Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-users: Re: [Wireshark-users] Sniffing Wireless with Wireshark?

From: Raymond Jender <rayj00@xxxxxxxxx>
Date: Sun, 1 Nov 2009 13:40:13 -0800 (PST)

I do not have Airpcap.  It's a little pricey for me right now.  I am in a Wi-Fi learning mode right now in preparation for certifying (CWNA/CWSP).  Is there some open source equivalent to Airpcap?  Or some freeware software?

I also tried Wireshark promiscuous mode on and off.

And I could not find where the "802.11 channel" option is in Wireshark?

Is my Wireless adapter supposed to be shown in the Capture->Interfaces because it ain't!   My Wireless NIC is the Realtek RTL8191SE Wireless LAN 802.11n PCI-E NIC.

The Wireshark Capture Interfaces show:  Microsoft,  Realtek RTL8102/8103,  and two VMware Ethernet Adapters. (I have Backtrack 4 loaded as a VM, again for wireless learning)

The only interface I see packets on is the Microsoft one??? And no 802.11 packets.
I have to believe this is the wireless NIC.  I disconnected the ethernet cable.
When I look at the details of the Capture Interface, the 802.11 tab is greyed out?

I seem to missing something????

Thanks for all your help...

Ray
Windows 7 64 Bit


--- On Sun, 11/1/09, wireshark-users-request@xxxxxxxxxxxxx <wireshark-users-request@xxxxxxxxxxxxx> wrote:

From: wireshark-users-request@xxxxxxxxxxxxx <wireshark-users-request@xxxxxxxxxxxxx>
Subject: Wireshark-users Digest, Vol 42, Issue 1
To: wireshark-users@xxxxxxxxxxxxx
Date: Sunday, November 1, 2009, 2:00 PM

Send Wireshark-users mailing list submissions to
    wireshark-users@xxxxxxxxxxxxx

To subscribe or unsubscribe via the World Wide Web, visit
    https://wireshark.org/mailman/listinfo/wireshark-users
or, via email, send a message with subject or body 'help' to
    wireshark-users-request@xxxxxxxxxxxxx

You can reach the person managing the list at
    wireshark-users-owner@xxxxxxxxxxxxx

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Wireshark-users digest..."


Today's Topics:

   1. Sniffing Wireless with Wireshark? (Raymond Jender)
   2. Re: Sniffing Wireless with Wireshark? (Steve Evans)
   3. Re: Sniffing Wireless with Wireshark? (Guy Harris)
   4. Re: (-0.2)  Sniffing Wireless with Wireshark? (Jack Jackson)
   5. Re: Sniffing Wireless with Wireshark? (Steve Evans)
   6. Re: Sniffing Wireless with Wireshark? (Guy Harris)


----------------------------------------------------------------------

Message: 1
Date: Sat, 31 Oct 2009 21:28:53 -0700 (PDT)
From: Raymond Jender <rayj00@xxxxxxxxx>
Subject: [Wireshark-users] Sniffing Wireless with Wireshark?
To: wireshark-users@xxxxxxxxxxxxx
Message-ID: <716509.9395.qm@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
Content-Type: text/plain; charset="iso-8859-1"


I am trying to use Wireshark to sniff 802.11g traffic.? I am successfully browsing over the air, but I cannot see any packets..? I am using version 1.2.3? on a Win 7 64 bit box.

Thanks,

Ray




     
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.wireshark.org/lists/wireshark-users/attachments/20091031/998cfb42/attachment.html

------------------------------

Message: 2
Date: Sat, 31 Oct 2009 21:42:53 -0700 (PDT)
From: Steve Evans <sc_evans@xxxxxxxxx>
Subject: Re: [Wireshark-users] Sniffing Wireless with Wireshark?
To: Community support list for Wireshark
    <wireshark-users@xxxxxxxxxxxxx>
Message-ID: <258366.8928.qm@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
Content-Type: text/plain; charset=iso-8859-1

Are you using PCAP (or similar) adapters? Are you scanning the correct channels?




--- On Sun, 11/1/09, Raymond Jender <rayj00@xxxxxxxxx> wrote:

> From: Raymond Jender <rayj00@xxxxxxxxx>
> Subject: [Wireshark-users] Sniffing Wireless with Wireshark?
> To: wireshark-users@xxxxxxxxxxxxx
> Date: Sunday, November 1, 2009, 12:28 AM
>
> I am trying to use Wireshark to sniff 802.11g
> traffic.? I am successfully browsing over the air, but
> I cannot see any packets..? I am using version
> 1.2.3? on a Win 7 64 bit box.
>
> Thanks,
>
> Ray
>
>
>
>
>       
> -----Inline Attachment Follows-----
>
> ___________________________________________________________________________
> Sent via:? ? Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives:? ? http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
> ? ? ? ? ?
> ???mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe


     


------------------------------

Message: 3
Date: Sun, 1 Nov 2009 01:42:30 -0700
From: Guy Harris <guy@xxxxxxxxxxxx>
Subject: Re: [Wireshark-users] Sniffing Wireless with Wireshark?
To: Community support list for Wireshark
    <wireshark-users@xxxxxxxxxxxxx>
Message-ID: <E331D4F0-26E2-484D-A659-D8169B42CFD8@xxxxxxxxxxxx>
Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes


On Oct 31, 2009, at 9:42 PM, Steve Evans wrote:

> Are you using PCAP (or similar) adapters?

Presumably by "PCAP (or similar) adapters" you mean "AirPcap (or 
similar) adapters":

    http://www.cacetech.com/products/airpcap.html

Windows, prior to the adoption of "Native 802.11":

    http://msdn.microsoft.com/en-us/library/aa503061.aspx

was not very friendly towards capturing on 802.11 networks, and, even 
with Native 802.11, capturing with WinPcap (the capture mechanism 
Wireshark uses on Windows) doesn't work all that well (WinPcap doesn't 
support NDIS 6, and thus doesn't support Native 802.11).  With 
WinPcap, on 802.11 networks, you can capture with promiscuous mode 
off, and capture traffic to and from your machine, which will 
*probably* work; promiscuous mode might not work at all, and monitor 
mode isn't supported.

AirPcap adapters are special (they don't plug into the normal Windows 
networking stack, so they can't be used as normal adapters to join a 
wireless network), and can capture (in what amounts to monitor mode) 
on Windows.


------------------------------

Message: 4
Date: Sat, 31 Oct 2009 22:50:31 -0700
From: Jack Jackson <jack@xxxxxxxxxxxxxxx>
Subject: Re: [Wireshark-users] (-0.2)  Sniffing Wireless with
    Wireshark?
To: Community support list for Wireshark
    <wireshark-users@xxxxxxxxxxxxx>
Message-ID: <20091101055032.D5190509D9@xxxxxxxxxxxxxxxxx>
Content-Type: text/plain; charset="us-ascii"; format=flowed

At 09:28 PM 10/31/2009, Raymond Jender wrote:

>I am trying to use Wireshark to sniff 802.11g traffic.  I am successfully
>browsing over the air, but I cannot see any packets..  I am using version
>1.2.3  on a Win 7 64 bit box.

I would try it both with "Capture packets in promiscuous mode" turned on
and off.



------------------------------

Message: 5
Date: Sun, 1 Nov 2009 07:42:33 -0800 (PST)
From: Steve Evans <sc_evans@xxxxxxxxx>
Subject: Re: [Wireshark-users] Sniffing Wireless with Wireshark?
To: Community support list for Wireshark
    <wireshark-users@xxxxxxxxxxxxx>
Message-ID: <53930.20366.qm@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
Content-Type: text/plain; charset=iso-8859-1


> Presumably by "PCAP (or similar) adapters" you mean
> "AirPcap (or 
> similar) adapters":

Correct. We've grown accustomed to calling them "PCAP" for short.



--- On Sun, 11/1/09, Guy Harris <guy@xxxxxxxxxxxx> wrote:

> From: Guy Harris <guy@xxxxxxxxxxxx>
> Subject: Re: [Wireshark-users] Sniffing Wireless with Wireshark?
> To: "Community support list for Wireshark" <wireshark-users@xxxxxxxxxxxxx>
> Date: Sunday, November 1, 2009, 3:42 AM
>
> On Oct 31, 2009, at 9:42 PM, Steve Evans wrote:
>
> > Are you using PCAP (or similar) adapters?
>
> Presumably by "PCAP (or similar) adapters" you mean
> "AirPcap (or?
> similar) adapters":
>
> ??? http://www.cacetech.com/products/airpcap.html
>
> Windows, prior to the adoption of "Native 802.11":
>
> ??? http://msdn.microsoft.com/en-us/library/aa503061.aspx
>
> was not very friendly towards capturing on 802.11 networks,
> and, even?
> with Native 802.11, capturing with WinPcap (the capture
> mechanism?
> Wireshark uses on Windows) doesn't work all that well
> (WinPcap doesn't?
> support NDIS 6, and thus doesn't support Native
> 802.11).? With?
> WinPcap, on 802.11 networks, you can capture with
> promiscuous mode?
> off, and capture traffic to and from your machine, which
> will?
> *probably* work; promiscuous mode might not work at all,
> and monitor?
> mode isn't supported.
>
> AirPcap adapters are special (they don't plug into the
> normal Windows?
> networking stack, so they can't be used as normal adapters
> to join a?
> wireless network), and can capture (in what amounts to
> monitor mode)?
> on Windows.
> ___________________________________________________________________________
> Sent via:? ? Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives:? ? http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
> ? ? ? ? ?
> ???mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
>


     


------------------------------

Message: 6
Date: Sun, 1 Nov 2009 11:29:00 -0800
From: Guy Harris <guy@xxxxxxxxxxxx>
Subject: Re: [Wireshark-users] Sniffing Wireless with Wireshark?
To: Community support list for Wireshark
    <wireshark-users@xxxxxxxxxxxxx>
Message-ID: <986036C0-D1A8-4210-A195-8000D1A62B0E@xxxxxxxxxxxx>
Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes


On Nov 1, 2009, at 7:42 AM, Steve Evans wrote:

>> Presumably by "PCAP (or similar) adapters" you mean
>> "AirPcap (or
>> similar) adapters":
>
> Correct. We've grown accustomed to calling them "PCAP" for short.

Given that not everybody's familiar with that convention - I've never 
heard it, for example - and that "pcap" is also used to refer to 
libpcap/WinPcap (see the Wikipedia page for "pcap", for example), 
using the full name is probably a better idea on the list.


------------------------------

_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
https://wireshark.org/mailman/listinfo/wireshark-users


End of Wireshark-users Digest, Vol 42, Issue 1
**********************************************