Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: How to capture wireless?WiFI

From: Guy Harris <guy () alum mit edu>
Date: Sat, 19 Dec 2009 12:25:04 -0800

On Dec 18, 2009, at 4:04 PM, Roader wrote:


    My name is ErWei Zhang.I'm a wirshark user in China.I want to capture WIFI data.How to capture them?How to set 
wireshark?
    I used one tp-Link wireless adapter(wl-310).The operation system is Widows XP.


Unfortunately, Windows is not the best platform on which to capture Wi-Fi traffic.

See

        http://wiki.wireshark.org/CaptureSetup/WLAN#head-02456742c655394c9e948a4c9a59d3441c92782f

for details.


    Yesterday,I used wireshark capture some wifi data. But I think it didn't capture all I want.It contain some ARP 
data,not have IEEE 802.11data. Why?


Because WinPcap doesn't support the Native 802.11 mechanism in Vista and later (which might also be in later service 
packets of Windows XP).  Even if it did (making it do so would be a significant change), in order to capture non-data 
frames and to see the 802.11 headers on data frames, the driver for your wireless adapter would *also* have to support 
Native 802.11, and not all of them necessarily do (especially on Windows XP).

In addition, in order to capture that traffic, the adapter would have to be put into monitor mode, which would, on 
Windows, disassociate you from whatever network you're associated with, at least according to Microsoft:

        http://msdn.microsoft.com/en-us/library/aa503132.aspx

which might not be what you want.

If you want to capture 802.11 traffic on Windows, you might want to try using CACE Technologies' AirPcap devices:

        http://www.cacetech.com/products/airpcap.html

They don't function as regular 802.11 adapters, so you'd still need your TP-LINK adapter.
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: