Wireshark-users: [Wireshark-users] Capturing Wi-Fi traffic to/from Modem
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: GaryT <gary@xxxxxxxx>
Date: Sun, 13 Jul 2014 01:40:32 +1000
On my desktop I have Wireshark Version 1.11.0 running on Linux 2.6.32-55-generic. 

I'm slowly moving over to a laptop which of course is Wireless.

The Laptop is:
  ThinkPad R500
  Core 2 Duo P8400
  2.26 GHz
  2048MB RAM
  BIOS V207 (Feb 2009)
Have loaded the default Canonical Wireshark (v1.10.6 from master-1.10) onto the laptop and found it was monitoring only Bluetooth, and of course, it captured no packets. There was no option to monitor Wi-Fi traffic. Big lesson #1. It's not that simple.
Generally I'm interested only in the traffic to/from the wireless modem (ie. Internet). Have now switched off Bluetooth, because I don't use it. I'd also like to know a bit about how to detect and protect from rouge wireless attacks, if that's at all relevant.
Notwithstanding all that, I want to maintain the capability of connecting the laptop to my big monitor with perhaps a short Ethernet cable to the modem. That may be a whole new discussion but learn I must. 

Searched and found a 6000 word document on the Wireshark.Org site...


WLAN (IEEE 802.11) capture setup
--------------------------------
The following will explain capturing on 802.11 wireless networks (WLAN).
By the time I read half way through that doc the old head was spinning. So many things to consider, so many options and possibilities for someone whose knowledge of Wi-Fi is about as solid as his knowledge of the atmosphere on Mars. Memorising, even understanding that overall flow chart is beyond my current capability.
I need help to discover the card and drivers etc on the laptop and someone (or some folks) to hold my hand and show me how to: 

(1)
identify and obtain the correct version of Wireshark
(Perhaps the current v1.10.6 is enough)

(2)
identify the Laptop card and drivers etc in order to determine how to get Wireshark capturing 802.11 packets. 

From that (above) document I'm aware of many snippets of info, for example:
[The "monitor mode enabled on mon0" means that you must then capture on the "mon0" interface, not on the "wlan0" interface, to capture in monitor mode. To turn monitor mode off, you would use a command such as sudo airmon-ng stop mon0, not sudo airmon-ng stop wlan0.]
But, learning them all, understanding them and applying them in the right order is beyond the capacity of this tired old brain. I can drive nails, as a younger man I designed software for many years but this little house will be built from strange new materials. 

Greatly appreciate any help, pointers, comments.
Wouldn't it be terrific if someone wrote, "All you need to do is..."
GaryT