Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-users: Re: [Wireshark-users] Newbie question

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Mon, 24 Sep 2007 14:01:07 -0700
(When replying, please try to arrange things so that it's clear what text is quoted from the message and what text is your reply....) 

On Sep 23, 2007, at 4:25 PM, Tom Maugham wrote:


On Sep 23, 2007, at 6:19 PM, Sake Blok wrote:


Sometimes it's even worse, the driver will not send any packets
to the system when the card is put in promiscuous mode. In those
cases you need to disable "Capture in promiscuous mode" in the
capture options screen to be able to see your own packets in
wireshark.


That's what appears to be the case. Is there any way around this?


Either:
1) find a wireless adapter that supports promiscuous mode, if any exist - see 

		http://www.micro-logix.com/WinPcap/Supported.asp
2) switch to an OS less hostile to promiscuous-mode 802.11 capture, such as Linux or one of the BSDs; 

	3) buy an AirPcap adapter and use that:

		http://www.cacetech.com/products/airpcap_family.htm
4) run Vista on your machine and use the latest version of Network Monitor from Microsoft: 

		http://www.microsoft.com/downloads/details.aspx?FamilyID=18b1d59d-f4d8-4213-8d17-2f6dde7d7aac&DisplayLang=en


Not quite ;-)  What I meant was that if you use to wired PC to
capture the packets instead of the wireless PC, you will also not
see the all the packets. This is because the PC is connected to
a switch, which learns to which of it's ports each system is
connected to and only forwards traffic destined for the connected
system(s) out a port. You might want to read the Wiki-article
about that again. It will give you some insight in what kind
of traffic you can expect when you connect the PC to some type
of device.
It appears that I must use the wired pc to see the traffic to/from that pc 
which unfortunately I cannot do. I can only use the laptop.
Then you'll have to plug the laptop into a *wired* port on the router - and configure the router so that a copy of all traffic to and from the wired PC gets sent to the port into which you've plugged the laptop. That might or might not be possible; you'd have to find documentation on the router to see if that's possible.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube