Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Sniffing Wireless with Wireshark?

From: Raymond Jender <rayj00 () yahoo com>
Date: Sun, 1 Nov 2009 13:40:13 -0800 (PST)

I do not have Airpcap.  It's a little pricey for me right now.  I am in a Wi-Fi learning mode right now in preparation 
for certifying (CWNA/CWSP).  Is there some open source equivalent to Airpcap?  Or some freeware software?

I also tried Wireshark promiscuous mode on and off.

And I could not find where the "802.11 channel" option is in Wireshark?

Is my Wireless adapter supposed to be shown in the Capture->Interfaces because it ain't!   My Wireless NIC is the 
Realtek RTL8191SE Wireless LAN 802.11n PCI-E NIC.

The Wireshark Capture Interfaces show:  Microsoft,  Realtek RTL8102/8103,  and two VMware Ethernet Adapters. (I have 
Backtrack 4 loaded as a VM, again for wireless learning)

The only interface I see packets on is the Microsoft one??? And no 802.11 packets.
I have to believe this is the wireless NIC.  I disconnected the ethernet cable.
When I look at the details of the Capture Interface, the 802.11 tab is greyed out?

I seem to missing something????

Thanks for all your help...

Ray
Windows 7 64 Bit


--- On Sun, 11/1/09, wireshark-users-request () wireshark org <wireshark-users-request () wireshark org> wrote:

From: wireshark-users-request () wireshark org <wireshark-users-request () wireshark org>
Subject: Wireshark-users Digest, Vol 42, Issue 1
To: wireshark-users () wireshark org
Date: Sunday, November 1, 2009, 2:00 PM

Send Wireshark-users mailing list submissions to
    wireshark-users () wireshark org

To subscribe or unsubscribe via the World Wide Web, visit
    https://wireshark.org/mailman/listinfo/wireshark-users
or, via email, send a message with subject or body 'help' to
    wireshark-users-request () wireshark org

You can reach the person managing the list at
    wireshark-users-owner () wireshark org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Wireshark-users digest..."


Today's Topics:

   1. Sniffing Wireless with Wireshark? (Raymond Jender)
   2. Re: Sniffing Wireless with Wireshark? (Steve Evans)
   3. Re: Sniffing Wireless with Wireshark? (Guy Harris)
   4. Re: (-0.2)  Sniffing Wireless with Wireshark? (Jack Jackson)
   5. Re: Sniffing Wireless with Wireshark? (Steve Evans)
   6. Re: Sniffing Wireless with Wireshark? (Guy Harris)


----------------------------------------------------------------------

Message: 1
Date: Sat, 31 Oct 2009 21:28:53 -0700 (PDT)
From: Raymond Jender <rayj00 () yahoo com>
Subject: [Wireshark-users] Sniffing Wireless with Wireshark?
To: wireshark-users () wireshark org
Message-ID: <716509.9395.qm () web36805 mail mud yahoo com>
Content-Type: text/plain; charset="iso-8859-1"


I am trying to use Wireshark to sniff 802.11g traffic.? I am successfully browsing over the air, but I cannot see any 
packets..? I am using version 1.2.3? on a Win 7 64 bit box.

Thanks,

Ray




      
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.wireshark.org/lists/wireshark-users/attachments/20091031/998cfb42/attachment.html 

------------------------------

Message: 2
Date: Sat, 31 Oct 2009 21:42:53 -0700 (PDT)
From: Steve Evans <sc_evans () yahoo com>
Subject: Re: [Wireshark-users] Sniffing Wireless with Wireshark?
To: Community support list for Wireshark
    <wireshark-users () wireshark org>
Message-ID: <258366.8928.qm () web36805 mail mud yahoo com>
Content-Type: text/plain; charset=iso-8859-1

Are you using PCAP (or similar) adapters? Are you scanning the correct channels?




--- On Sun, 11/1/09, Raymond Jender <rayj00 () yahoo com> wrote:


From: Raymond Jender <rayj00 () yahoo com>
Subject: [Wireshark-users] Sniffing Wireless with Wireshark?
To: wireshark-users () wireshark org
Date: Sunday, November 1, 2009, 12:28 AM

I am trying to use Wireshark to sniff 802.11g
traffic.? I am successfully browsing over the air, but
I cannot see any packets..? I am using version
1.2.3? on a Win 7 64 bit box.

Thanks,

Ray




       
-----Inline Attachment Follows-----

___________________________________________________________________________
Sent via:? ? Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:? ? http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
? ? ? ? ?
???mailto:wireshark-users-request () wireshark org?subject=unsubscribe



      


------------------------------

Message: 3
Date: Sun, 1 Nov 2009 01:42:30 -0700
From: Guy Harris <guy () alum mit edu>
Subject: Re: [Wireshark-users] Sniffing Wireless with Wireshark?
To: Community support list for Wireshark
    <wireshark-users () wireshark org>
Message-ID: <E331D4F0-26E2-484D-A659-D8169B42CFD8 () alum mit edu>
Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes


On Oct 31, 2009, at 9:42 PM, Steve Evans wrote:


Are you using PCAP (or similar) adapters?


Presumably by "PCAP (or similar) adapters" you mean "AirPcap (or  
similar) adapters":

    http://www.cacetech.com/products/airpcap.html

Windows, prior to the adoption of "Native 802.11":

    http://msdn.microsoft.com/en-us/library/aa503061.aspx

was not very friendly towards capturing on 802.11 networks, and, even  
with Native 802.11, capturing with WinPcap (the capture mechanism  
Wireshark uses on Windows) doesn't work all that well (WinPcap doesn't  
support NDIS 6, and thus doesn't support Native 802.11).  With  
WinPcap, on 802.11 networks, you can capture with promiscuous mode  
off, and capture traffic to and from your machine, which will  
*probably* work; promiscuous mode might not work at all, and monitor  
mode isn't supported.

AirPcap adapters are special (they don't plug into the normal Windows  
networking stack, so they can't be used as normal adapters to join a  
wireless network), and can capture (in what amounts to monitor mode)  
on Windows.


------------------------------

Message: 4
Date: Sat, 31 Oct 2009 22:50:31 -0700
From: Jack Jackson <jack () pebbleridge com>
Subject: Re: [Wireshark-users] (-0.2)  Sniffing Wireless with
    Wireshark?
To: Community support list for Wireshark
    <wireshark-users () wireshark org>
Message-ID: <20091101055032.D5190509D9 () mxout-08 mxes net>
Content-Type: text/plain; charset="us-ascii"; format=flowed

At 09:28 PM 10/31/2009, Raymond Jender wrote:


I am trying to use Wireshark to sniff 802.11g traffic.  I am successfully 
browsing over the air, but I cannot see any packets..  I am using version 
1.2.3  on a Win 7 64 bit box.


I would try it both with "Capture packets in promiscuous mode" turned on 
and off. 



------------------------------

Message: 5
Date: Sun, 1 Nov 2009 07:42:33 -0800 (PST)
From: Steve Evans <sc_evans () yahoo com>
Subject: Re: [Wireshark-users] Sniffing Wireless with Wireshark?
To: Community support list for Wireshark
    <wireshark-users () wireshark org>
Message-ID: <53930.20366.qm () web36805 mail mud yahoo com>
Content-Type: text/plain; charset=iso-8859-1



Presumably by "PCAP (or similar) adapters" you mean
"AirPcap (or  
similar) adapters":


Correct. We've grown accustomed to calling them "PCAP" for short.



--- On Sun, 11/1/09, Guy Harris <guy () alum mit edu> wrote:


From: Guy Harris <guy () alum mit edu>
Subject: Re: [Wireshark-users] Sniffing Wireless with Wireshark?
To: "Community support list for Wireshark" <wireshark-users () wireshark org>
Date: Sunday, November 1, 2009, 3:42 AM

On Oct 31, 2009, at 9:42 PM, Steve Evans wrote:


Are you using PCAP (or similar) adapters?


Presumably by "PCAP (or similar) adapters" you mean
"AirPcap (or? 
similar) adapters":

??? http://www.cacetech.com/products/airpcap.html

Windows, prior to the adoption of "Native 802.11":

??? http://msdn.microsoft.com/en-us/library/aa503061.aspx

was not very friendly towards capturing on 802.11 networks,
and, even? 
with Native 802.11, capturing with WinPcap (the capture
mechanism? 
Wireshark uses on Windows) doesn't work all that well
(WinPcap doesn't? 
support NDIS 6, and thus doesn't support Native
802.11).? With? 
WinPcap, on 802.11 networks, you can capture with
promiscuous mode? 
off, and capture traffic to and from your machine, which
will? 
*probably* work; promiscuous mode might not work at all,
and monitor? 
mode isn't supported.

AirPcap adapters are special (they don't plug into the
normal Windows? 
networking stack, so they can't be used as normal adapters
to join a? 
wireless network), and can capture (in what amounts to
monitor mode)? 
on Windows.
___________________________________________________________________________
Sent via:? ? Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:? ? http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
? ? ? ? ?
???mailto:wireshark-users-request () wireshark org?subject=unsubscribe




      


------------------------------

Message: 6
Date: Sun, 1 Nov 2009 11:29:00 -0800
From: Guy Harris <guy () alum mit edu>
Subject: Re: [Wireshark-users] Sniffing Wireless with Wireshark?
To: Community support list for Wireshark
    <wireshark-users () wireshark org>
Message-ID: <986036C0-D1A8-4210-A195-8000D1A62B0E () alum mit edu>
Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes


On Nov 1, 2009, at 7:42 AM, Steve Evans wrote:


Presumably by "PCAP (or similar) adapters" you mean
"AirPcap (or
similar) adapters":


Correct. We've grown accustomed to calling them "PCAP" for short.


Given that not everybody's familiar with that convention - I've never  
heard it, for example - and that "pcap" is also used to refer to  
libpcap/WinPcap (see the Wikipedia page for "pcap", for example),  
using the full name is probably a better idea on the list.


------------------------------

_______________________________________________
Wireshark-users mailing list
Wireshark-users () wireshark org
https://wireshark.org/mailman/listinfo/wireshark-users


End of Wireshark-users Digest, Vol 42, Issue 1
**********************************************



      
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: