Re: Wireshark not capturing packets from iphone on the same wireless LAN

["Micheal Blue" <mblue () gmx us>]

> If so, have you followed the instructions to put the NIC into *monitor* mode on Linux?
>
>       https://wiki.wireshark.org/CaptureSetup/WLAN#Linux
>
> Promiscuous mode doesn't suffice on Wi-Fi.

Ah, I was unaware of this fact... I do not believe that my hardware on the laptop is supported:

% sudo airmon-ng start wlan0                       
Found 1 processes that could cause trouble.
If airodump-ng, aireplay-ng or airtun-ng stops working after
a short period of time, you may want to kill (some of) them!

  PID Name
  139 wpa_supplicant

PHY     Interface       Driver          Chipset

null    wlan0           rtl8192cu       Realtek Semiconductor Corp. RTL8188CUS 802.11n WLAN Adapter

 
> Note, however, that, if you capture in monitor mode on a protected network (using WEP or WPA/WPA2), the traffic will 
> be encrypted, and you will need to give Wireshark enough information in order to decrypt it:
>
>       https://wiki.wireshark.org/HowToDecrypt802.11
>
> (yes, 802.11 was *intentionally designed* to be hard to sniff!).  That also means that:
>
> > * I have tried capturing without a filter present (all traffic) and also specifically targeting the iphone address 
> > with this filter, "host 192.168.1.203" which is the ip address of the iphone.
>
> ...in monitor mode, the capture filter will not be able to do anything with the encrypted payload, so filters such as 
> "host 192.168.1.203" won't work.

Thanks for the info here too. Perhaps I should just drop it :/
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe