Hi
I'm attempting to use Wireshark to monitor WiFi traffic between my mobile phone and my local WiFi network. I'm using a MacBook Pro with OS 10.6.2 installed. I have Wireshark 1.2.5 (SVN Rev 31296). It's the MacOS package from the Wireshark site. I've installed the Chmod script which gives me access to /dev/bpf*. I'm assuming this is working correctly as I'm able to capture from the WiFi no problem. The issue I'm encountering is when I try and use promiscuous mode to monitor WiFi traffic from my mobile phone. Entering promiscuous mode in Wireshark seems to make no difference. I still only see broadcast, mulitcast and unicast traffic to and from my laptop. No other traffic is visible. Using the ifconfig terminal command I can confirm that the interface has the PROMISC flag added to it while Wireshark is capturing, so I was expecting it to work. Monitor mode also seems to work, but I only get low level 802.11 traffic from various SSIDs around me. I'm using the laptop's internal Airport Express card, which is actually an Atheros AR5008 chip as far as I can tell.
I've read all the Wireshark docs that I can find on the subject, which has got me this far. Can anyone help me out? Is it a case of everything reporting correctly but the drivers aren't actually honouring promiscuous mode? It seems odd that monitor mode would work well but promisc support would be broken. Any ideas?
Many thanks
Daniel
