considerably easier to look at the router logs than attempt a MITM [man in the middle] attack.
    – Tetsujin
    Commented Nov 10, 2018 at 13:03

1 Answer 1

Reset to default
0

can you elaborate what network setup you are currently running? just setting the network card to monitor the traffic passing by is not enough. the traffic needs to be actually 'passing by'. your monitoring network card needs to be on the same 'collision domain' as the cards that you are trying to monitor.

You are on the same collision domain if you share the same layer 1 (osi-model). Just connecting the card to an etherent port on the router does not work. This is when:

  • all the cards are connected to the same wireless ssid on the same frequency (=>the same ssid on a different access point does not count)

  • all the clients are connected to the same hub (not 'switch' as switches are layer 2 devices)

wireshark can also pick up traffic that is passing through the machine. (e.g.: the programm wireshark is actually running on the router or any other device where the traffic is passing through.)

if you happened to have a 'managed switch' (layer 3 device) you can also see if it supports a function that lets you mirror all the traffic to one specific port. if you are lucky you might as have the option in your router to set a costume 'Gateway', which should allow you to redirect all the traffic to another machine, which then sends a copy to wireshark and forwards it to the proper 'Gateway'

EDIT: while you can get the traffic using wireshark. you will only see encrypted traffic since most sites (ie youtube) use https.

Improve this answer
3
  • I don't understand 'what network setup you are currently running'. I am using Virgin media router to connect to the internet and all my devices are connected to the same SSID. I run Wireshark on my kali laptop and I want to collect the traffic of the other 3 devices how I can do that please?
    – user8125024
    Commented Nov 10, 2018 at 13:28
  • on your kali laptop, are you connected via ethernet or via wireless lan? if you are on wireless: can are you on the same band if you router has multiple wireless bands (2.4ghz and 5ghz)
    – Jhonny97
    Commented Nov 10, 2018 at 14:26
  • My kali laptop is connected via wireless and I am on the same band 2ghz with them. I change my network card to monitor mode using airmon-ng tool. then I sniff the traffic using, for example, airodump- ng (--bssid) (-- channel ) wlan0mon. however all the traffic was in IEEE 802 format and when I tried to decrypt the traffic by providing the wifi password I still did not get any useful information it is still 802 it did not decrypt why? please help I am trying to do my best but still strugeeling
    – user8125024
    Commented Nov 11, 2018 at 17:40

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .