Wireshark Monitor Mode Issue

I have Wireshark install on MacOS to which I have a wireless NIC and wired NIC. I select the checkbox for monitor mode for the wireless NIC in the ‘Capture - Options’ menu however it does not capture all the traffic on the network. What am I doing incorrectly?

How do you know it is not monitoring everything? Do you have a screenshot?

If I load a webpage from an iPad which is wireless, it does not show the TCP port 80 traffic at all. In addition I have a connected PC connected with an ethernet cable that traffic also does not show up. Only ARP and BROADCAST and alot of MULTICAST traffic shows up.

You wont be able to see traffic from other wifi clients by using your wifi card in “normal mode” using wireshark. The radio signal from wifi clients goes direct to the AP.

You can switch your wifi card into monitor mode (if it supports it) and see the encrypted radio traffic.



Then you need to de-crpyt the traffic with the password.


Which is why I run wireshark on the router/AP so you can see all the traffic without this hassle.

how might I run wireshark on my router? I am not able to install custom firmware as it is an Arris. Is there a work around?

You need to be able to run ssh on the router. If you cant do that then you cant do it. I show how to do it in the lectures.

I am unable when i ssh it says ssh: connect to host port 22: Network is unreachable

You will need to determine yourself if your router supports it. You may be able to enable it in the web GUI. I dont know your router. You may not be able to do it. Then you will have to use monitor mode.

My ARRIS SBG6782-AC is not capable of SSH. The ARRIS SBG6782-AC is a combined cable modem and router. I am going to buy another router that I can connect to this as I have found instructions here: http://www.wikihow.com/Connect-One-Router-to-Another-to-Expand-a-Network my final question on this matter - what router, make and model number do you recommend that I can install DRT custom firmware on it so that I can SSH into it?

Thats more of a cost question. I have this https://www.amazon.co.uk/NETGEAR-R7000-100UKS-Nighthawk-Dual-core-Processor/dp/B00HDK4GAK/ref=sr_1_1?ie=UTF8&qid=1481504752&sr=8-1&keywords=night+hawk+router

But make sure what you get has firmware available for it that you want to switch to.

These support WRT.


But these are more expensive because its pre-installed.

thanks I am going to order this https://www.flashrouters.com/routers/router-types/dd-wrt/netgear-wndr3700-ddwrt-router - this will be able to SSH and capture traffic as it is dd-wrt firmware i believe - final final question - i would be able to use my ARRIS SBG6782-AC as just a cable modem and just connect the Netgear WNDR3700 N600 DD-WRT FlashRouter to it so that the ARRIS SBG6782-AC would simply act as a cable modem and the Netgear WNDR3700 N600 DD-WRT FlashRouter as the router that I can SSH into.

Correct yes that should be the case.

HI Nathan I was able to get it working with DD-WRT and use the ssh root@ -tcpdump,etc however my question is all traffic from the SRC is coming from the router IP rather than the actual IP of the computer so I have no idea of where its coming from. Any way to fix this so that I can see the actual IP of each true SRC packet?