Wireshark mailing list archives
Re: cannot capture packetsfromwifirouter(NetgearWNDR3700).
From: Philip Anil-QBW348 <anil.philip () motorolasolutions com>
Date: Tue, 6 Dec 2011 11:35:57 -0500
I had upgraded to ubuntu 11.10. $ dpkg --get-selections | grep libpcap libpcap0.8 install
From the above, is it using libpcap 0.8 ?
Anil -----Original Message----- From: wireshark-users-bounces () wireshark org on behalf of Guy Harris Sent: Tue 12/6/2011 3:03 AM To: Community support list for Wireshark Subject: Re: [Wireshark-users] cannot capture packetsfromwifirouter(NetgearWNDR3700). On Dec 5, 2011, at 2:49 PM, Philip Anil-QBW348 wrote:
I tried to check the checkbox. As I depress the box, it grays out and then re-enables. (almost as though it is being disabled, cleared and then re-enabled).
OK, this is a combination of several problems:
1) Ubuntu 10.10 (and, I think, the Debian release from which it's built) does not build libpcap 1.1.1 with
libnl, which means that libpcap's monitor-mode APIs don't support the Shiny New mac80211 Mechanism, and end up using
the old Wireless Extensions stuff;
2) libpcap 1.1.1's code to use the old Wireless Extension stuff to handle monitor mode had a number of bugs,
which means that its monitor-mode APIs don't work correctly when using the old Wireless Extension stuff, and cause
dumpcap to report an error;
3) Wireshark wasn't reporting the error it got from dumpcap in that case - it was briefly disabling the
"monitor mode" checkbox (because its attempt to get information such as the link-layer header types in monitor mode
failed because libpcap couldn't put the interface in monitor mode), then clearing the checkbox (because it failed to
put the interface in monitor mode), and then re-enabling it (because the API it originally used to check whether
monitor mode was supported *without* actually attempting to put the interface into monitor mode said monitor mode *is*
supported).
I've checked into the trunk and 1.6 branches a fix for the third problem; it should now pop up an error message box if
you try to check the monitor mode checkbox on platforms with the libpcap problems in question. The error message will
refer you to the CaptureSetup/WLAN page in the Wireshark Wiki:
http://wiki.wireshark.org/CaptureSetup/WLAN
but it should really specifically refer you to
http://wiki.wireshark.org/CaptureSetup/WLAN#Linux
I'll fix it to do so later. The 1.6 branch changes should also go into 1.4, so they show up in the next 1.4.x release
as well as the next 1.6.x releasxe.
I've checked into the libpcap trunk and 1.2 branches a fix for the second problem, so they should show up in any future
1.2.x release (there are enough bug fixes that tcpdump.org should consider doing a 1.2.x release - and announce it so
that various OSes pick it up) as well as any 1.3.0 release when it comes out. When that'll happen, I don't know, and I
don't know whether any of the Linux distributions with this issue would pick it up as an update to existing releases or
whether you'd have to wait for a future release. Given that anything short of Sid appears to have Wireshark 1.*2*.x as
the Wireshark version, people who run into this are probably building Wireshark from source anyway, so they might end
up picking up the fix for the third problem - monitor mode won't work well with the checkbox or the -I option, but at
least it'll let you know something went wrong and point you at the Wireshark Wiki, which suggests using airmon-ng in
that case.
I've sent mail to Romain Francoise (is there supposed to be a cedilla there?), the Debian maintainer for libpcap, about
the first problem. Hopefully the fix is as simple as declaring libnl to be one of libpcap's dependencies.
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users () wireshark org>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request () wireshark org?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- Re: cannot capture packets from wifi router(Netgear WNDR3700). Philip Anil-QBW348 (Dec 01)
- Re: cannot capture packets from wifi router(Netgear WNDR3700). Guy Harris (Dec 01)
- Re: cannot capture packets from wifirouter(Netgear WNDR3700). Philip Anil-QBW348 (Dec 01)
- Re: cannot capture packets from wifirouter(Netgear WNDR3700). Guy Harris (Dec 01)
- Re: cannot capture packets fromwifirouter(Netgear WNDR3700). Philip Anil-QBW348 (Dec 02)
- Re: cannot capture packets fromwifirouter(Netgear WNDR3700). Guy Harris (Dec 02)
- Re: cannot capture packets fromwifirouter(NetgearWNDR3700). Philip Anil-QBW348 (Dec 05)
- Re: cannot capture packets fromwifirouter(NetgearWNDR3700). Guy Harris (Dec 06)
- Re: cannot capture packetsfromwifirouter(NetgearWNDR3700). Philip Anil-QBW348 (Dec 06)
- Re: cannot capture packetsfromwifirouter(NetgearWNDR3700). Anders Broman (Dec 06)
- Re: [Wireshark-users] cannotcapture packetsfromwifirouter(NetgearWNDR3700). Philip Anil-QBW348 (Dec 06)
- Re: cannot capture packets from wifi router (Netgear WNDR3700). Guy Harris (Dec 06)
- Re: cannot capture packets from wifi router(Netgear WNDR3700). Philip Anil-QBW348 (Dec 07)
- broken wiki link Philip Anil-QBW348 (Dec 09)
- Re: broken wiki link Chris Maynard (Dec 09)
- Re: cannot capture packets from wifirouter(Netgear WNDR3700). Philip Anil-QBW348 (Dec 01)
- Re: cannot capture packets from wifi router(Netgear WNDR3700). Guy Harris (Dec 01)