Does anyone know, if I'm on a WPA2-PSK wi-fi, do other devices that are also on the same network can "sniff" my traffic.
For unprotected networks it's obvious, but what about protected?
Yes, if you know the PSK (=password) and can capture the initial handshake (which is easy, since you can just force-disconnect a client so it has to do a new one) you can decrypt it. (If I remember correctly, Wireshark has this built in, so you can try it for yourself if you are curious)
I'm assuming you mean a malicious device can force a deauth on another client (or more usually, all other clients) and then capture the packets as they reconnect. If so, is there a way to detect this? Is there any way to protect against this? I'm assuming client isolation makes it more difficult.
Apparently since I last looked into it, "Protected Management Frames" from 802.11w are a bit better supported (in non-professional APs), which solve this issue by not allowing "anonymous" deauthentication. (requires support on both clients and AP though)
You of course can monitor for deauthentication packets, but unless you know when/if your AP is sending them during normal operation you can't make sure that an individual occurrence is an attack or not. If someone floods them, it's easier to tell of course.
If you want to protect individual traffic in a network you have to share access/are worried about passwords getting lost, the best solution is to go to WPA2 Enterprise with per-device credentials. On CCC-run hacker events they even use it for the "open" WLAN, and just accept any username and password.
As far as I know, they can [1]. Once you're connected to the network you can sniff out everything from clients that connect after you.
The standard response to this is that you're safe since the eavesdropper needs to know the shared key. You can look into setting up WPA2-Enterprise if you're worried about that. FreeRADIUS doesn't seem particularly hard to configure.
