2

I recently bought a WiFi adapter with Monitor mode (Alfa Network AWUS036NHA) and I want to sniff all my network traffic at my home.

The goal is to detect some packets sent and received by my 'physical' virtual assistant, Alexa (Amazon Echo Dot), on my computer (wired) with Wireshark. Basically I want to be able to see on real time when my virtual assistant communicate with Amazon Cloud servers.

I think this is not possible on Windows so I already tested it on Kali but I can only see connected devices and strange communications on my network (wlan0mon with monitor mode activated) as you can see below :

enter image description here

enter image description here

Also, it seems a little bit strange but I think the first time I put on the WiFi adapter on my Kali VM it worked! I'm pretty sure that I was able to see amzn packets with the MAC address of my virtual assistant.

I hope that I've been clear, anyone have an idea? Feel free to ask questions!

Improve this question
0

1 Answer 1

Reset to default
1

This isn’t really a problem of Windows or Linux. With WPA2 Wi-Fi security, each device negotiates its own encryption key with the Wi-Fi base station. Of course, if you know the network password and observe the handshake, you can probably easily decrypt it.

Not really worth the effort, because you can simply become the router yourself with a few changes:

  1. Set static IP config on your PC
  2. Enable routing on your PC (easier on Linux)
  3. Become the DHCP server (disable on actual router, install one on your PC), advertise your PC as the router

Easier still: Your router may support packet capture by itself. You would not be able to see live traffic this way of course.

Yet another way is to tamper with DNS responses and redirect select traffic only, but you have to know which DNS names to redirect.

Echo devices probably implement somewhat reasonable security and use encrypted connections. You will not be able to see what your Echo device sends or receives, just that it does and how much.

Improve this answer
3
  • Ok thank you i see what you mean. Actually I don't really want to decrypt the echo traffic, I just want to make a statistical study about Echo's woke ups (for example how many times the Echo call Amazon Cloud services per day). If I create an access point, connect it the Echo and then I sniff its traffic its the same thing isn't it ?
    – Gwynbleidd
    Commented Jun 25, 2021 at 21:25
  • I'm going to disagree with this answer... Even encrypted 802.11 frames still look like completely valid 802.11 frames to the outside, and the whole point of "monitor mode" is that it shows everything the radio can receive, decryptable or not. So it is supposed to include the encrypted data sent by other devices. (Wireshark itself is able to decrypt them if given the PSK and if it sees the WPA2 handshake.)
    – grawity_u1686
    Commented Jun 26, 2021 at 8:32
  • I didn't say it couldn't be received though? I assume OP wants more than just the information that an Echo device was involved in any (internal or external) kind of network traffic.
    – Daniel B
    Commented Jun 26, 2021 at 9:13

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .