Wireshark

  • Riverbed Technology
  • WinPcap
the world's foremost network protocol analyzer
  • Wireshark
    • About
    • Download
    • Blog
  • Get Help
    • Ask a Question
    • FAQs
    • Documentation
    • Mailing Lists
    • Online Tools
    • Wiki
    • Bug Tracker
  • Develop
    • Get Involved
    • Developer's Guide
    • Browse the Code
    • Latest Builds

Wireshark-users: Re: [Wireshark-users] Wireless or not?

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next


From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Sun, 03 Jun 2007 13:20:30 -0700

Tim Milgram wrote:
I have a capture file that I have to analyze, and I want to know if the computer that it was on was a wireless card or a regular wired ethernet card. What specific things would tell me if it was wired or wireless?
If the capture was on a wireless adapter *and* the card/driver/OS didn't arrange that the packets had "fake Ethernet" headers, the packets would have 802.11 headers, indicating that they were captured on an 802.11 adapter.
Unfortunately, 802.11 adapters and their drivers often supply "fake Ethernet" headers to the capture mechanism used by libpcap/WinPcap, so captures on those adapters will look like Ethernet captures. In that case, I'm not sure what - other than, perhaps, ARP requests with an ARP hardware address type of "IEEE 802" (6) rather than "Ethernet" (1) - would indicate that (and there's no guarantee that an ARP request on an 802.11 network would use "IEEE 802" rather than "Ethernet").
  • References:
    • [Wireshark-users] Wireless or not?
      • From: Tim Milgram
  • Prev by Date: [Wireshark-users] Wireless or not?
  • Next by Date: [Wireshark-users] DNS Request in Traceroute
  • Previous by thread: [Wireshark-users] Wireless or not?
  • Next by thread: [Wireshark-users] DNS Request in Traceroute
  • Index(es):
    • Date
    • Thread

Wireshark and the "fin" logo are registered trademarks of the Wireshark Foundation