This howto mainly talks about sniffing wireless network. Sniffing ethernet traffic from/to your eeePC is much simpler. Just install wireshark.
As the eeePC runs linux, it is much more suited to sniff wireless networks than a windows box.
Key issue is that the wireless driver needs to support a concept called “monitor mode”. Most windows drivers do not do this, but a lot of Linux drivers do, including the wifi driver for the Atheros chipset in the eeePC.
And actually once you know how to do it, it is dead simple. A good tool for wireless sniffing is Wireshark. (www.wireshark.org). To install this you need to enable the debian feeds (see How to add a Debian Repository Next you can do a
apt-get install wireshark
Now you can monitor traffic to and from your wireless network. Promiscuous mode is supported.
However it is also possible to monitor the control signals from the access point (e.g. the beacon). This requires a monitor mode in the driver, which we fortunately have.
Get a shell (ctrl-alt-T)
Then type:
In step 4 you should replace the digit 1 with the number of the channel you want to monitor (normally between 1 and 11)
In wireshark now capture ath0.
Note that while doing this your wireless network is not available.
More info can be found in |this book chapter
For convenience, can create a script, e.g. /usr/bin/wirelessshark:
#!/bin/bash if [ "$1" = "" ] ; then echo "Usage: $0 <channel>" else wlanconfig ath0 destroy wlanconfig ath0 create wlandev wifi0 wlanmode monitor ifconfig ath0 up iwconfig ath0 channel $1 wireshark fi
After saving this file, you will have to make executable:
sudo chmod +x /usr/bin/wirelessshark and then you can run, passing the desired channel number as an argument:
sudo wirelessshark 11