Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Basic question about Wireshark

From: "Frank Walter" <francwalter () gmx net>
Date: Sun, 24 Jul 2011 19:39:00 +0200
OK, this is clear now. Thank you!

Now I used my MacBook laptop to do wireless sniffing in monitor mode with Wireshark 1.6.1.
I see many, many packets with Destination "Broadcast" (ff:ff:ff:ff:ff:ff).
When I try to set a filter that all those Broadcast-packets are omitted, it ends only in an empty list.
I tried:

eth.dst != ff:ff:ff:ff:ff:ff

but also with eth.dst == ff:ff:ff:ff:ff:ff

the result is empty. I don't know how to call the Destination, the context-menu "Apply as filter / Selected" gives me 
the wrong name (eth.dst).

What is it?






-----Ursprüngliche Nachricht-----
Von: wireshark-users-bounces () wireshark org [mailto:wireshark-users-bounces () wireshark org]
Im Auftrag von Andreas
Gesendet: Sonntag, 24. Juli 2011 18:59
An: wireshark-users () wireshark org
Betreff: Re: [Wireshark-users] Basic question about Wireshark

Am 24.07.2011 18:37, schrieb Frank Walter:

Ah, OK, thank you.
So if I want to track the complete network traffic in my network, I need on both a

running Wireshark on monitor / promiscuous mode.

Franc, you wrote:
 >>> I want to see the data of each other with Wireshark.

If you want to see the (unicast) traffic between your both endpoints you
only need one Wireshark instance at one of both PCs. The promiscuous
mode is not necessary in this case.

If you want to see what else is on the network (like broadcasts or
packets not sent to to your 'other end') you will need Wireshark at both
ends when a router or any switching hub is between them.

Helge


-----Ursprüngliche Nachricht-----
Von: wireshark-users-bounces () wireshark org [mailto:wireshark-users-

bounces () wireshark org]

Im Auftrag von Boonie
Gesendet: Sonntag, 24. Juli 2011 18:33
An: wireshark-users () wireshark org
Betreff: Re: [Wireshark-users] Basic question about Wireshark

Hi Frank,

No, your router will be behaving like a switch and will not send all packets
to all machines. Therefore you will not see the packets in this setup.

You might want to have a look on the wireshark wiki pages. Here is a good
link.

http://wiki.wireshark.org/CaptureSetup/Ethernet

Dave


----- Original Message -----
From: "Frank Walter"<francwalter () gmx net>
To:<wireshark-users () wireshark org>
Sent: Sunday, July 24, 2011 5:59 PM
Subject: [Wireshark-users] Basic question about Wireshark



Hello,

I am just a wireshark beginner and don't know basic things. I have this
question:

When I sniff a Wireless Network, will I be able to sniff packets of the
same network but sent not wireless but by cable (LAN)?
Vice versa, when I sniff with my LAN Network adapter will I see wireless
packets in the same network?

I have a router with wireless and LAN. I have connected my laptop with
wireless and my PC with cable in the same network.
I want to see the data of each other with Wireshark. Is this possible?

Thank you for clarification.

franc



___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: