First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

I want to capture packets from a network (not mine) ...

  • retag add tags

(I have permission from my neighbour) I have the MAC addr, and I see this networks Bssid (Via Netspot) and have tried many filters in Wireshark fx. eth.addr == XX:XX:XX:XX:XX:XX and eth.dst == +others, but just blank capture screen. What am I doing wrong? I'm using windows , I have also tried to capture a large amount of data in WS, and then implement the filters afterwords, but nothing (Is this the way I must do it? capture first... I have tried with my internal WiFi gard ""a Intel Centrino Wireless-N 2230" and an external "NETGEAR A6100 WiFi" Adapter

Can anyone help a frosen Norwegian out.

erik8's avatar
1
erik8
asked 2018-10-08 23:12:32 +0000
edit flag offensive 0 remove flag close merge delete

Comments

Easiest way is to ask the owner of this network for access to it. The next easiest is with a linux machine with an adapter that supports monitor mode (google for best adapters), then you'll probably also need access to a super computer to crack what is probably WPA2 and don't forget a criminal defense lawyer.

pr0n's avatar pr0n (2018-10-09 14:59:41 +0000) edit
more
  • delete
add a comment see more comments

1 Answer

0

If it is a true wireless capture then the proper filter would be: wlan.addr eq XX:XX:XX:XX:XX:XX. However, if you just using Wireshark to capture off of your Netgear adapter then you most likely won't see any traffic with the BSSID in the capture. You would need to put the device in monitor mode. Typically this can easily be done with a Mac so that you can get all of the wireless frames. Even then, unless the network is open, you probably won't be able to view any data as it's all going to be encrypted.

In general terms what are you trying to troubleshoot?

felixbkk's avatar
5
felixbkk
answered 2018-10-09 04:08:09 +0000
edit flag offensive 0 remove flag delete link
more

Comments

First of all THANK YOU for your answer and interest, but when I use NetSpot I can se my neighbours Bssid, AND that his router has a lot of WiFi activety from that MAC/Bssid, its THAT activety i thougt i could capture by inserting a correct filter in wireshark. Is it the monitoring mode you talk abou who is to blame? I do not have a MAC but a pc, is monitoring mode possible? WS is driving in promiscuous mode, but that is somethin else?

Regards Adv. Erik R.J.

erik8's avatar erik8 (2018-10-09 10:07:40 +0000) edit
more
  • delete

See the link for some Monitor Mode ideas on your platform:

https://wiki.wireshark.org/CaptureSetup/WLAN

You need both Monitor Mode and Promiscuous Mode for good 802.11 wifi captures; they are not the same. Typically, though, selecting promiscuous mode on a wifi adapter has little control over what the adapter actually does - it either supports it or it doesn't at the driver level when dealing with monitor mode.

There is no filter that is going to help you collect the correct data - once you capture in the correct way, then filtering can be applied to focus on specific subsets of your data, like ONLY your neighbors network, your test network, or whatever.

Bob Jones's avatar Bob Jones (2018-10-09 10:55:40 +0000) edit
more
  • delete
add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer