Wireshark-users: Re: [Wireshark-users] I see no captured packets at all
From: Gerald Combs <gerald@xxxxxxxxxxxxx>
Date: Fri, 29 Dec 2006 08:45:16 -0800
...or you could just buy one of these: http://www.cacetech.com/products/airpcap.htm (Apologies for the shameless plug.) Small, James wrote: > Cor, > > Unfortunately, many wireless cards in Windows do not allow you to do > network captures. I use to have a link to a web site that explained it > all and had a list of Wireless NICs/Chipsets and which ones worked or > didn't work for network captures but now I can't find it. > > However, many times you can get around this by bridging if you're using > XP. Basically, you need to add the Microsoft Bridge and add your > wireless adapter to it. You then choose the Microsoft MAC Bridge > Virtual NIC as the capture source instead of the Wireless card. This > works in the majority of cases - I use it myself. > > If I remember correctly, in the Network Control Panel, I believe you > select two adapters and then select bridge. This creates a Microsoft > Virtual Bridge with the two adapters as members of the bridge. After > the bridge is created, you can remove everything except your wireless > card and try capturing as described above (just go into the bridge > properties). > > When you create the bridge, it acts just like a simple network bridge > including emitting 802.1d spanning tree BPDUs. Be warned, many switches > (especially corporate ones) are configured to basically shutdown if they > detect spanning tree BPDUs. Usually if you're just bridging your > wireless card this doesn't create problems. However, I have run into > some instances where the wireless network is seamlessly bridged to a > wired switch and when the switch detects spanning tree BPDUs, it > disables the switch port that the access point is on. This is rare but > possible so be warned! > > Also, sometimes my wireless connection can be a little flakey and if I > remove the bridge the problems go away. That said, I usually always run > in bridged mode so I can do captures and for the most part it works > well. > > Let me know if you have trouble setting up the bridging, > --Jim > > >> -----Original Message----- >>>> I installed Wireshark (Version 0.99.4 (SVN Rev 19757)) on my laptop >>>> (Acer Aspire 6510 with a build in Intel PRO/Wireless 3945ABG > network >>>> card), running Windows XP sp2. >>>> My LAN has an Asus WL500g router and a 3COM switch for the wired >>>> desktops attached to it. >>>> >>>> When I start capturing on the laptop, the name of my networkcard is >>>> mentioned in the top of the capture window all right, but no > captured >>>> packets are shown, even if I wait for 10 minutes. >>>> >>>> I also uninstalled and re-installed WinPcap (version 3.1) >>>> >>>> What am I doing wrong? Is this network card the evil part? >>>> On one of the wired desktops, it works fine. > > _______________________________________________ > Wireshark-users mailing list > Wireshark-users@xxxxxxxxxxxxx > http://www.wireshark.org/mailman/listinfo/wireshark-users
- References:
- Re: [Wireshark-users] I see no captured packets at all
- From: Small, James
- Re: [Wireshark-users] I see no captured packets at all
- Prev by Date: Re: [Wireshark-users] I see no captured packets at all
- Next by Date: Re: [Wireshark-users] I see no captured packets at all
- Previous by thread: Re: [Wireshark-users] I see no captured packets at all
- Next by thread: Re: [Wireshark-users] I see no captured packets at all
- Index(es):
- Get Wireshark
- Download
- Code of Conduct