From version 5.0, the FortiAP has the feature to sniff wireless traffic using its radio. This feature is not present in version 4.0 MR3. This article provides a workaround to this and explains how to sniff traffic in the air using wireshark.
FortiAP running 4.0 MR3.
sudo apt-get install wireshark
airmon-ng <start|stop> <interface> [channel]
<start|stop> indicates if you wish to start or stop the interface. (Mandatory)
<interface> specifies the interface. (Mandatory)
[channel] optionally set the card to a specific channel.
To see the current status of the wireless NIC card, the command iwconfig can be used
root@root:~# iwconfig
lo no wireless extensions.
eth0 no wireless extensions.
wlan0 IEEE 802.11bgn ESSID:"SSID12"
Mode:Managed Frequency:2.412 GHz Access Point: Not-Associated
Tx-Power=20 dBm
Retry long limit:7 RTS thr=2347 B Fragment thr:off
Encryption key:off
Power Management:off
root@root:~# airmon-ng start wlan0
Interface Chipset Driver
wlan0 Unknown rtl8192ce - [phy0]
(monitor mode enabled on mon0)
root@root:~# iwconfig
lo no wireless extensions.
eth0 no wireless extensions.
wlan0 IEEE 802.11bgn ESSID:"SSID12"
Mode:Managed Frequency:2.412 GHz Access Point: Not-Associated
Tx-Power=20 dBm
Retry long limit:7 RTS thr=2347 B Fragment thr:off
Encryption key:off
Power Management:off
mon0 IEEE 802.11bgn Mode:Monitor Tx-Power=20 dBm
Retry long limit:7 RTS thr=2347 B Fragment thr:off
Power Management:on
root@root:~# wireshark &
To stop monitoring mode on the wireless NIC card, the following command can be used:
root@root:~# airmon-ng stop wlan0
It can be verified using iwconfig command:
root@root:~# iwconfig
lo no wireless extensions.
eth0 no wireless extensions.
wlan0 IEEE 802.11bgn ESSID:"SSID12"
Mode:Managed Frequency:2.412 GHz Access Point: Not-Associated
Tx-Power=20 dBm
Retry long limit:7 RTS thr=2347 B Fragment thr:off
Encryption key:off
Power Management:off
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.