The Network Miner tool is a handy little utility that works great on Windows. It sorta works on Linux. Doesn’t appear to be able to read the traffic coming off the interface, but you can drag and drop a pcap file on it. You can export a pcap file from wireshark, but it needs to be a pcap, not the newer default pcap Wireshark defaults to. Can change it in the “Save as:”
Install Prerequisites
sudo apt install mono-devel
Download and Configure
wget https://www.netresec.com/?download=NetworkMiner -O /tmp/NetworkMiner.zip sudo unzip /tmp/NetworkMiner.zip -d /opt/ cd /opt/NetworkMiner* sudo chmod +x NetworkMiner.exe sudo chmod -R go+w AssembledFiles/ sudo chmod -R go+w Captures/
Should be ready to launch.
Launch Network Miner
mono /opt/NetworkMiner*/NetworkMiner.exe
Further Thoughts and Reading
You could potentially get a live view of what is going on by using the “Receive Pcap over IP”
Maybe use something like
tcpdump -i wlan0 | nc localhost 57014
The following links should help and provide more information.
https://www.netresec.com/?page=Blog&month=2011-09&post=Pcap-over-IP-in-NetworkMiner