There are wireless add ons to wireshark. That said here wanted to play with the wireless DECT stuff and noticed much of this stuff is difficult to find.

That said there are many ISO boot disk (all tools) out there in internet landia used for this sort of stuff.

Off on tangent...(again?)....

Googling found this one....Network Security Toolkit Note this is all encompassing.

Check out a DIY SDR modded radio using a typical $10 USD EU style TV / radio USB stick. (modded of course).

You can even sniff (out of curiosity) your local ISP connection and all of the folks using the internet next door to you with certain tools (not wireless).

It used to be very mickey mouse where the typical ISP vendor left the defaults on (logon and pasword) for accessing their internet edge routers....funny in a way...but they assumed nobody was looking or even cared to look.

Does the AP for your Wifi go through a switch, and does that switch have "mirroring" capabilities? That's what I do when I need to "sniff" a particular device. Have to have a managed switch typically though.

Z

Pete, this is Wifi data I want to check. Some bytes are being sent on a port to an IP-address. I know the IP, but I don't know the port or the bytes. Trying to read the wireless signals (if I understand the link correctly) is cool, but I don't think it's for me...



vasrc, I'm not sure if my Asus AC-RT66U can do that, but my router might change as soon as tomorrow! I'm told that this might be the way to go.


... and I've received a tip that this app (as the sous vide machine does have an Android app) might help:
https://play.google.com/store/apps/d...rts.sslcapture

Pete, this is Wifi data I want to check. Some bytes are being sent on a port to an IP-address. I know the IP, but I don't know the port or the bytes. Trying to read the wireless signals (if I understand the link correctly) is cool, but I don't think it's for me...

Understood Magnus. Yeah you really just want to see the network traffic connected to the port on the network switch.

as vasrc mentions best way to do this is to mirror the port to another port just to sniff the traffic. Typically this is a default feature on a managed switch.

Typically the off the shelf combo router, switch, AP, firewall device doesn't offer port mirroring.

That said Googling OpenWRT/DD-WRT indicates that you can do port mirroring with a modded to OpenWRT router and utilizing iptables' ROUTE target.

For example (via command line)

iptables -t mangle -A POSTROUTING -d 192.168.1.100 -j ROUTE --tee --gw 192.168.1.101

iptables -t mangle -A PREROUTING -s 192.168.1.100 -j ROUTE --tee --gw 192.168.1.101

This commands will make a copy of network traffic that have source and destination 192.168.1.100 and will send it to 192.168.1.101. On 192.168.1.101 can be run wireshark in order to sniff the traffic made by 192.168.1.100.

You can use:
iptables -t mangle -A POSTROUTING -d 0.0.0.0/0 -j ROUTE --tee --gw 192.168.1.101

iptables -t mangle -A PREROUTING -s 0.0.0.0/0 -j ROUTE --tee --gw 192.168.1.101

for copying all network traffic and sending it to 192.168.1.101, but i don't recommend it. You router will run slower. You should send only what you want to sniff.

Here using el cheapo TP-Link managed 24 port Gb switches. Attached is what the GUI looks like to set up port mirroring. Switch is tiny and runs cool. I have one in the Leviton can, never gets hot.

Much like a wired network card has to be placed in promiscuous mode a wireless network card has to be placed in monitor mode to gather packets from comms that it is not a part of. Getting into monitor mode is hardware and OS dependent so Wireshark doesn't do it for you while it usually does handle promiscuous mode. If your hardware is capable it is a quick Google and a command or two. Plus don't forget about the channels with wireless.

I'll look into the router option later tonight. There's a discussion whether my router (Asus AC-RT66) does support it with the Merlin firmware or not, but a fellow home enthusiast will introduce me to a MicroTik router later tonight that has this option.

I WILL figure out how, somehow. The automatic kitchen is a dream that has to come true!

did you work this out? im considering the bluetooth one. i realize thats a different set of issues but still.

No, I did not. At least not yet.
I upgraded my router to one that does support packet sniffing, only to discovered that the traffic is encrypted and sent to Amazons S3 service, because they want the app to work everywhere.

I see why, but I can't understand why they can't offer an API to the local network!


I would still get the Bluetooth+Wifi option. Because there is still a chance they will release an API in the future.

One of the simplest ways to use wireshark, once you have a PC with a known-compatible Ethernet interface, is to use a 100mb Ethernet [b]hub]/b]. Not a switch.

With a hub all traffic is heard across all connected devices. This is generally not a desired situation, as collisions slow down network speeds. But for testing/sniffing with wireshark it's a great solution. Sniffing wireless traffic can be done by plugging a wireless access point into the hub and connecting any wireless devices through that. The advantage here is you don't have to do anything to configure anything other than having the access point temporarily on the hub. Nothing else needs reconfiguring.

Obviously, if you're using a router that has wifi built-in then you'd need to get a separate access point. Or hope to learn how to re-program it to allow sniffing traffic. That and you'd need to buy a hub.

Personally I find it simpler to take this transparent approach rather than the typically arduous and error-prone efforts to reprogram router networking tables.