0

I'm using a macbook air with osx 10.8.4 and i want to sniff the packets in with same Wi-Fi network.

I installed the tcpdump and i can get my own machine's packages. But i can not get the packages of my iphone which is in the same wifi network.

I have done some research and find that i should use a param -I to start monitor mode. So i write a command

sudo tcpdump -In -i en0 host 192.168.1.102

192.168.1.102 is the ip of my iphone in the network. And after running the cmd, the wifi icon on my computer in the top bar add 'an eye' on it.

But unfortunately, when i surf the internet with my iphone, the tcpdump still shows nothing. Why?

aisensiy
  • 1,460
  • 3
  • 26
  • 42
  • "Shows nothing" as in "doesn't show any packets" or "shows nothing" as in "just shows packets identified as 802.11, not any TCP packets"? –  Jul 17 '13 at 19:29
  • Sorry, it means doesn't show any packets. – aisensiy Jul 18 '13 at 05:15
  • Is your network "protected" - i.e., is it encrypted, using WEP or WPA/WPA2? –  Jul 18 '13 at 23:30
  • @GuyHarris yes, it is encrypted, using WPA, so this is the reason? I found that my https request can not be captured either. – aisensiy Jul 19 '13 at 05:51

1 Answers1

2

If you capture in monitor mode on a protected (WEP or WPA/WPA2) network:

  • filters used when capturing that apply above the link layer, such as host 192.168.1.102, will not work, because the filter will be used with encrypted packets;
  • unless the program reading the capture can decrypt the packets, they will just show up as 802.11 Data packets, not as, for example, HTTP-over-TCP-over-IP packets.

tcpdump doesn't support decryption of encrypted 802.11 packets. Wireshark does, but, as the Wireshark "how to decrypt 802.11" page indicates, you need to supply the password for the network, you must either be using WEP or be using WPA/WPA2 Personal/Pre-Shared Key mode (WPA/WPA2 Enterprise/802.1X mode isn't supported) and, for WPA/WPA2, you must have, for any machine whose traffic is to be decrypted, the initial EAPOL handshake for the machine.