How to capture all wireless network traffic wireshark and wpa2?

icebox19 picture icebox19 · Feb 21, 2014 · Viewed 37.9k times · Source

Ok, so I want to do some tests on my network. I have a wireless network, with a WPA2 password. I have the password, it's my own router. I have 3 laptops in here, and I want to capture all the traffic from the router with Wireshark.

I've first set my wireless network in monitor mode (I am using Manjaro linux, and I've set it into monitor mode with airmon-ng), and I've tried to see the traffic. I've started wireshark with mon0, and there were only encrypted wireless 802.11 packets. If I set it for my real wireless card, I get traffic but only from my IP address.

How can I monitor all the traffic on the network (decrypted, and from all IPs) if I have the password, and I can even get a 4 Way handshake if it's needed.

I've tried from wireshark with:

Edit -> Preferences -> Protocols -> IEEE 802.11 -> New -> wpa-psk and in the Key box: "AP:password" but I get an Invalid key format error.

Any ideas ?

So the idea is to get all the traffic on a secured WPA2 access point, if you know everything and you even have access to the router.

Answer

Pierz picture Pierz · Oct 22, 2014

The problem seems to be that you are attempting to add a password when you have opted to enter a Pre-Shared Key(PSK). If you want to provide a password for decryption you need to enter it by selecting: Edit -> Preferences -> Protocols -> IEEE 802.11 -> New -> wpa-pwd

Also you'll need to tick the 'Enable decryption' box, plus you may need to play with the 'Assume packets have FCS' setting and clicking on Apply till you hopefully see the decrypted packets.

If want to capture packets from machines other than the one you're capturing on you may also need to play with the promiscuous mode setting - trying both on and off in monitor mode.