Page 1 of 1

wireshark with alfa awus036enh

Posted: Thu Sep 22, 2016 8:00 pm
by tadd
I want to monitor traffic to and from a MSWindowsPC on Ethernet and a couple TI CC3200 WiFi devices. They are associated with a local TP-LINK Access Point under my control and the security is specified by the TP-LINK as WPA2-PSK AES . The PC and TI CC3200s are talking back and forth using UDP and TCP on demand. I even got NTP on the TI CC3200s to go off to an Internet source and that works. The TI devices can UDP and TCP to each other via WIFI, or to the PC via Wifi to Ethernet.

I have used Wireshark on a previous project to listen in to a USB device on a MSWindows7 platform. .
Wireshark seems like the appropriate tool for this too. I was advised to use a Linux box and an Alfa awus036enh WiFi dongle.
I'm willing to take correction on any of this.
----
The short of it is, I can't get WireShark to show any traffic at all on wlan1, much less showing my TI CC3200 devices. I also have never seen my access point's IP address 10.0.0.1 show on wlan1 in ifconfig. I'm not sure that's required but I suspect it is. I may have specified the security wrong. Not sure about wpa.conf. see below.
---

So.. I have Jessie installed on a Raspberry PI and I have some meager experience playing with Linux. I'm logged in as user "pi".
I have wireshark installed (as of yesterday) and running (sudo apt-get install...) and have the alfa WiFi dongle plugged into a powered hub and then into the Raspberry PI 3. The Raspberry PI 3 is communicating via Ethernet into a switch which is then plugged into the LAN port of the WIFI router whose ssid is "tadd" and whose IP address is 10.0.0.1. I have a monitor plugged into the Raspberry PI but so far I've been able to use Remote Desktop Connection on the PC to run the Raspberry PI's GUI and PUTTY to SSH into the Raspberry PI.

lsusb shows
[email protected]3:~ $ lsusb
Bus 001 Device 008: ID 148f:3070 Ralink Technology, Corp. RT2870/RT3070 Wireless Adapter
Bus 001 Device 007: ID 1a40:0101 Terminus Technology Inc. 4-Port HUB
Bus 001 Device 006: ID 1a40:0201 Terminus Technology Inc. FE 2.1 7-port Hub
Bus 001 Device 003: ID 0424:ec00 Standard Microsystems Corp. SMSC9512/9514 Fast Ethernet Adapter
Bus 001 Device 002: ID 0424:9514 Standard Microsystems Corp.
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
[email protected]:~ $


ifconfig shows:
[email protected]:~ $ ifconfig
eth0 Link encap:Ethernet HWaddr b8:27:eb:4e:8e:df
inet addr:10.0.0.200 Bcast:10.0.0.255 Mask:255.255.255.0
inet6 addr: fe80::e53b:ebcb:a184:f13/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:137081 errors:0 dropped:3 overruns:0 frame:0
TX packets:186529 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:61000511 (58.1 MiB) TX bytes:234116385 (223.2 MiB)

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:475673 errors:0 dropped:0 overruns:0 frame:0
TX packets:475673 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:1448001274 (1.3 GiB) TX bytes:1448001274 (1.3 GiB)

wlan0 Link encap:Ethernet HWaddr b8:27:eb:1b:db:8a
inet6 addr: fe80::46ab:16be:2133:a98/64 Scope:Link
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:6853 errors:0 dropped:5819 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2662099 (2.5 MiB) TX bytes:0 (0.0 B)

wlan1 Link encap:UNSPEC HWaddr 00-C0-CA-8F-ED-D2-30-30-00-00-00-00-00-00-00-00
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:63798 errors:0 dropped:63306 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:15130349 (14.4 MiB) TX bytes:0 (0.0 B)

I'm pretty sure wlan1 is the alfa and wlan0 is the Raspberry PI 3's built in WiFi.

I saw on a barely related thread that I should create a /etc/wpa.conf file, so I did. it looks like this:
[email protected]:~ $ cat /etc/wpa.conf
network={
ssid="tadd"
proto=RSN
key_mgmt=WPA-PSK
pairwise=COMP TKIP
group=COMP TKIP
psk="arbitrary"
}

I have been trying to run wireshark as a gui application. I start it by launching terminal and typing wireshark
I'm pretty good with vi, cat, grep and so on.

-----
What should I do next?
Thanks for any help!
Tadd