Hi, I have 3 different devices for my kids connected to my home access point (smartphone, laptop, and Ipad). I want to collect the traffic from the devices to monitor what my kids browsing or watching on youtube. However, my network card is on promiscuous mode but when I run Wireshark I can not find the traffic from the devices why? and how I can do it.
Thank you
If you want to intercept and read HTTPS traffic, you'll need a proxy that reencrypts the traffic. mitmproxy or sslsplit can do that for you, provided you can install custom CA certificate on the devices. Be careful though, this could be a huge security issue.
There are several ways to set it up. The easiest is to just have it running on a machine somewhere on the network, and configure each device to use said HTTP proxy.
However this can easily be bypassed by modifying the wifi proxy setting. The surefire way to redirect all traffic through it is to run it in transparent mode. In that case, you need to put the proxy in the network chain, so it most likely means you need a separate wifi for those devices, and a computer with two network interfaces to run the proxy. (Actually it can work with just one device like a raspberry pi, but that's quite a lot of configuration.)
Before doing any of that, make sure you understand 1. the implications of installing a custom CA certificate and 2. the basics of network routing.
Hi,
You may be able to capture some traffic by using a TAP on the link going from your router to your "Internet.” (To your modem, DSL, etc.)
NAT will make it hard to tell which device is responsible for what traffic.
I must also warn you that most of the traffic is encrypted on the Internet nowadays. (HTTPS)
This means you can probably see WHERE they are going but not WHAT they are doing.
Regards,
Spooky
Comments