Wireshark mailing list archives
Re: Sniffing Wireless with Wireshark?
From: Raymond Jender <rayj00 () yahoo com>
Date: Sun, 1 Nov 2009 13:40:13 -0800 (PST)
I do not have Airpcap. It's a little pricey for me right now. I am in a Wi-Fi learning mode right now in preparation for certifying (CWNA/CWSP). Is there some open source equivalent to Airpcap? Or some freeware software? I also tried Wireshark promiscuous mode on and off. And I could not find where the "802.11 channel" option is in Wireshark? Is my Wireless adapter supposed to be shown in the Capture->Interfaces because it ain't! My Wireless NIC is the Realtek RTL8191SE Wireless LAN 802.11n PCI-E NIC. The Wireshark Capture Interfaces show: Microsoft, Realtek RTL8102/8103, and two VMware Ethernet Adapters. (I have Backtrack 4 loaded as a VM, again for wireless learning) The only interface I see packets on is the Microsoft one??? And no 802.11 packets. I have to believe this is the wireless NIC. I disconnected the ethernet cable. When I look at the details of the Capture Interface, the 802.11 tab is greyed out? I seem to missing something???? Thanks for all your help... Ray Windows 7 64 Bit --- On Sun, 11/1/09, wireshark-users-request () wireshark org <wireshark-users-request () wireshark org> wrote: From: wireshark-users-request () wireshark org <wireshark-users-request () wireshark org> Subject: Wireshark-users Digest, Vol 42, Issue 1 To: wireshark-users () wireshark org Date: Sunday, November 1, 2009, 2:00 PM Send Wireshark-users mailing list submissions to wireshark-users () wireshark org To subscribe or unsubscribe via the World Wide Web, visit https://wireshark.org/mailman/listinfo/wireshark-users or, via email, send a message with subject or body 'help' to wireshark-users-request () wireshark org You can reach the person managing the list at wireshark-users-owner () wireshark org When replying, please edit your Subject line so it is more specific than "Re: Contents of Wireshark-users digest..." Today's Topics: 1. Sniffing Wireless with Wireshark? (Raymond Jender) 2. Re: Sniffing Wireless with Wireshark? (Steve Evans) 3. Re: Sniffing Wireless with Wireshark? (Guy Harris) 4. Re: (-0.2) Sniffing Wireless with Wireshark? (Jack Jackson) 5. Re: Sniffing Wireless with Wireshark? (Steve Evans) 6. Re: Sniffing Wireless with Wireshark? (Guy Harris) ---------------------------------------------------------------------- Message: 1 Date: Sat, 31 Oct 2009 21:28:53 -0700 (PDT) From: Raymond Jender <rayj00 () yahoo com> Subject: [Wireshark-users] Sniffing Wireless with Wireshark? To: wireshark-users () wireshark org Message-ID: <716509.9395.qm () web36805 mail mud yahoo com> Content-Type: text/plain; charset="iso-8859-1" I am trying to use Wireshark to sniff 802.11g traffic.? I am successfully browsing over the air, but I cannot see any packets..? I am using version 1.2.3? on a Win 7 64 bit box. Thanks, Ray -------------- next part -------------- An HTML attachment was scrubbed... URL: http://www.wireshark.org/lists/wireshark-users/attachments/20091031/998cfb42/attachment.html ------------------------------ Message: 2 Date: Sat, 31 Oct 2009 21:42:53 -0700 (PDT) From: Steve Evans <sc_evans () yahoo com> Subject: Re: [Wireshark-users] Sniffing Wireless with Wireshark? To: Community support list for Wireshark <wireshark-users () wireshark org> Message-ID: <258366.8928.qm () web36805 mail mud yahoo com> Content-Type: text/plain; charset=iso-8859-1 Are you using PCAP (or similar) adapters? Are you scanning the correct channels? --- On Sun, 11/1/09, Raymond Jender <rayj00 () yahoo com> wrote:
From: Raymond Jender <rayj00 () yahoo com> Subject: [Wireshark-users] Sniffing Wireless with Wireshark? To: wireshark-users () wireshark org Date: Sunday, November 1, 2009, 12:28 AM I am trying to use Wireshark to sniff 802.11g traffic.? I am successfully browsing over the air, but I cannot see any packets..? I am using version 1.2.3? on a Win 7 64 bit box. Thanks, Ray -----Inline Attachment Follows----- ___________________________________________________________________________ Sent via:? ? Wireshark-users mailing list <wireshark-users () wireshark org> Archives:? ? http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users ? ? ? ? ? ???mailto:wireshark-users-request () wireshark org?subject=unsubscribe
------------------------------ Message: 3 Date: Sun, 1 Nov 2009 01:42:30 -0700 From: Guy Harris <guy () alum mit edu> Subject: Re: [Wireshark-users] Sniffing Wireless with Wireshark? To: Community support list for Wireshark <wireshark-users () wireshark org> Message-ID: <E331D4F0-26E2-484D-A659-D8169B42CFD8 () alum mit edu> Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes On Oct 31, 2009, at 9:42 PM, Steve Evans wrote:
Are you using PCAP (or similar) adapters?
Presumably by "PCAP (or similar) adapters" you mean "AirPcap (or similar) adapters": http://www.cacetech.com/products/airpcap.html Windows, prior to the adoption of "Native 802.11": http://msdn.microsoft.com/en-us/library/aa503061.aspx was not very friendly towards capturing on 802.11 networks, and, even with Native 802.11, capturing with WinPcap (the capture mechanism Wireshark uses on Windows) doesn't work all that well (WinPcap doesn't support NDIS 6, and thus doesn't support Native 802.11). With WinPcap, on 802.11 networks, you can capture with promiscuous mode off, and capture traffic to and from your machine, which will *probably* work; promiscuous mode might not work at all, and monitor mode isn't supported. AirPcap adapters are special (they don't plug into the normal Windows networking stack, so they can't be used as normal adapters to join a wireless network), and can capture (in what amounts to monitor mode) on Windows. ------------------------------ Message: 4 Date: Sat, 31 Oct 2009 22:50:31 -0700 From: Jack Jackson <jack () pebbleridge com> Subject: Re: [Wireshark-users] (-0.2) Sniffing Wireless with Wireshark? To: Community support list for Wireshark <wireshark-users () wireshark org> Message-ID: <20091101055032.D5190509D9 () mxout-08 mxes net> Content-Type: text/plain; charset="us-ascii"; format=flowed At 09:28 PM 10/31/2009, Raymond Jender wrote:
I am trying to use Wireshark to sniff 802.11g traffic. I am successfully browsing over the air, but I cannot see any packets.. I am using version 1.2.3 on a Win 7 64 bit box.
I would try it both with "Capture packets in promiscuous mode" turned on and off. ------------------------------ Message: 5 Date: Sun, 1 Nov 2009 07:42:33 -0800 (PST) From: Steve Evans <sc_evans () yahoo com> Subject: Re: [Wireshark-users] Sniffing Wireless with Wireshark? To: Community support list for Wireshark <wireshark-users () wireshark org> Message-ID: <53930.20366.qm () web36805 mail mud yahoo com> Content-Type: text/plain; charset=iso-8859-1
Presumably by "PCAP (or similar) adapters" you mean "AirPcap (or similar) adapters":
Correct. We've grown accustomed to calling them "PCAP" for short. --- On Sun, 11/1/09, Guy Harris <guy () alum mit edu> wrote:
From: Guy Harris <guy () alum mit edu> Subject: Re: [Wireshark-users] Sniffing Wireless with Wireshark? To: "Community support list for Wireshark" <wireshark-users () wireshark org> Date: Sunday, November 1, 2009, 3:42 AM On Oct 31, 2009, at 9:42 PM, Steve Evans wrote:Are you using PCAP (or similar) adapters?Presumably by "PCAP (or similar) adapters" you mean "AirPcap (or? similar) adapters": ??? http://www.cacetech.com/products/airpcap.html Windows, prior to the adoption of "Native 802.11": ??? http://msdn.microsoft.com/en-us/library/aa503061.aspx was not very friendly towards capturing on 802.11 networks, and, even? with Native 802.11, capturing with WinPcap (the capture mechanism? Wireshark uses on Windows) doesn't work all that well (WinPcap doesn't? support NDIS 6, and thus doesn't support Native 802.11).? With? WinPcap, on 802.11 networks, you can capture with promiscuous mode? off, and capture traffic to and from your machine, which will? *probably* work; promiscuous mode might not work at all, and monitor? mode isn't supported. AirPcap adapters are special (they don't plug into the normal Windows? networking stack, so they can't be used as normal adapters to join a? wireless network), and can capture (in what amounts to monitor mode)? on Windows. ___________________________________________________________________________ Sent via:? ? Wireshark-users mailing list <wireshark-users () wireshark org> Archives:? ? http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users ? ? ? ? ? ???mailto:wireshark-users-request () wireshark org?subject=unsubscribe
------------------------------ Message: 6 Date: Sun, 1 Nov 2009 11:29:00 -0800 From: Guy Harris <guy () alum mit edu> Subject: Re: [Wireshark-users] Sniffing Wireless with Wireshark? To: Community support list for Wireshark <wireshark-users () wireshark org> Message-ID: <986036C0-D1A8-4210-A195-8000D1A62B0E () alum mit edu> Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes On Nov 1, 2009, at 7:42 AM, Steve Evans wrote:
Presumably by "PCAP (or similar) adapters" you mean "AirPcap (or similar) adapters":Correct. We've grown accustomed to calling them "PCAP" for short.
Given that not everybody's familiar with that convention - I've never heard it, for example - and that "pcap" is also used to refer to libpcap/WinPcap (see the Wikipedia page for "pcap", for example), using the full name is probably a better idea on the list. ------------------------------ _______________________________________________ Wireshark-users mailing list Wireshark-users () wireshark org https://wireshark.org/mailman/listinfo/wireshark-users End of Wireshark-users Digest, Vol 42, Issue 1 **********************************************
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Re: Sniffing Wireless with Wireshark? Guy Harris (Nov 01)
- Re: Sniffing Wireless with Wireshark? Steve Evans (Nov 01)
- Re: Sniffing Wireless with Wireshark? Guy Harris (Nov 01)
- <Possible follow-ups>
- Re: Sniffing Wireless with Wireshark? Raymond Jender (Nov 01)
- Re: Sniffing Wireless with Wireshark? Guy Harris (Nov 01)
- Re: Sniffing Wireless with Wireshark? Guy Harris (Nov 01)
- Re: Sniffing Wireless with Wireshark? Guy Harris (Nov 01)
- Re: Sniffing Wireless with Wireshark? Steve Evans (Nov 01)