unable to capture wifi with monitor mode in wlan0 in VM

  • retag add tags

I want to use VM Wireshark to capture WIFI traffic. I use usb wireless adapter connected to VM with wireshark running. but I'm unable to see the wifi traffic from the host or other devices in the same network. I didn't see any traffic in wlan0. I've turned on monitor checkbox in wlan0 but it was turn off automatically. Any ideas? Thanks!!

erik9801's avatar
1
erik9801
asked 2021-10-06 15:12:30 +0000
edit flag offensive 0 remove flag close merge delete

Comments

USB wifi adapters can be tricky in a VM; best not to do it.

To give yourself the best chance:

  1. Try a different USB mode (USB2 to 3 or vice-versa)
  2. Disable interfering applications on the VM; namely, NetworkManager
Bob Jones's avatar Bob Jones (2021-10-06 16:22:18 +0000) edit
more
  • delete

Thanks Bob. If I don't use external wifi adapter, can I still capture http traffic over WIFI? Am I supposed to use eth0 interface? I thought eth0 interface is for wired. I am confused if 802.11 traffic contain HTTP traffic.

erik9801's avatar erik9801 (2021-10-06 16:46:36 +0000) edit
more
  • delete

No, you likely can't use eth0 to capture WiFi traffic. Some options for wireless packet capture include using a Macbook, or booting a laptop into Linux directly via a live USB.

802.11 frames can contain http/https traffic if the system is setup so that that traffic stream goes out over a wireless interface and you are able to pick it up (and decrypt it, if WPA2/3 is in use as it should be).

Bob Jones's avatar Bob Jones (2021-10-07 09:51:33 +0000) edit
more
  • delete
add a comment see more comments