Trying to monitor wireless trafic

Hello all

I would like to monitor the network trafic on my home wireless network.
I would like to monitor which computers are connected, what they are
doing, etc. Actually the same as I could do if I were using Ethereal
from a router. My wireless network is protected with a WPA key, which I
know of course.
I tried using Ethereal, but it sees only the packets issued by the
computer it's running on, not the packets exhanged between the access
point and other computers of the network.

Is there any way I can see/capture packets on a WPA-protected network,
knowing the key???

Thanks,
Philippe

Philippe Perrin schrieb:
> Hello all
>
> I would like to monitor the network trafic on my home wireless network.
> I would like to monitor which computers are connected, what they are
> doing, etc. Actually the same as I could do if I were using Ethereal
> from a router. My wireless network is protected with a WPA key, which I
> know of course.
> I tried using Ethereal, but it sees only the packets issued by the
> computer it's running on, not the packets exhanged between the access
> point and other computers of the network.
>
> Is there any way I can see/capture packets on a WPA-protected network,
> knowing the key???
You dont need the key to capture the packets.
You need to change the mode of your wireless card to monitor mode.
You´ll obviously still need some tool to decrypt the captured packets
with your key. If youre using ndiswrapper youre probably out of luck, as
most (to my knowledge) windows drivers dont support monitor mode.
If you can set the mode via iwconfig <device> mode monitor
Ethereal/Wireshark will display the raw packets from other devices as
you cant send in monitor mode.
>
> Thanks,
> Philippe

On Dec 27, 8:09 pm, Philippe Perrin <philippeper...@yahoo.com> wrote:
> I tried using Ethereal, but it sees only the packets issued by the
> computer it's running on, not the packets exhanged between the access
> point and other computers of the network.

At which computer are you running Wireshark?
Is this computer connected via a wireless network interface?

> Is there any way I can see/capture packets on a WPA-protected network,
> knowing the key???

If you have a wireless network interface you may set it to promisc
mode, configure the enc key and watch for packets.

(E-Mail Removed) schrieb:

> If you have a wireless network interface you may set it to promisc
> mode, configure the enc key and watch for packets.
>
You need to set the device into monitor mode.
The analogy between a cable network and a wireless can be described
pretty closely:
Ad-hoc:crossover connection between to nodes.
Managed:switched network.
Monitor:similiar to a network with a router (aside from the fact that
sending is usually not possible).

Setting the device to monitor mode from managed mode is thus similiar to
exchanging a switch with a router. Setting promiscous mode is of course
necesarry on top of this to capture packets.

All riht thanks Syren and Pedro. Will work on it when I get back home.
WIll post again if I need more help!

Philippe

Philippe Perrin a écrit :
> Hello all
>
> I would like to monitor the network trafic on my home wireless network.
> I would like to monitor which computers are connected, what they are
> doing, etc. Actually the same as I could do if I were using Ethereal
> from a router. My wireless network is protected with a WPA key, which I
> know of course.
> I tried using Ethereal, but it sees only the packets issued by the
> computer it's running on, not the packets exhanged between the access
> point and other computers of the network.
>
> Is there any way I can see/capture packets on a WPA-protected network,
> knowing the key???
>
> Thanks,
> Philippe