Unable to read packets captured from wifi network using wireshark - linux

I am connected to my home wifi network using Ubuntu 10.10. The protection is WPA2-auto.
I want to capture packets from it.
$ sudo iwconfig wlan0 mode monitor
$ sudo wireshark
I try to capture from wlan0.
Am connected to the wifi network with an android phone and browsing websites.
However I am unable to see unencrypted http packets.
I select Edit|Preferences|Capture|Protocols
and select 802.11 and set the checkbox to yes for 'decrypt packets'.
Still nothing.

Solution: run airmon-ng from the aircrack-ng project to set the wireless card into monitor mode. (this was pointed out by a Wireshark developer on the mailing lists). Apparently iwconfig does not work properly as it has issues on Ubuntu.
airmon-ng start wlan0
This will set it into monitor mode and create interface mon0.
After this, I was able to capture off the mon0 interface using Wireshark.

You must capture the association sequence to be able to decrypt the traffic.
If you start your capture when the phone is already connected then Wireshark
cannot decrypt the packets.

Related

Tshark will not capture BTLE packets with nRF sniffer

I am having issues using tshark to capture BTLE advertising packets.
The system works very well with Wireshark. However, when I try to run tshark from the command line, it immediately quits and says "0 packets captured."
Any ideas why it may be working in Wireshark but not in Tshark?
Setup:
I am using the nRF51 DK for the sniffer. This works well in Wireshark (version 2.6.1) as I mentioned. I have a peripheral device that is sending advertising packets that Wireshark easily detects (i.e. I know the hardware works and there are advertising packets being sent).
Command used:
After navigating to my Wireshark folder on the command line, I type:
tshark -i 6 -a duration:10
My nRF sniffer is interface 6. Everything is run on a Windows 10 machine.
Further Info:
Tshark works correctly if I try to capture wifi
tshark -i 1 -a duration:10
where interface 1 is the wifi interface.
Thanks!
Just had confirmation from Nordic that the nRF-sniffer is not currently supported by TShark.

beaglebone black wireless bluetooth AVRCP

I am working on a project with the beagle bone black wireless, where I need to be able to send music control commands to a phone. Note, I don't want to stream music to my beaglebone. I have spent about a week looking online, and found very little about this.
The OS for the beaglebone is Debian Jessie. I can get things like hci0tool, Bluetoothctl, hciconfig to work. I can detect and pair to a device. It seems though that my connection only lasts for the pairing process, and fails every time afterwards.
My current process is executing:
sudo su
bluetoothctl
power on
agent on
default-agent
scan on
I get the mac address
scan off
pair <MAC Address>
trust <MAC Address>
connect <MAC Address>
As of now pairing and trust succeed, though the connection ends after pairing finishes. And I have no idea of where to start for sending a command to a phone.
Connect call on Device1 interface will tries to connect all the profiles supported between the device and adapter. This happens by negotiating or exchanging the supported profiles.
Connection may not be possible when Adapter doesn't support the minimal requirement of profiles which is needed by the Device. In this case, you may need A2DP provider in adapter end to get connection successful. Yes, this is contradictory to this statement.
If you don't want to connect with all the profiles between Device and Adapter, then you can use ConnectProfile method in Device1 interface.
But bluetoothctl doesn't provide commands to achieve neither ConnectProfile nor you AVRCP commands.
You need to use D-Bus calls to get the communication with Bluetoothd. If your application is command line/shell based, you can use dbus-send/gdbus commands to address the D-Bus interface.
Although bluez-tools implements media control AVRCP commands, it doesn't provide any utility which uses it. Either you can compile bluez-tools as library and develop application using the media control API or use dbus-send/gdbus.
I have started with some samples using GDBUS, but not yet for AVRCP controls. See here : https://gist.github.com/parthitce
and Documentation here: https://www.linumiz.com/category/blog/

Alternate ways to log into BeagleBone Black when static IP is unknown

I am attempting to access my BeagleBone Black but I am having some issues and I'm needing some help.
I messed around with my BBB almost 2 years back and I statically set the IP address for eth0. Unfortunately, I don't recall what I changed it to. If I knew the network, I could probably figure it out but I haven't the slightest clue what it could be.
I am running Windows 10 on my laptop and I have a USB to USB-mini running to the device which provides to it power and a connection.
I have installed the latest drivers, PuTTY, and WireShark. I made sure the drivers were imported, ran WireShark for DHCP requests/ARP broadcasts, LL DNS updates, or SSH port references but I wasn't seeing anything on that particular interface on my laptop (ran as promiscuous and nonpromiscuous).
I read that the default IP address for the beaglebone.local is 192.168.7.2 but I wasn't able to reach it via ICMP, HTTP, or SSL.
I assumed the USB connection provides either an Ethernet-over-USB connection or a serial connection (UART through USB), so, I have both the USB connected and the Ethernet cable connected.
To see if I could just use a serial connection with PuTTY (Serial-to-USB), I opened Device Manager to see which COM port it was using. The odd thing is that COM ports aren't listed in Dev Manager, not even by default when nothing is connected. There also wasn't section for Unknown Devices.
I figured at this point, it wouldn't hurt to download the latest release of Debian for BeagleBone. I wrote the .img to a 32GB MicroSD card and held down the USER/BOOT button while I applied power (as per the instructions).
Still no luck and I'm now out of ideas.
I only have a laptop at my disposal, currently. I don't have immediate access to a monitor, mouse, and keyboard so I wouldn't be able to view what is happening internally. The LED0 is giving me the standard heartbeat flash (2 consecutive flashes followed by a longer off period).
Does anyone have any suggestions?
TIA

airodump-ng is malfunctioning

I'm on Kali-linux 32 bits on Oracle VM VirtualBox, and I have this problem with airodump-ng,
I got my wireless card's interface name, put it into monitoring mode with airmon-ng command, but when I attempt to locate the available wireless networks nearby, the airodump-ng tool displays ZERO access points:
I just want to add that the wlan interface didn't show up at first, so I downloaded and installed compat wireless.
the virtual box cannot virtualize the Wifi card, so u need an externe network adapter able to be switched to monitoring mode, u can see at wiki-linux. or install it on your physical machine if your network adapter is compatible.
I suggest you to check if your wireless adapter is compatible with kali-linux. You can check here for suggested wireless adapter.
For my case i am using TP-link wn722n wireless adapter which work fine with kali linux. You can simply switch the wireless interface to monitor mode by using the command below without using airmon-ng command.
Iwconfig [Interface name] mode monitor

Capturing network traffic on Linux

Question: I have one Windows laptop, one Linux laptop and a wireless router.
Now I want to "investigate" the hotmail/windows live protocol.
What I want to do is route network traffic from the windows laptop via ethernet to the linux laptop, capture it on the Linux computer, forward it wirelessly to the router, receive the hotmail response from the router on the linux computer and forward it to the windows computer.
How do I do that?
In essence, switching the Linux laptop between the Windows laptop and the router, to capture network traffic ?
Which program is best for capturing/analysing ?
Please note that for whatever reason, packet capturing with winpcap on the windows computer doesn't work...
Of course you can do this, take a look at wireshark
man tcpdump
On my Mac, I do it like this:
sudo tcpdump -ien1 -s0 -xX -vvv
I don't know how similar tcpdump options are across platforms...
Note, tcpdump also allows you to capture to a pcap file that could then be imported to Wireshark and maybe other gui tools.
As others have mentioned, you can use wireshark (find out how to use filters to remove unnecessary packets in your log). If your Windows and Linux box are on the same network, you do not need that setup to sniff packets. Unless you are using ndiswrapper, you would probably be able to set the wireless network device on the Linux box to "monitor mode" and it will sniff all packets on your LAN. If your device does not support that mode, you can try connecting both boxes to your router physically. That will help you avoid the routing you described in your question.

Resources