Wireshark mailing list archives
Re: 802.11 monitoring help
From: Frank Barta <fbarta () gmail com>
Date: Wed, 17 Feb 2010 11:59:23 -0500
I've seen some similar output behavior in Wireshark for Windows. I've not worked with the Linux version, so take these suggestions with a grain of salt: 1. Try disabling decryption. 2. Try toggling the various settings for "Ignore the protection bit". 3. Try Toggling the setting for "Assume Packets have FCS". You've likely already looked here, but in case you have not, there may be information in here which can help you: http://wiki.wireshark.org/CaptureSetup/WLAN . On Wed, Feb 17, 2010 at 11:44 AM, Thomas Morton < morton.thomas () googlemail com> wrote:
Hey all, Im working on something that has hit a brick wall - so hopefully some external help will point me in the right direction. The premise is thus: Im trying to monitor traffic on a wireless network. I have Wireshark running on Backtrack Linux and a Ubiquiti wireless card (which supports promiscuous mode). I have joined the network ok and wireshark is up and sniffing the network fine. It captures data from/to the local machine perfectly (as you would expect). The problem is when you introduce a new machine into the network. Wireshark DOES capture all data to/from the new machine but it refuses to display most of it in a recognizable format. Broadcast/Multicast stuff (like NBNS packets) are displayed correctly showing both the source/destination IP addresses and the packet contents. But the problem is that stuff like HTTP traffic is just displayed as, I think, the raw 802.11 packet - and nothing i can do will convince Wireshark to decode that. The packets are recognized as either LLC, SNA or (this last appears to be the HTTP data) 0x05f8. The source/destination are displayed as MAC addresses. I have tried adding WPA decryption keys to Wireshark as well (just in case...) with no joy. Version is 1.0.3. Any suggestions *very* gratefully accepted! Tom ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org ?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- 802.11 monitoring help Thomas Morton (Feb 17)
- Re: 802.11 monitoring help Frank Barta (Feb 17)
- Re: 802.11 monitoring help Thomas Morton (Feb 17)
- Re: 802.11 monitoring help Joerg Mayer (Feb 17)
- Re: 802.11 monitoring help Frank Barta (Feb 17)
- Re: 802.11 monitoring help Jaap Keuter (Feb 17)
- Re: 802.11 monitoring help Thomas Morton (Feb 18)
- Re: 802.11 monitoring help Gerald Combs (Feb 18)
- Re: 802.11 monitoring help Thomas Morton (Feb 18)
- Re: 802.11 monitoring help Frank Barta (Feb 17)