Re: cannot capture packets fromwifirouter(NetgearWNDR3700).

[Philip Anil-QBW348 <anil.philip () motorolasolutions com>]

ok, I stopped monitor mode by trying the following
 sudo airmon-ng stop wlan0

Interface       Chipset         Driver

wlan0           Intel 4965/5xxx iwlagn - [phy0]
                                (monitor mode disabled)

(I also tried sudo airmon-ng stop mon0)

started wireshark

sudo wireshark

Capture|Options
I notice that monitor mode checkbox is unchecked.
 promiscuous mode checkbox is checked.

I tried to check the checkbox. As I depress the box, it grays out and then re-enables.
(almost as though it is being disabled, cleared and then re-enabled).

Help|About shows:
--------------

Version 1.6.2

Copyright 1998-2011 Gerald Combs <gerald () wireshark org> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (32-bit) with GTK+ 2.24.6, with GLib 2.29.92, with libpcap 1.1.1, with
libz 1.2.3.4, with POSIX capabilities (Linux), without libpcre, with SMI 0.4.8,
with c-ares 1.7.4, with Lua 5.1, without Python, with GnuTLS 2.10.5, with Gcrypt
1.5.0, with MIT Kerberos, with GeoIP, with PortAudio V19-devel (built Jul 27
2011 11:30:44), without AirPcap.

Running on Linux 3.0.0-13-generic-pae, with libpcap version 1.1.1, with libz
1.2.3.4, GnuTLS 2.10.5, Gcrypt 1.5.0.

Built using gcc 4.6.1.

Anil

-----Original Message-----
From: wireshark-users-bounces () wireshark org on behalf of Guy Harris
Sent: Fri 12/2/2011 8:22 PM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] cannot capture packets fromwifirouter(NetgearWNDR3700).
 

On Dec 2, 2011, at 4:14 PM, Philip Anil-QBW348 wrote:

> That worked!
> I did a
> sudo airmon-ng start wlan0
> and then used wireshark to capture on mon0.
> I can see the http packets unencrypted.
> Much appreciate your help. Blessings!

OK, now I'd appreciate *your* help; as per my previous message:

> This may allow you to capture traffic in monitor mode while you're still associated with the network (*IF* the 
> hardware and driver support that, and if NetworkManager doesn't "helpfully" turn monitor mode off).  You'd have to 
> restart NetworkManager and then try the airmon-ng script.
>
> If that works, try removing monitor mode with the "airmon-ng stop mon0" command, and then try running Wireshark and 
> checking the "Monitor mode" checkbox when capturing on wlan0.

so try removing monitor mode and then start Wireshark, select "Options" from the "Capture" menu, and, if it has a 
"Monitor mode" checkbox, try to capture on "wlan0" with the "Monitor mode" checkbox checked.  Let us know whether that 
works or not.  (If it doesn't have a "Monitor mode" checkbox, let us know what the Help -> About dialog box says.)  If 
the "Monitor mode" checkbox is present but grayed out, let us know that as well.
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe