-1

I use a Ubuntu Linux Machine and promiscuous mode is on in my WiFi NIC.

These are the IP in my network

192.168.18.1 - My Router 192.168.18.2 - My Machine with Wireshark 192.168.18.3 - My Windows Machine (Victim)

I want to capture the packets that are transmitted through My windows machine and the WiFi router.

This is the output of ifconfig

>  wlp2s0: flags=4163<UP,BROADCAST,RUNNING,PROMISC,MULTICAST>  mtu 1500
>  inet 192.168.18.2  netmask 255.255.255.0  broadcast 192.168.18.255

The output of my lshw -C network

*-network
       description: Wireless interface
       product: RTL8822BE 802.11a/b/g/n/ac WiFi adapter
       vendor: Realtek Semiconductor Co., Ltd.
       physical id: 0
       bus info: pci@0000:02:00.0
       logical name: wlp2s0
       version: 00
       serial: d0:c5:d3:f4:37:71
       width: 64 bits
       clock: 33MHz
       capabilities: bus_master cap_list ethernet physical wireless
       configuration: broadcast=yes driver=rtw_pci driverversion=5.4.0-40-generic firmware=N/A ip=192.168.18.2 latency=0 link=yes multicast=yes promiscuous=yes>
       resources: irq:61 ioport:e000(size=256) memory:f7800000-f780ffff

You can see that I use an RTL8822BE adapter so do share your answer if it supports promiscuous mode

I have also given proper decryption keys still no luck !

Danwand N S
  • 172
  • 1
  • 10
  • Do ask for any additional data needs and Thanks in Advance ! – Danwand N S Aug 03 '20 at 09:42
  • Is the WiFi network secured? – Tomer Aug 03 '20 at 11:12
  • 1
    I added the word "WiFi" to your question because even using a "wired" adapter supporting promiscuous mode would not help: The switch would block packets from being sent to the NIC. So it is important to know that we talk about WiFi and not about a wired network. – Martin Rosenau Aug 03 '20 at 11:13
  • @Tomer Yes the WiFi network is secured. – Danwand N S Aug 03 '20 at 11:57
  • @MartinRosenau Thanks for the clarification of the question. The network is on Wi Fi – Danwand N S Aug 03 '20 at 11:58
  • What make you think that because wireshark is in promiscuous mode you can see the packets of the "victim" ? – Vidal Aug 03 '20 at 12:13
  • 1
    *I want to capture the packets that are transmitted through My windows machine and the WiFi router* then both devices need be connected on the network (wifi or not) and you need poison arp to be mitm to target and capture the packets.. btw this is off topic for SO unless your going to code somthing. – Lawrence Cherone Aug 03 '20 at 12:17
  • @Vidal Isn`t the promiscuous mode means the NIC should give up all the packets to the precessing unit irrespective of packets that weas ment for the MAC Address? – Danwand N S Aug 04 '20 at 03:19
  • @LawrenceCherone The router seems to have ARP mitigating features, ARP Poisoning is out of scope here, Also I do not wat to attack the network by MITM. I only need to sniff out the contents of data transmission, Also I am going to code in python so Im asking help for libraries of from where should I start this isn`t off topic Its just application level. – Danwand N S Aug 04 '20 at 03:31
  • @DanwandNS promiscuous you will see all the packets your interface receive, but the packets from other clients are sent to the gateway (router) , not to you. Unless you are on a bus network or you do a MIM you are not going to see anything. – Vidal Aug 04 '20 at 11:10

1 Answers1

1

I don't think what you ask for is possible. If the WiFi connection is protected then at most what you'll see are random (encrypted) bytes in the air. And even for that you will probably need to set your driver to Monitor Mode.

Tomer
  • 632
  • 3
  • 14