Wireshark
the world's foremost network protocol analyzer
Wireshark-users: Re: [Wireshark-users] Using filter in sniffing a wireless LAN
From: "matt roberts" <k141@xxxxxxxxxxx>
Date: Tue, 3 Feb 2009 07:40:04 -0800
See https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2234 -------------------------------------------------- From: "Mark Ryden" <markryde@xxxxxxxxx> Sent: Monday, February 02, 2009 11:07 PM To: <wireshark-users@xxxxxxxxxxxxx> Subject: [Wireshark-users] Using filter in sniffing a wireless LAN
Hello, I have wireshark-1.0.3-1.fc10. After putting a wireless nic into monitor mode, I try to sniff with a filter for 1 minute thus: "tshark -R "wlan.fc.type_subtype eq 4" -i wlan0 -w out.eth" The filter "wlan.fc.type_subtype eq 4" means capturing only probe request packets. I am getting on the command line this output: Capturing on wlan0 3 which means that it captured 3 packets. Indeed only 3 probe request packets while the sniffer was running. However, when I open with wireshark the sniff file that was created by this sniff (out.eth) I see indeed this 3 packets but I see many more packets - Beacons and Data. In fact, I see 220 packets. Why is it so ? Is it a BUG ? Or is something missing in my filter? Rgs, Mark ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
- References:
- [Wireshark-users] Using filter in sniffing a wireless LAN
- From: Mark Ryden
- [Wireshark-users] Using filter in sniffing a wireless LAN
- Prev by Date: Re: [Wireshark-users] wireshark plugin for HLA
- Next by Date: Re: [Wireshark-users] wireshark plugin for HLA
- Previous by thread: [Wireshark-users] Using filter in sniffing a wireless LAN
- Next by thread: [Wireshark-users] tshark -e field to print TP-User-Data in gsm_sms
- Index(es):