Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-users: Re: [Wireshark-users] Wireless or not?

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Sun, 03 Jun 2007 13:20:30 -0700
Tim Milgram wrote:
I have a capture file that I have to analyze, and I want to know if the computer that it was on was a wireless card or a regular wired ethernet card. What specific things would tell me if it was wired or wireless?
If the capture was on a wireless adapter *and* the card/driver/OS didn't arrange that the packets had "fake Ethernet" headers, the packets would have 802.11 headers, indicating that they were captured on an 802.11 adapter.
Unfortunately, 802.11 adapters and their drivers often supply "fake Ethernet" headers to the capture mechanism used by libpcap/WinPcap, so captures on those adapters will look like Ethernet captures. In that case, I'm not sure what - other than, perhaps, ARP requests with an ARP hardware address type of "IEEE 802" (6) rather than "Ethernet" (1) - would indicate that (and there's no guarantee that an ARP request on an 802.11 network would use "IEEE 802" rather than "Ethernet").
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube