3

I am trying to create my own app to monitor LAN networks on Windows. I think this way: if Wireshark can capture packets on my home Wi-Fi, I will do it too. But Wireshark without any errors captures only packets like in this picture (I was capturing from Windows with IP address .66, mobile phone in network is .87).

wireshark capture results

I don't see any pages opened in device 87.

  1. Can you help me to understand why?
  2. If my Wi-Fi adapter does not support promiscuous mode, and it's needed to capture all packets from other devices, I can buy some USB Wi-Fi adapter which supports it. But how can I choose one?
  3. If Wireshark doesn't show any error, does it mean that promiscuous mode is enabled on my Wi-Fi adapter?

There is a lot of information about monitor mode on the Internet, but not too much about promiscuous mode. All help is appreciated. Please ask if I wrote something unclear.

Improve this question

2 Answers 2

Reset to default
1

If you're trying to capture WiFi traffic, you need to be able to put your adapter into monitor mode. Since you're on Windows, my recommendation would be to update your Wireshark version to the latest available, currently 3.0.1, and install the latest npcap driver that comes with it, being sure to select the option to support raw 802.11 traffic (and "Monitor Mode") for wireless adapters. That should be all you need. Note that you may need to first turn on monitor mode using npcap's wlanhelper tool.

Download Wireshark from here.

Read more about npcap in the Npcap Users' Guide.

Read more about capturing WiFi traffic on the Wireshark WLAN (IEEE 802.11) capture setup wiki page.

Improve this answer
1
  • 1
    Are you sure I need use monitor mode? I though it's needed when I am not connected with WiFi network, but I am. I will do all your recommendation and I will write hire, but I am afraid I have no monitor mode in my adapter. I searched for usb WiFi adapter with monitor mode which works on Windows, but I didn't find any except TL-WN722N v1, not accessible to buy. Can you help me in searching?
    – michcioh
    Commented Apr 11, 2019 at 7:10
1

No you don't need monitor mode. It's only useful for receiving every wifi packet from ALL wifi networks - this is what you want if you want to start attacking wifi networks (eg. capture handshakes).

When you are connected to a network it's going to be in another state. When you are connected to a wifi network, or any network for the matter (ethernet), the gateway will pass the data to and from the host ONLY. Which means you will never receive the data intended from or to another machine. If you take a look at your screenshot you will see that you will only see the data between you and the mobile phone: 192.168.0.67 -> 192.168.0.87 > 192.168.0.67. What you want is a man in the middle attack. I'm not going to go into details about that but look it up. It will allow you to read data between the victim and gateway (most likely router). Both ways hopefully.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .