How to capture TCP/UDP, HTTP traffic on wireshark. Only getting 802.11 from my machine with adp

Question

So I am fairly new to using Wireshark and cannot figure out how to capture all the traffic on my network. The steps I have taken are putting my card into monitor mode then opening Wireshark and choosing that interface. Once Wireshark starts I get lots of information about AP's around me however all are on the 802.11 protocol. Thats about it. Althought, if I open Wireshark and choose my other adapter that is not in monitor mode and is connected to the internet then I can see HTTP and TCP packets but only from my machine. I am not picking up packets from the rest of the network. So I am not sure what I am missing. Are there some other settings that I need to configure to pick up traffic from the rest of the devices on the the network. Thanks to anyone that can be of help.

Answer 1

If your wireless network is encrypted (e.g. if you're using, say, WPA2-PSK), then Wireshark at first will only be able to see the encrypted form of the 802.11 packets, and won't be able to decrypt them to see the TCP/IP (or UDP/IP) packets inside.

Wireshark can decrypt WPA2-PSK encryption, but it takes some work. You need to know the passphrase or PSK of the network, the network name (SSID), and you need to capture the WPA2 eapol-key "4-way handshake" that is performed between the target client and the AP (wireless router) when the client joins the network. If you capture that 4-way key handshake, and know the password and SSID of the network, then you can decrypt all the packets to/from that client, for that session (i.e. until that client leaves and rejoins the network, in which case you'd need to capture the new 4-way handshake in order to decrypt the traffic from the newly-started session).

The details of how and where to input the network password and name in to Wireshark is available in the Wireshark documentation for How to Decrypt 802.11