I cannot find any issue with the setup or the device. I did this a few months ago at a workshop and it worked great we saw tons of HTTP traffic flying around.įor most of the same type of questions I've seen asked elsewhere, the problem had to do with the person being associated to a network or that they were on an encrypted network and weren't entering the key properly. I am not associated or authenticated to any AP. Im using it on 12. Anyway, I cant seem to get Wireshark into monitor mode on Ubuntu. But Ive scoured as best I could & didnt find a discussion that solved my problem. In both cases, I get the same result: kismet and wireshark will see all the broadcast packets from the APs around me, but never any ICMP or HTTP traffic I'm creating from other clients in order to test. I debated posting this because it has been addressed already at some level, probably more than once. When using airmon-ng to create a mon0 interface that is in monitor mode, I use mon0. When I use iwconfig to put the card into monitor mode manually, I use the interface wlan0 in wireshark and kismet. Retry long limit:7 RTS thr:off Fragment thr:off When using iwconfig, I can verify wlan0 is in monitor mode: wlan0 IEEE 802.11bg Mode:Monitor Frequency:2.437 GHz Tx-Power=27 dBm I have tried both putting wlan0 into monitor mode manually using: # ifconfig wlan0 downĪnd also using airmon-ng to create a mon0 device: # airmon-ng start wlan0 6 I've made sure the wireless card is on channel 6, the same channel my open network is on. RTL8187 Wireless Adapterīus 001 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub Relevant commands and their outputs are listed below: # lsusbīus 001 Device 009: ID 0bda:8187 Realtek Semiconductor Corp. The USB wireless card I listed (Alfa AWUS036H) is using the rtl8187 driver. I have tested more configurations than I can list, but I'll try to give a good idea of what I've done. The computer I am sniffing from is not connected to any network. The clients that I have set up running pings and http traffic are connected to an open wireless g network. This is the case in kismet, wireshark 1.2.x, 1.4.x, and 1.8.x, and my own packet reader program that uses libpcap. I can't seem to make it work: The packets to and from the virtual machine seem to be invisible. The problem is that while I'm running wlan0 in monitor mode, I only see broadcast packets (I see ARPs, DHCP transactions, beacons, and other random management and data packets that are being broadcast or multicast). worksofcraft wrote: I want to asses downloads for malicious malware by installing them on a virtual machine and then using wireshark on the host computer or in another virtual machine to monitor network traffic. Enter grantee code: UQ2, product code: AWUS036H, then clicking "detail" and then "internal photos"). Lenovo W530 laptop running Backtrack 5 r2Īlfa AWUS036H - FCC ID UQ2AWUS036H (you can verify RTL8187L chipset at.was just trying it to see behavior.Īny insight/suggestions on how I can get all the packets hitting the physical interface of the host fully passed on to the guest would be appreciated.I have pretty much exhausted every link I have found on google regarding this topic, and I'd like some of the most experienced eyes on the problem, because something obscure must be going on. I didn't see it clarified in the docs, but I'm guessing VM only means traffic between the VMs, and not traffic with another VM and outside? I don't care as much about VM traffic, though. Oddly, when I set it to VMs Only, I don't see the traffic to the other VM. "All" suggests to me this should be possible. Aside from bridging the interface, and enabling promiscuous mode all, is there something I'm missing here? Why can't the guest OS see the packets that are hitting the physical interface? Is it something about MacOS that is not letting the VirtualBox process see all packets? Is this possible? The fact that VirtualBox has an option for "VMs only" vs. My expectation is that the guest should see all the same packets that host does on that network interface. I've seen people talk about how VirtualBox creates the software network interface and bridges, but it's been unclear to me how that is (or should be) affecting the passing of packets from the physical interface through to the guest. The guest seems to only see traffic related to the other guest I have, and various broadcast traffic on the network. The Host can see all the packets expected (using tcpdump -i en6 shows packets for everything on the uplink). Network layout Screen Shot at 4.05.12 PM.jpg (125.77 KiB) Viewed 4095 times
0 Comments
Leave a Reply. |