This howto mainly talks about sniffing wireless network. Sniffing ethernet traffic from/to your eeePC is much simpler. Just install wireshark.

As the eeePC runs linux, it is much more suited to sniff wireless networks than a windows box.

Key issue is that the wireless driver needs to support a concept called “monitor mode”. Most windows drivers do not do this, but a lot of Linux drivers do, including the wifi driver for the Atheros chipset in the eeePC.

And actually once you know how to do it, it is dead simple. A good tool for wireless sniffing is Wireshark. (www.wireshark.org). To install this you need to enable the debian feeds (see How to add a Debian Repository Next you can do a
apt-get install wireshark

Now you can monitor traffic to and from your wireless network. Promiscuous mode is supported.

However it is also possible to monitor the control signals from the access point (e.g. the beacon). This requires a monitor mode in the driver, which we fortunately have.

Get a shell (ctrl-alt-T)
Then type:

1. sudo wlanconfig ath0 destroy
2. sudo wlanconfig ath0 create wlandev wifi0 wlanmode monitor
3. sudo ifconfig ath0 up
4. sudo iwconfig ath0 channel 1
5. sudo wireshark

In step 4 you should replace the digit 1 with the number of the channel you want to monitor (normally between 1 and 11)
In wireshark now capture ath0.

Note that while doing this your wireless network is not available.

More info can be found in |this book chapter

For convenience, can create a script, e.g. /usr/bin/wirelessshark:

#!/bin/bash 
if [ "$1" = "" ] ; then 
echo "Usage: $0 <channel>" 
else 
	wlanconfig  ath0 destroy 
	wlanconfig ath0 create wlandev wifi0 wlanmode monitor 
	ifconfig ath0 up 
	iwconfig ath0 channel $1 
	wireshark 
fi 

After saving this file, you will have to make executable:
sudo chmod +x /usr/bin/wirelessshark
and then you can run, passing the desired channel number as an argument:

sudo wirelessshark 11