OK, this is clear now. Thank you!
Now I used my MacBook laptop to do wireless sniffing in monitor mode with Wireshark 1.6.1.
I see many, many packets with Destination "Broadcast" (ff:ff:ff:ff:ff:ff).
When I try to set a filter that all those Broadcast-packets are omitted, it ends only in an empty list.
I tried:
eth.dst != ff:ff:ff:ff:ff:ff
but also with eth.dst == ff:ff:ff:ff:ff:ff
the result is empty. I don't know how to call the Destination, the context-menu "Apply as filter / Selected" gives me the wrong name (eth.dst).
What is it?
> -----Ursprüngliche Nachricht-----
> Von: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx]
> Im Auftrag von Andreas
> Gesendet: Sonntag, 24. Juli 2011 18:59
> An: wireshark-users@xxxxxxxxxxxxx
> Betreff: Re: [Wireshark-users] Basic question about Wireshark
>
> Am 24.07.2011 18:37, schrieb Frank Walter:
> > Ah, OK, thank you.
> > So if I want to track the complete network traffic in my network, I need on both a
> running Wireshark on monitor / promiscuous mode.
>
> Franc, you wrote:
> >>> I want to see the data of each other with Wireshark.
>
> If you want to see the (unicast) traffic between your both endpoints you
> only need one Wireshark instance at one of both PCs. The promiscuous
> mode is not necessary in this case.
>
> If you want to see what else is on the network (like broadcasts or
> packets not sent to to your 'other end') you will need Wireshark at both
> ends when a router or any switching hub is between them.
>
> Helge
>
> >> -----Ursprüngliche Nachricht-----
> >> Von: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-
> bounces@xxxxxxxxxxxxx]
> >> Im Auftrag von Boonie
> >> Gesendet: Sonntag, 24. Juli 2011 18:33
> >> An: wireshark-users@xxxxxxxxxxxxx
> >> Betreff: Re: [Wireshark-users] Basic question about Wireshark
> >>
> >> Hi Frank,
> >>
> >> No, your router will be behaving like a switch and will not send all packets
> >> to all machines. Therefore you will not see the packets in this setup.
> >>
> >> You might want to have a look on the wireshark wiki pages. Here is a good
> >> link.
> >>
> >> http://wiki.wireshark.org/CaptureSetup/Ethernet
> >>
> >> Dave
> >>
> >>
> >> ----- Original Message -----
> >> From: "Frank Walter"<francwalter@xxxxxxx>
> >> To:<wireshark-users@xxxxxxxxxxxxx>
> >> Sent: Sunday, July 24, 2011 5:59 PM
> >> Subject: [Wireshark-users] Basic question about Wireshark
> >>
> >>
> >>> Hello,
> >>>
> >>> I am just a wireshark beginner and don't know basic things. I have this
> >>> question:
> >>>
> >>> When I sniff a Wireless Network, will I be able to sniff packets of the
> >>> same network but sent not wireless but by cable (LAN)?
> >>> Vice versa, when I sniff with my LAN Network adapter will I see wireless
> >>> packets in the same network?
> >>>
> >>> I have a router with wireless and LAN. I have connected my laptop with
> >>> wireless and my PC with cable in the same network.
> >>> I want to see the data of each other with Wireshark. Is this possible?
> >>>
> >>> Thank you for clarification.
> >>>
> >>> franc
> >>>
>
> ___________________________________________________________________________
> Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives: http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
> mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
