I use wireshark on ubuntu 14.04 and I am trying to sniff wifi traffic of other devices in my network. I run wireshark or tshark on wlan0, start capturing packets and send some pings or open some pages on my phone, but my ubuntu laptop doesn't capture that - it only sees packages from its own ip to other ip addresses, from other ip addresses to its own ip, and broadcast packets.
Manually turning on promiscuous mode for wlan0 using sudo ip link set wlan0 promisc on
doesn't help.
It looks like my wifi adapter is able to use both promiscuous mode and monitor mode because I can do sudo airmon-ng start wlan0
and a new mon0
interface will appear and I can capture its packages with wireshark, however that's not what I need. Those packages on mon0 are all of protocol 802.11 and not tcp, icmp, etc. as on wlan0.
Update
I decided to eliminate the possibility that it's ubuntu's NetworkManager or some other stuff interfering with wireshark, so I tried kali linux.
Here are the exact steps I use:
- Load kali linux
- Connect to my home network using gnome wireless networks widget thing.
- Run wireshark, press Capture Options, check wlan0, check that Prom. Mode is enabled and Mon. Mode is disabled, leave everything else on default
- Press Start
- Ping the ip address of my kali linux laptop from my phone
- Notice that I can see ICMP packets from my phone's IP address to my kali laptop IP and vice-versa
- Ping 8.8.8.8 from my phone
- Notice that I can't see any packets from my phone's IP to anywhere but I can see packets of LLC protocol from "Netgear_d9:19:e8" (that's my router I guess) to "SamsungE_2d:ad:da" (that's my phone I guess)