velocedge
Posts: 51
Joined: Mon Mar 28, 2016 5:57 pm

How sniff packets sent to another IP address on wlan0?

Wed Mar 10, 2021 2:46 pm

I've installed an npm package that uses mscdex/cap to sniff packets. Is it possible to sniff packets sent to a port on another computer/IP address?

Eirikur
Posts: 112
Joined: Sun Sep 09, 2018 9:43 pm

Re: How sniff packets sent to another IP address on wlan0?

Wed Mar 10, 2021 10:52 pm

You are saying you want to run a sniffer on computer A, the pi, and sniff packets sent by computer B to some computer C, right?
I always suggest reading up on how Ethernet works, but let me tell you something I learned when I wrote my own security scanner and sniffer: when you have an Ethernet switch in the network, as most home users do, a sniffer is probably not going to be able to see traffic going from computer B to computer C. That's because the "network" that computer A can see (in promiscuous mode) is only the Ethernet cable that runs from it to the router. Your internet router isn't a hub, it's a switch, so when computer B sends a packet to computer C or the internet, it is not copied to the other ports on the router.

Wireless sniffing is a different world entirely. WIFI acts like a cable to a switch, you can't even see the encrypted packets without subverting things below the network level.

Conventional sniffers like Wireshark (this is a really good tool) are not so useful today where connections are made to switches or over WIFI.

If there is a hack to let a sniffer see traffic on other switch ports, I don't know about it.

You can always replace your router (or its software) with OpenWRT or similar and been able to do anything you want in your own code.
I think that you still might not be able to see packets that are not sent to the MAC address of the router because the switch might be a chip that doesn't have to tell the linux kernel about what it is doing.

velocedge
Posts: 51
Joined: Mon Mar 28, 2016 5:57 pm

Re: How sniff packets sent to another IP address on wlan0?

Wed Mar 10, 2021 11:07 pm

Thanks for the update.. I do know how Ethernet works but I was hoping someone knew a way around things in a wireless network. I know it's been done but don't know how. I realize I didn't specify that the Pi was on wireless so my bad on that But anyway, you're basically saying you don't know how to do it on a WiFi network?

MiscBits
Posts: 249
Joined: Wed Jan 27, 2021 12:48 pm

Re: How sniff packets sent to another IP address on wlan0?

Thu Mar 11, 2021 2:05 am

Never tried it but it should be possible even under WPA and WPA2 security if you know the key.

Have a look though https://security.stackexchange.com/ques ... key-secure and http://www.wireless-nets.com/resources/ ... shark.html

Keep it legal and for problem determination please :oops:
Is a computer language with goto's totally Wirth-less?

velocedge
Posts: 51
Joined: Mon Mar 28, 2016 5:57 pm

Re: How sniff packets sent to another IP address on wlan0?

Thu Mar 11, 2021 9:46 am

Very interesting stuff... will look at it in much more detail and let you know what I find. Not doing anything bad here, all my own computers, my network.

velocedge
Posts: 51
Joined: Mon Mar 28, 2016 5:57 pm

Re: How sniff packets sent to another IP address on wlan0?

Thu Mar 11, 2021 3:01 pm

Found that node_pcap is capable of monitoring all devices but requires the wifi device to support "moniitor mode" which the Pi does not. I did find a firmware mod in nexmon that supports it but haven't tried it as yet. Sounds like with that, I can get what I need.

DaveHarper
Posts: 13
Joined: Sat Jan 16, 2016 8:28 pm

Re: How sniff packets sent to another IP address on wlan0?

Tue May 11, 2021 3:46 pm

This is a bit late, but I'm just starting to do what you're talking about. I found that I need to be in Monitor mode to do the capture and it looks like the patches only work with specific RPi boards and kernel versions. I had a spare Canakit WiFi dongle from a previous project so I plugged it in and found that it went into Monitor mode with no problems (this is on an RPi4). Amazon has it for under $10. Much easier than spending hours tracking down patches and installing them.

User avatar
HermannSW
Posts: 4120
Joined: Fri Jul 22, 2016 9:09 pm
Location: Eberbach, Germany
Contact: Website Twitter YouTube

Re: How sniff packets sent to another IP address on wlan0?

Wed May 12, 2021 4:44 am

https://github.com/Hermann-SW/wireless- ... -e52-drone
I used ettercap and wireshark on a Pi to capture traffic between smartphone and drone (via MITM Arp poisoning) and was able to decode v1 firmware protocol. You can find replay C code I used to get drone video stream on the Pi as well.

Image
https://stamm-wilbrandt.de/2wheel_balancing_robot
https://stamm-wilbrandt.de/en#raspcatbot
https://github.com/Hermann-SW/Raspberry_v1_camera_global_external_shutter
https://github.com/Hermann-SW/raspiraw
https://stamm-wilbrandt.de/en/Raspberry_camera.html

Return to “Networking and servers”