Wireshark

  • Riverbed Technology
  • WinPcap
the world's foremost network protocol analyzer
  • Wireshark
    • About
    • Download
    • Blog
  • Get Help
    • Ask a Question
    • FAQs
    • Documentation
    • Mailing Lists
    • Online Tools
    • Wiki
    • Bug Tracker
  • Develop
    • Get Involved
    • Developer's Guide
    • Browse the Code
    • Latest Builds

Wireshark-users: Re: [Wireshark-users] Sniffing Wireless with Wireshark?

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next


From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Sun, 1 Nov 2009 01:42:30 -0700


On Oct 31, 2009, at 9:42 PM, Steve Evans wrote:


Are you using PCAP (or similar) adapters?
Presumably by "PCAP (or similar) adapters" you mean "AirPcap (or similar) adapters": 

	http://www.cacetech.com/products/airpcap.html

Windows, prior to the adoption of "Native 802.11":

	http://msdn.microsoft.com/en-us/library/aa503061.aspx
was not very friendly towards capturing on 802.11 networks, and, even with Native 802.11, capturing with WinPcap (the capture mechanism Wireshark uses on Windows) doesn't work all that well (WinPcap doesn't support NDIS 6, and thus doesn't support Native 802.11). With WinPcap, on 802.11 networks, you can capture with promiscuous mode off, and capture traffic to and from your machine, which will *probably* work; promiscuous mode might not work at all, and monitor mode isn't supported.
AirPcap adapters are special (they don't plug into the normal Windows networking stack, so they can't be used as normal adapters to join a wireless network), and can capture (in what amounts to monitor mode) on Windows.
  • Follow-Ups:
    • Re: [Wireshark-users] Sniffing Wireless with Wireshark?
      • From: Steve Evans
  • Next by Date: Re: [Wireshark-users] Sniffing Wireless with Wireshark?
  • Next by thread: Re: [Wireshark-users] Sniffing Wireless with Wireshark?
  • Index(es):
    • Date
    • Thread

Wireshark and the "fin" logo are registered trademarks of the Wireshark Foundation