Capturing TCP packets on a wireless network

[freeurmind111]

Hi,

My question concerns sniffing in my local wireless network.

So I would like to test in my home network the cookie stealing and session hijacking attack.
The thing is that I want to do it over wifi. I know that on a simple lan wired network it's not a big deal since it's easy to sniff TCP packets containing the session cookies (and there is a tool Firesheep which makes it even easier). I noticed though, that it seems much harder to do on a wifi network.

I'm using Wireshark and when another computer in my network is comunicating with a website the only thing I see are LLC frames. Inside the LLC frames is a Data field which contains some weird ascii (possibly encrypted) string.

My question is: how can I decrypt these LLC frames in order to get the content of the TCP packets?

P.S. my wifi is WPA protected (and of course I have the WPA password of this network)

P.S.2 I'm guessing that it is possible to do a MITM attack but I was wondering if it is the only way to tackle this problem

-- Fri Jun 01, 2012 1:13 am --

After some searching and googling I'm answering myself (but correct me if I'm wrong).
In a WPA protected wireless network every computer's connection is ciphered with a session key (only the broadcast frames are readable for all PCs in the network).
If I'm not wrong, if I am able to capture the handshake of a connection and I have the PSK key, than I can use airdecap-ng to decrypt someone else's frames and thus get the plain TCP and HTTP packets.

[AlCapwn0]

If you posted the code, or just a string of it, I could tell you its encryption.

[0phidian]

I beleive on wifi that you have to do man in the middle or else all you will see are your own packets and a bunch of ARP requests. What your seeing is probably your own packets. I'm not sure about the WPA stuff but MITM has always worked for me. Use ARP spoofing make the target think you are the router, and if you want to get around ssl(https) then look into sslstrip.