Can't see WiFi traffic from my mobile in Wireshark?

Question

So, I'm running Ubuntu Linux on my laptop, and Android 4.0.4 on my mobile (I don't think this is relevant, but just in case). I've got my laptop unassociated from any networks, and my mobile is on my network and has been assigned (by DHCP) the IP of 192.168.0.109.

On my laptop, I did this: ifconfig wlan0 down && airmon-ng start wlan0 && ifconfig wlan0 up .. this created my mon0 interface for promiscuous mode, if I'm not mistaken.

I fired up Wireshark, attached it to mon0 and assigned a display filter of ip.addr == 192.168.0.109, go back to my mobile, and navigate to a few websites. I get absolutely nothing.

The step listed here - unable to read packets captured from wifi network using wireshark - do not help either.

Anyone tell me what I'm doing wrong? :(

Thanks!

Answer 1

Set the WPA or WPA2 key by going to:

1. Edit » Preferences
2. Protocols
3. IEEE 802.11
4. Enable decryption
5. Enter the WPA or WPA2 key in Key #1 or the next field, or in more recent versions use the "Edit" button to add a key of type wpa-pwd with a value like myPassword:mySSID.

You might need monitor mode (promiscuous mode might not be sufficient). Also, make sure the device connects after you started monitoring (as Wireshark needs the handshake packets to decrypt).

See also these instructions.

Answer 2

The problem I was having was that the wifi card I was using wasn't giving errors when I switched modes, but it didn't support them none-the-less.

Using another card worked.

Thanks!