I'm using Wireshark on OSX, trying to sniff my home network over WiFi. While I can see packets that are sent to/from the host I'm sniffing on, I'm not seeing anything else that goes over the WiFi. It's like I'm not in promiscuous mode or something (the promiscuous mode box is in fact checked).
The router is an Apple Airport Extreme, protected by WPA2. I'm attached to the network I'm trying to sniff, so I'm confused about why I can't see other traffic.
Edit: I solved this by the following:
- Plug Macbook directly into the Airport Extreme router
- Enable "internet sharing" on Macbook, with no password.
- Bind wireless device (the one I wanted to sniff) to the WiFi hotspot generated by Internet sharing in step 2.
- Run Wireshark on the Macbook, bound to device en1.
Don't forget to disable sharing after you're done. :-)
Probably because it's acting like a switch. You might need to set it to bridged mode and plug it into a switch with a SPAN port or consider a network tap.
See last paragraph.
Most commodity WiFi+router devices are also cheap switches without management ports, and you need more than just promiscuous mode to decode the WPA2 session secrets of the packets for computers other than your own. (And KisMac is long dead. iStumbler doesn't seem to be quite as capable IME, and even so WPA2 is a stretch.)