If I correctly understood the basics of the wireless working, I should be able to sniff the traffic of other computers over the wireless LAN.
So I connected a second computer to my wireless LAN and tried to see if I was able to sniff its http
traffic through the network, using tcpdump
with a command like this:
sudo tcpdump -v -i wlan0 dst 10.0.0.7
while 10.0.0.7
is the ip of the computer that I want to sniff over the LAN.
But unfortunately, I get nothing as output (excepted ICMP echo requests if I ping 10.0.0.7
, so tcpdump
works fine 🙂 ).
What am I missing?
Best Answer
You will need to set your network interface into monitor mode to be able to sniff all traffic on the wireless network. So, before starting up
tcpdump
, do the following:This will simply turn off your interface, enable monitor mode and turn it on again. Note that not all network interface cards support monitor mode.
To reset your NIC back to normal, issue the same commands, but with
mode Managed
.On a side note, the traffic on your sniffer will most likely not look how you will expect it to look, due to any encryption schemes your router uses. Considering that you are sniffing your own network, you will be able to decrypt the traffic in most cases though. Here is a short overview on how to do it on
Wireshark
, an alternative totcpdump
that also features a graphical user interface. If you prefer to keeptcpdump
for capturing, you can also use its-w
option to dump traffic to a.pcap
file and later open that file in Wireshark (or any other packet analyzer).Note that if your network uses WPA or WPA2 encryption, you will need to capture the respective handshakes between router and each device you want to monitor. The Wireshark wiki article I linked explains how to do so: