802.11 monitoring help

[Thomas Morton <morton.thomas () googlemail com>]

Hey all,

Im working on something that has hit a brick wall - so hopefully some
external help will point me in the right direction.

The premise is thus:

Im trying to monitor traffic on a wireless network. I have Wireshark running
on Backtrack Linux and a Ubiquiti wireless card (which supports promiscuous
mode).

I have joined the network ok and wireshark is up and sniffing the network
fine. It captures data from/to the local machine perfectly (as you would
expect).

The problem is when you introduce a new machine into the network. Wireshark
DOES capture all data to/from the new machine but it refuses to display most
of it in a recognizable format. Broadcast/Multicast stuff (like NBNS
packets) are displayed correctly showing both the source/destination IP
addresses and the packet contents.

But the problem is that stuff like HTTP traffic is just displayed as, I
think, the raw 802.11 packet - and nothing i can do will convince Wireshark
to decode that.

The packets are recognized as either LLC, SNA or (this last appears to be
the HTTP data) 0x05f8. The source/destination are displayed as MAC
addresses.

I have tried adding WPA decryption keys to Wireshark as well (just in
case...) with no joy.

Version is 1.0.3.

Any suggestions *very* gratefully accepted!

Tom

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe