Re: Capturing Wi-Fi traffic to/from Modem

[Guy Harris <guy () alum mit edu>]

On Jul 12, 2014, at 8:53 AM, Evan Huus <eapache () gmail com> wrote:

> Once you can capture cooked packets, capturing "raw" packets (with all the IEEE802.11 headers etc) should be as 
> simple as checking the "monitor mode" box in the capture options dialogue box, assuming your version of Wireshark is 
> recent enough (which 1.10.* should be).

It should be, but, sadly, on Linux, it isn't, for annoying complicated reasons having to do with libpcap and libnl.  It 
can probably be made so, but that's going to require a fair bit of work on libpcap for Linux, and I haven't had time to 
do that - and it'll only help on newer versions of various Linux distributions that have picked up a version of libpcap 
with those changes, once there's an official release with them.

(It's also not sufficient on some versions of BSD, for annoying reasons having to do with those versions of BSD 
deciding to completely change the way you do monitor mode.  The only platform on which it's sufficient is OS X; 
fortunately, Apple haven't decided to change the way to turn monitor mode on.)

The workaround, for better or worse, is that you need to use airmon-ng in the fashion described in the Linux section of 
the 6000-word document in question:

        http://wiki.wireshark.org/CaptureSetup/WLAN
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe