There was a warning that some network cards would disassociate during monitor mode, which does make sense. Then I switched to monitor mode for that interface (see screenshot #3), and all I could see was radio traffic, not the IP within that radio traffic. I was also monitoring in 'ethernet' mode. (This makes sense, even though I was in promiscuous mode, the traffic was between the AP (access point), and the target wireless client.) This made sense, since I was monitoring the local interface, and the traffic from the target device wasn't flowing through my interface on the macbook. I was able to detect network traffic from my local computer to the URL in question, but when viewing the same URL from a different device, I was not able to see that device's traffic.
#Airattack wifi with wireshark update#
Update for context and more information for I started this process, I used promiscuous mode on the en0 interface (wireless) on a macbook air. If this is the case, is there software to decrypt the data after it has been recorded? If I need the passphrase, I have it (given that this is my lab network). What settings am I missing, or do I need to decode the WPA2 passphrase to view the data? I am also able to see and capture 802.11 packets using monitor mode, but I cannot see their content. I have wireshark configured properly to capture on the wireless interface.
I've seen this in action (ala firesheep) on a wired network. I'd like to demonstrate that unencrypted (non-HTTPS) network traffic on a wifi network can be viewed by other wireless devices. I'm attempting to replicate a 'wifi cafe' setup in a home lab environment.
0 kommentar(er)
