Wireshark-users: [Wireshark-users] ZD1211B in monitor mode only captures Beacon and Probes with Wireshark 99.5 HLP

From: "Bruno Tavares" <lopes_sma@xxxxxxxxxxx>
Date: Fri, 06 Jul 2007 13:56:54 +0000

Guys I have one serious problem capturing packets using a ZD1211B chip based usb dongle on Fedora 7 and Wireshark

I've struggled to change my wireless usb dongle to monitor mode but now I know how to do it.

Here's the code:



/sbin/service NetworkManager stop

/sbin/chkconfig NetworkManager off

/sbin/ifconfig wlan0 down

/sbin/iwconfig wlan0 mode monitor

/sbin/ifconfig wlan0 up

/sbin/iwconfig wlan0 channel 11

/sbin/iwconfig wlan0

wlan0     IEEE 802.11g  Mode:Monitor  Frequency:2.462 GHz
         Retry min limit:7   RTS thr:off   Fragment thr=2346 B
         Encryption key:off
         Link Quality:0  Signal level:0  Noise level:0
         Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
         Tx excessive retries:0  Invalid misc:0   Missed beacon:0

Then I open Wireshark hit capture interfaces (with promiscuous mode seleted) and right there my wlan0 starts to count packets.

But when I start capturing I only get Beacons Probes and unresolved.

In my last capture for 3.5 hours I got around 200.000 packets mostly beacons probes and only 2 of them were IPX.

No http or any other protocols were found and I got around 50 endpoints and 10 diferent SSID's!!

Besides my WLAN using Windows and Fedora 7 I've found 4 medium/low signal WLAN beaconing their SSID...

Something has to be wrong!!!!
Can you help me solve this?

_________________________________________________________________

Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/