is a mitm penetration needed for this?

[bwana]

I do not know if this is the right place to ask this. I want to monitor the activity of the ipad in my lan. I know the wpa2 password (because I set it up). I would like to use another console (can you tell how old i am?) to intercept the traffic from the ipad to the router. Is wireshark the appropriate tool? Or is there a better way?

tnx.

[gunrunr]

you can use wireshark if you want, just make sure that the interface that you are listening on is connected to the same lan as the ipad is, and is in promiscuous mode. With wireshark you should be able to see all the remote connections, and the tcp syn and acks. if you to want to pick up more data such as logins and other information you could use ettercap and sslstrip, but if you were going to do that you would experience a bit of drain on the bandwidth for your ipad.

[thorin]

If its your LAN why not just setup a span port?

[bwana]

If its your LAN why not just setup a span port?

i guess because i'm stupid and don't know how to implement a span port on a cheap home router. But actually, i am using an actiontec MI424WR if that helps you explain what i should do.

also, i seem to remember an app that would reconstruct the packets so that i'd see a mirror image of what the target ip was seeing. but i forgot that trick. anyone remember?

[halfdone]

well you can set your wlan device to monitor mode and capture and decrypt traffic of do a mitm using arpspoof or ettercap

[bwana]

well you can set your wlan device to monitor mode and capture and decrypt traffic of do a mitm using arpspoof or ettercap

Well, it turns out the problem i was having is related to the fact that the ipad (and iphone) turn off wifi as soon as it goes to sleep. So, i can reconnect and arp poison and read the http packets just fine.

But does anyone remember the app that reconstructs what the user is seeing from all the packets?

[fashizzlepop]

Upside-Down-Ternet

Haven't tried I myself yet but I think this is what you want.

[thorin]

i guess because i'm stupid and don't know how to implement a span port on a cheap home router.

Sorry I was thinking a business setting. Though some home routers will let you do it as well, you have to lookup model specific info or go with dd-wrt or something similar.

But does anyone remember the app that reconstructs what the user is seeing from all the packets?

I'm pretty sure Wireshark has plugins for that or maybe you're thinking of something like Netwitness

NetWitness Investigator Software Download

The network is yours, we'll assume the iPad is yours (or you should simply prevent the person from connecting) so why not just run Wireshark (or similar) right on the iPad? (There's gotta be "an app for that")

[lupin]

Why do you want to do this? If its just out of interest in what the iPad sends you could temporarily turn off the wireless encryption and sniff that way. Or you could sniff the traffic after it gets to the Wireless Access Point given the correct hardware/software setup. Or you could try this guide to decrypting 802.11 traffic in Wireshark.

Wireshark will let you reconstruct certain sessions in the capture once the traffic is decrypted....

[bwana]

Why do you want to do this? ...

My kids use the ipad and unfortunately you cant install anything like netnanny,etc. to restrict surfing from it. Of course, I could put the forbidden websites into the router--there is a facility for that--but then all pcs in the house are blocked. So basically, I want to be able to check on where they've been on the net from time to time.