Truepeace
Hi,
I was monitoring my local network at home using AWUS036H network card running it on Kali. After running it successfully in monitor mode I manged to catch some packets from my phone and other laptop. However I was wondering if I can see higher layer packets such as tcp or http packets. I google it but was stuck on decrypting the 802.11 packet. Since i know my WPA-PSK key it should possible right?
I would appreciate it If anyone can help me figure out how to do it.
scorz
You can do it with wireshark.
Truepeace
Yes I was using wireshark to capture packets in monitoring mode but when I used the decryption function using my wifi's password (tried with my original wpa pass and then changed it to wep and tried) I got no understandable results even though I had opened a http link from my phone but that didn't appear. My goal is to monitor everything going from and to my router. Thanks for help.
scorz
You will need to capture the handshake of the current session between the router and the device.
Note that not all device use the same handshake.
if you have two devices X and Y.
If you have the handshake of X you can't decrypt Y's data.
You can try to d/c(restart/sleep machines) then connect all the devices while capturing and then start decryption then wireshark can capture the handshakes and it should work.
mhamadhdb
Since you are using kali, first you have to connect to your router, second you have to arp poison mitm the network (using ettercap-ng) so all the traffic passes by you first, third open wireshark and enjoy :')
NuclearVision
I'll try and make this thread useful, Just in case anybody comes across.
After generating the psk, go to preferences add new wpa-psk, check the decryption box.
Now you won't see Precise packers, but rather 802.11 broadcasts. the trick is to Make your device disconnect then connect, so it's forced to renew its lease, and acquire new handshakes which are 4 eapol-type packets, you can see them while capturing after your device connects. in a nutshell, while capturing, just disconnect and connect the targeted device from wifi.
You'll start seeing tcp and http packets. You'll need to do that everytime you recapture, because handshakes are
packets themselves and naturally are deleted after a every new capture.
dduetto
You can use some of this useful tools:
dsniff
Cain and abel
Wireshark