Wireshark

  • Riverbed Technology
  • WinPcap
the world's foremost network protocol analyzer
  • Wireshark
    • About
    • Download
    • Blog
  • Get Help
    • Ask a Question
    • FAQs
    • Documentation
    • Mailing Lists
    • Online Tools
    • Wiki
    • Bug Tracker
  • Develop
    • Get Involved
    • Developer's Guide
    • Browse the Code
    • Latest Builds

Wireshark-users: [Wireshark-users] Using filter in sniffing a wireless LAN

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next


From: Mark Ryden <markryde@xxxxxxxxx>
Date: Tue, 3 Feb 2009 09:07:10 +0200

Hello,
   I have wireshark-1.0.3-1.fc10.
After putting a wireless nic into monitor mode, I try to sniff with a
filter for 1 minute thus:

"tshark -R "wlan.fc.type_subtype eq 4" -i wlan0 -w out.eth"

The filter "wlan.fc.type_subtype eq 4" means capturing only probe
request packets.

I am getting on the command line this output:
Capturing on wlan0
3

which means that it captured 3 packets. Indeed only 3  probe request
packets while the sniffer
was running. However, when I open with wireshark the sniff file that
was created by this sniff (out.eth) I see indeed this 3 packets but I
see many more packets - Beacons and Data.
In fact, I see 220 packets.

Why is it so ? Is it a BUG ?  Or is something missing in my filter?

Rgs,
Mark
  • Follow-Ups:
    • Re: [Wireshark-users] Using filter in sniffing a wireless LAN
      • From: matt roberts
  • Prev by Date: Re: [Wireshark-users] can't capture on my linux
  • Next by Date: [Wireshark-users] tshark -e field to print TP-User-Data in gsm_sms
  • Previous by thread: Re: [Wireshark-users] can't capture on my linux
  • Next by thread: Re: [Wireshark-users] Using filter in sniffing a wireless LAN
  • Index(es):
    • Date
    • Thread

Wireshark and the "fin" logo are registered trademarks of the Wireshark Foundation