Title: RE: [Wireshark-users] cannot capture packets fromwifirouter(NetgearWNDR3700).
ok, I stopped monitor mode by trying the following
sudo airmon-ng stop wlan0
Interface Chipset Driver
wlan0 Intel 4965/5xxx iwlagn - [phy0]
(monitor mode disabled)
(I also tried sudo airmon-ng stop mon0)
started wireshark
sudo wireshark
Capture|Options
I notice that monitor mode checkbox is unchecked.
promiscuous mode checkbox is checked.
I tried to check the checkbox. As I depress the box, it grays out and then re-enables.
(almost as though it is being disabled, cleared and then re-enabled).
Help|About shows:
--------------
Version 1.6.2
Copyright 1998-2011 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (32-bit) with GTK+ 2.24.6, with GLib 2.29.92, with libpcap 1.1.1, with
libz 1.2.3.4, with POSIX capabilities (Linux), without libpcre, with SMI 0.4.8,
with c-ares 1.7.4, with Lua 5.1, without Python, with GnuTLS 2.10.5, with Gcrypt
1.5.0, with MIT Kerberos, with GeoIP, with PortAudio V19-devel (built Jul 27
2011 11:30:44), without AirPcap.
Running on Linux 3.0.0-13-generic-pae, with libpcap version 1.1.1, with libz
1.2.3.4, GnuTLS 2.10.5, Gcrypt 1.5.0.
Built using gcc 4.6.1.
Anil
-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx on behalf of Guy Harris
Sent: Fri 12/2/2011 8:22 PM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] cannot capture packets fromwifirouter(NetgearWNDR3700).
On Dec 2, 2011, at 4:14 PM, Philip Anil-QBW348 wrote:
> That worked!
> I did a
> sudo airmon-ng start wlan0
> and then used wireshark to capture on mon0.
> I can see the http packets unencrypted.
> Much appreciate your help. Blessings!
OK, now I'd appreciate *your* help; as per my previous message:
> This may allow you to capture traffic in monitor mode while you're still associated with the network (*IF* the hardware and driver support that, and if NetworkManager doesn't "helpfully" turn monitor mode off). You'd have to restart NetworkManager and then try the airmon-ng script.
>
> If that works, try removing monitor mode with the "airmon-ng stop mon0" command, and then try running Wireshark and checking the "Monitor mode" checkbox when capturing on wlan0.
so try removing monitor mode and then start Wireshark, select "Options" from the "Capture" menu, and, if it has a "Monitor mode" checkbox, try to capture on "wlan0" with the "Monitor mode" checkbox checked. Let us know whether that works or not. (If it doesn't have a "Monitor mode" checkbox, let us know what the Help -> About dialog box says.) If the "Monitor mode" checkbox is present but grayed out, let us know that as well.
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
