I guess you have 2 WiFi devices, lets call "host" the legitimate network device connected to the AP/Router and "sniffer" the one trying to capture the traffic. After your comments and update, I will try to answer, even though I'm still not sure I'm getting the question right. Perhaps I am missing something in my understanding of the data flow here?. So I would consider it possible I might be able to decrypt the radio packets between the target client and the AP, given the correct wireless passphrase (which again, I have).
However, if I can see the radio traffic, I would expect to see all of the radio traffic, which would thusly contain all of the IP, even if it were encrypted. There was a warning that some network cards would disassociate during monitor mode, which does make sense. Then I switched to monitor mode for that interface (see screenshot #3), and all I could see was radio traffic, not the IP within that radio traffic. I was also monitoring in 'ethernet' mode. (This makes sense, even though I was in promiscuous mode, the traffic was between the AP (access point), and the target wireless client.) This made sense, since I was monitoring the local interface, and the traffic from the target device wasn't flowing through my interface on the macbook. I was able to detect network traffic from my local computer to the URL in question, but when viewing the same URL from a different device, I was not able to see that device's traffic. Update for context and more information for I started this process, I used promiscuous mode on the en0 interface (wireless) on a macbook air. If this is the case, is there software to decrypt the data after it has been recorded? If I need the passphrase, I have it (given that this is my lab network). What settings am I missing, or do I need to decode the WPA2 passphrase to view the data? I am also able to see and capture 802.11 packets using monitor mode, but I cannot see their content. I have wireshark configured properly to capture on the wireless interface. I've seen this in action (ala firesheep) on a wired network. I'd like to demonstrate that unencrypted (non-HTTPS) network traffic on a wifi network can be viewed by other wireless devices. I'm attempting to replicate a 'wifi cafe' setup in a home lab environment.
0 kommentar(er)
