Wireshark mailing list archives
Re: Capturing Wi-Fi traffic to/from Modem
From: Evan Huus <eapache () gmail com>
Date: Sun, 13 Jul 2014 08:47:58 -0400
On Sun, Jul 13, 2014 at 12:47 AM, GaryT <gary () taig net> wrote:
Big thank you, Evan. On 13/07/14 01:53, Evan Huus wrote: [BIG SNIP] First step is to be able to use the wifi to e.g. browse the web; it's notclear from your email if that's even the case. If that's already working,I have full use of the laptop, full access to the Net, can download, upload, view videos etc. Have tested the connection with the wife viewing a video on her Samsung Tablet as I was doing the same on the laptop. Different videos from different locations. I'm happy with the way it works except for the absence of interfaces. Initially there was Bluetooth and nothing else. Now that I've turned off BT there are no interfaces from which to select. then capturing "cooked" packets (with all the IEEE802.11 headers,encryption, etc. stripped and replaced with fake ethernet headers) should be as simple as pointing Wireshark at your wlan0 interface. If Wireshark doesn't display any wlan* interfaces even though you have working wifi, that's *weird* and possibly a bug.It's nice to know there "should be" an interface. At least I know now that something really odd is happening. However, I have a feeling the answer might be contained in that doc I mentioned; it gets into the nitty gritty. http://wiki.wireshark.org/CaptureSetup/WLAN#Linux Do you have sufficient permissions to view those interfaces? If you justIt's my laptop, my Wi-Fi capable cable modem, my home office, I have all the authority I need Evan. Nobody else has any access to it. However, seriously I wonder whether I'm actually using Wireshark as root on this desktop unit. I remember reading some deep and meaningful discussion about the subject and apparently there is a potential security issue running WS as root from a terminal; all I do is click the Wireshark icon in the System Tools menu. Frankly I don't know whether I'm running it as root or not! Haven't given it any serious thought until now. Comment??
That's almost certainly the issue then.
installed the default Wireshark (which is actually inherited from Debian,so Canonical doesn't have much to do with it) then normal users aren't given permission to capture packets by default. You should follow the instructions in [1] to give regular users permission to capture packets.Have downloaded that page [1], made a PDF. Will read it and hopefully something will gel.... but the old brain is not nimble any more.
I believe the short version is: 1. Run "sudo dpkg-reconfigure wireshark-common" and select that Yes, non-superusers should be able to capture packets. 2. Add your user to the "wireshark" group (not sure if there's a UI for this in settings somewhere, if not, use "usermod -a -G wireshark $username", possibly with sudo in front. 3. Log out and back in for that to take effect.
Once you can capture cooked packets, capturing "raw" packets (with all theIEEE802.11 headers etc) should be as simple as checking the "monitor mode" box in the capture options dialogue box, assuming your version of Wireshark is recent enough (which 1.10.* should be).For this bit I had to turn on Bluetooth in order to get an interface list on the screen. There is a column titled 'Mon. Mode' (presumably monitor mode), and in that column (against Bluetooth) it shows n/a (ie. not applicable). On that same note, my desktop Wireshark v1.11.0 where I'm writing this also shows n/a in the Mon.Mode column of ALL the three available interfaces. They are: eth0 Interface to the big wide Ethernet world. any I don't know what "any" would be lo 127.0.0.1 The loopback When running I capture only on eth0. So, a Question: Can I assume that the n/a means not applicable ONLY because the interfaces I have on this desktop unit are not IEEE802.11 ?
Yup. But, the laptop also has its Mon. Mode column marked n/a against Bluetooth.
Doesn't BT come under IEEE802.11 ?? Should it not allow or enable me to select Mon. Mode?
No idea, but it seems reasonable to me that it's wifi-only. Guy might have a better explanation. As Guy pointed out in his reply anyways, that method doesn't work on Linux unfortunately.
Evan, I had gone through much of this on my own before writing my first post. I believe it's possible the Laptop might be to blame, that's why I included the details. The capture Setup document makes reference to cards and drivers but when reading that doc I encountered many terms, acronyms and other stuff that was completely foreign to me. That's where/why I need help, guidance, hand holding etc. Many thanks for helping. GaryT
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Wireshark Bluetooth Paul Raine (Jul 08)
- Re: Wireshark Bluetooth Guy Harris (Jul 08)
- <Possible follow-ups>
- Re: Wireshark Bluetooth Guy Harris (Jul 11)
- Capturing Wi-Fi traffic to/from Modem GaryT (Jul 12)
- Re: Capturing Wi-Fi traffic to/from Modem Evan Huus (Jul 12)
- Re: Capturing Wi-Fi traffic to/from Modem Guy Harris (Jul 12)
- Re: Capturing Wi-Fi traffic to/from Modem GaryT (Jul 12)
- Re: Capturing Wi-Fi traffic to/from Modem Evan Huus (Jul 13)
- Re: Capturing Wi-Fi traffic to/from Modem GaryT (Jul 13)
- Re: Capturing Wi-Fi traffic to/from Modem GaryT (Jul 27)
- Re: Capturing Wi-Fi traffic to/from Modem Guy Harris (Jul 13)
- Re: Capturing Wi-Fi traffic to/from Modem GaryT (Jul 14)
- Re: Capturing Wi-Fi traffic to/from Modem GaryT (Jul 27)
- Re: Capturing Wi-Fi traffic to/from Modem Guy Harris (Jul 27)
- Re: Capturing Wi-Fi traffic to/from Modem GaryT (Jul 28)
- Capturing Wi-Fi traffic to/from Modem GaryT (Jul 12)
- Re: Capturing Wi-Fi traffic to/from Modem Guy Harris (Jul 12)