Monitor mode has to do with what the Wifi receiver will (try to) pick up at the Wifi MAC layer. Promiscuous mode has to do with what the Ethernet layer, on top of the Wifi driver, will let through. The link layer type has to do what kind of frames you get from the driver. I want to monitor the HTTP traffic of all clients connected via wifi to my wireless router. I want to capture the traffic with my Notebook which is also wirelessly connected to the router. Hardware & Software setup: Capturing with: Intel 7260 Wireless, Ubuntu 14, Wireshark & Aircrack-ng. Client to monitor: Android Smartphone.
I want to sniff wifi packets with wireshark but monitor mode seems to fail. I'm using backtrack 5 and an alpha AWUS036H wifi usb card, i try to sniff my own box without encryption. Here is what i'm doing to activate monitor mode: root@root:# airmon-ng start wlan0 wich seems to be working: root@root:# iwconfig mon0 mon0 IEEE 802.11bg Mode:Monitor Tx-Power=20 dBm Retry long limit:7 RTS thr:off Fragment thr:off Power Management:on However when i start capturing on mon0 in wireshark i'm only getting broadcast packets. In capture options the 'capture packets in monitor mode' option is grayed out. I do not understand what's going on.
Aha @pslayer89 again , thanks for your help. I will copy paste first part of my reply from Wireshark Q&A: My problem was that I was able to see broadcast data like beacons in monitor mode but I could not get any HTTP request.
![Wifi Wifi](/uploads/1/2/5/3/125364200/105765977.png)
Tests where done with my smartphone connected to an open hotspot. The solution was to set WiFi channel to the hotspot one! I did iwconfig wlan0 channel 6 in my case and it worked.
To capture data while surfing the internet I do airmon-ng start wlan0 otherwise net connection crashes. – Dec 10 '13 at 16:17.
Hi, I just tested it under Npcap 0.90, Wireshark 2.2.6 QT, Windows 10 x64. And the monitor mode works well like the following picture: Please do not install the wifi driver by calling NPFInstall.exe -i2 manually. That command may not work any more. Please use the Npcap GUI installer, and choose the 802.11 option. It's the safest way. And you can use the Wireshark QT GUI, instead of the GTK one.
I found that the GTK UI doesn't have a place to set the monitor mode in 2.2.6. Maybe Wireshark has disabled this feature in this release. So please try it with the QT UI. If I remember right, Netgear A6200 just doesn't support changing channel on Windows. I don't know this is limited by its hardware or by its driver on Windows.
If it can work on another OS like Ubuntu, then it should be the driver issue. It is hardly Npcap's problem, because I have implemented the changing channel code in Npcap driver, and Npcap can change channel in another adapter of mine (an Atheros NIC on my last laptop). You can make a little more test to re-check this thing. Use the WlanHelper.exe utility installed with Npcap, should be in C: WINDOWS System32 Npcap. It supports doing the Wlan specific operations, have better functionality than the Wireshark UI. Use -h to see the help.