> If so, have you followed the instructions to put the NIC into *monitor* mode on Linux?
>
> https://wiki.wireshark.org/CaptureSetup/WLAN#Linux
>
> Promiscuous mode doesn't suffice on Wi-Fi.
Ah, I was unaware of this fact... I do not believe that my hardware on the laptop is supported:
% sudo airmon-ng start wlan0
Found 1 processes that could cause trouble.
If airodump-ng, aireplay-ng or airtun-ng stops working after
a short period of time, you may want to kill (some of) them!
PID Name
139 wpa_supplicant
PHY Interface Driver Chipset
null wlan0 rtl8192cu Realtek Semiconductor Corp. RTL8188CUS 802.11n WLAN Adapter
> Note, however, that, if you capture in monitor mode on a protected network (using WEP or WPA/WPA2), the traffic will be encrypted, and you will need to give Wireshark enough information in order to decrypt it:
>
> https://wiki.wireshark.org/HowToDecrypt802.11
>
> (yes, 802.11 was *intentionally designed* to be hard to sniff!). That also means that:
>
> > * I have tried capturing without a filter present (all traffic) and also specifically targeting the iphone address with this filter, "host 192.168.1.203" which is the ip address of the iphone.
>
> ...in monitor mode, the capture filter will not be able to do anything with the encrypted payload, so filters such as "host 192.168.1.203" won't work.
Thanks for the info here too. Perhaps I should just drop it :/
