Hello, I have two smartphones, which are connected to my access point. I'd like to collect the traffic from the smartphones to monitor what data is sent from these smartphones. However, my network card is on promiscuous mode but when I run Wireshark I can not find the traffic from the devices. How can I collect the data of these smartphones? Thanks!
If you can, focus on wired capture of the wifi devices as it is usually easier. Some setup instructions to get you started are here.
If you really need over the air (ota) capture of the devices, there is a setup page in the Wireshark wiki. Really depends on the problem as to what you need; in any event, I always start with wired captures of communications of wireless devices if at all possible to scope the problem. Only then do I progress to OTA captures if the need arises.
You may need special equipment in either case. For wired, you may need to force the phone's traffic onto a single network link and capture traffic from it through a tap, mirror port, etc. This may require changing the network configuration, the network hardware, or both, to accommodate. This doesn't have to be expensive, but it may be equipment you don't have and might need to procure.
For WiFi, you may need OSs and adapters that support monitor mode and promiscuous mode.
Just setting promiscuous mode on an interface on a typical interface/typical network will usually not produce meaningful data as the infrastructure is filtering what data is sent where and has to be configured to provide it to a place where you can capture it. In this case, you are probably using a network switch which provide filtering of unicast (at a minimum) data traffic by way of MAC addresses so you are only seeing the host;s unicast traffic, and then subnet multicast and broadcast. But what you likely want is unicast traffic from the phones, and that's where all of this comes into play.
Comments