Here are a few example use cases: Troubleshooting Network ConnectivityĮxamination of Application Layer Sessions (even when encrypted by SSL/TLS see below) Wireshark can be useful for many different tasks, whether you are a network engineer, security professional or system administrator. You don't need to worry about curl.Examples to Understand the Power of Wireshark However, as installed on your machine, it apparently does have a Web browser, so you could do the tests I wanted done without installing a browser, and, when you did so, it supported my guess as to what was happening. ("use curl to fetch a page from some site" means to use the curl command-line utility to fetch a page from an HTTP site that might be more convenient than installing a Web browser - given that Kali Linux is a distribution intended for use on machines used for testing network security, it might have a limited set of tools such as Web browsers. See the Wireshark page on decrypting 802.11 for details. Wireshark can decrypt 802.11 traffic, if you give it the password for the network and, for WPA/WPA2, if, for each host whose traffic it wants to decrypt, it sees the initial "EAPOL handshake" between the host and the access point. You're probably capturing on a protected network the 802.11 header isn't encrypted, so Wireshark is able to dissect the encrypted traffic as 802.11 traffic, but the payload is encrypted, so Wireshark can't even dissect it as IP traffic, much less TCP or HTTP, so it shows up as "802.11". If you are in monitor mode, the Wi-Fi adapter will see whatever traffic its radio receives however, unless that traffic is to or from your machine, it will, if has been encrypted at the 802.11 layer, not be decrypted by the adapter (and I'm not sure whether traffic to and from the host will be decrypted).Ī "protected" Wi-Fi network is a network that's using WEP or WPA/WPA2 on that network, traffic is encrypted, in a deliberate attempt to make traffic sniffing difficult. The packets you were seeing were probably mostly broadcast or multicast traffic, which your machine would see even if it weren't sending any requests out on the network. However, that traffic will, if it has been encrypted at the 802.11 layer, have been decrypted by the Wi-Fi adapter.
If you're not in monitor mode, the Wi-Fi adapter will see only traffic sent to and from your machine.
0 kommentar(er)
