Re: Sniffing Wireless with Wireshark?

[Guy Harris <guy () alum mit edu>]

On Oct 31, 2009, at 9:42 PM, Steve Evans wrote:

> Are you using PCAP (or similar) adapters?

Presumably by "PCAP (or similar) adapters" you mean "AirPcap (or  
similar) adapters":

        http://www.cacetech.com/products/airpcap.html

Windows, prior to the adoption of "Native 802.11":

        http://msdn.microsoft.com/en-us/library/aa503061.aspx

was not very friendly towards capturing on 802.11 networks, and, even  
with Native 802.11, capturing with WinPcap (the capture mechanism  
Wireshark uses on Windows) doesn't work all that well (WinPcap doesn't  
support NDIS 6, and thus doesn't support Native 802.11).  With  
WinPcap, on 802.11 networks, you can capture with promiscuous mode  
off, and capture traffic to and from your machine, which will  
*probably* work; promiscuous mode might not work at all, and monitor  
mode isn't supported.

AirPcap adapters are special (they don't plug into the normal Windows  
networking stack, so they can't be used as normal adapters to join a  
wireless network), and can capture (in what amounts to monitor mode)  
on Windows.
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe