8

When I run wireshark on a wired network it works fine and reports all of the packets.
When I run it on a wireless network though I only see my own traffic. The wireless card I have is supposed to support packet capture and go into premiscous mode, but I don't see any other system traffic.

What is wrong?

Improve this question
2
  • I am having the same problem. Running latest wireshark 1.8.6 on a Macbook Pro capturing wifi packets, if I enable monitor mode I can see all kinds of traffic but I can't tell what it is, because it says everything is an 802.11 packet (it doesn't decode them into TCP/IP). If I disable monitor mode I can see only my own traffic. Any help?
    – GaryO
    Commented Mar 15, 2013 at 17:27
  • You're probably on an encrypted (WEP/WPA) network. In order to dissect the traffic, it would have to be encrypted; see the Wireshark Wiki page about decrypting 802.11 traffic. (After all, the whole point of encrypting Wi-Fi networks is to make it harder to sniff the network!)
    – user164970
    Commented Apr 24, 2013 at 1:29

1 Answer 1

Reset to default
4

Look at Wi-Fi (WLAN, IEEE 802.11) on the Wireshark Wiki page.

See the CaptureSetup/WLAN page for instructions how to capture from WLAN's (including monitor mode), and see the CaptureSetup page for general information on capturing on WLAN's and other media.

Going further, if you are using Windows (are you?)

Capturing WLAN traffic on Windows depends on WinPcap and on the underlying network adapters and drivers. Unfortunately, most drivers/adapters support neither monitor mode, nor seeing 802.11 headers when capturing, nor capturing non-data frames.

Promiscuous mode can be set; unfortunately, it's often crippled. In this mode many drivers don't supply packets at all, or don't supply packets sent by the host.
If you experience any problems capturing packets on WLANs, try to switch promiscuous mode off. In this case you will have to capture traffic on the host you're interested in.

The AirPcap adapters from CACE Technologies allow full raw 802.11 captures under Windows, including radiotap information.

Here is another reference you might want to read up.
A Quick Intro to Sniffers:
Wireshark/Ethereal, ARPSpoof, Ettercap, ARP poisoning and other niceties.

Improve this answer
3
  • Does it work in Linux better?
    – Daisetsu
    Commented Jun 8, 2010 at 18:55
  • @Daisetsu, I believe so. Have not tried it there myself. Maybe, someone else here has first hand experience...
    – nik
    Commented Jun 8, 2010 at 18:58
  • Just an FYI for anyone wanting to order airPcap Cace NX3 pack. I ordered their 3 pack package over three weeks ago and still haven't received it. The third party I'm ordering though has been trying daily to get this in my hands. I still haven't received the package and I have a very important network test on Sunday. This company really screwed me and I'll never forget. I have the choice of going with OmniPeak Pro, Fluke, or AirPcap Cace NX3 pack. I decided to go with AirPcap Case NX 3 because of the reviews I've seen on the internet. I work with very complex wireless systems and will never for
    – user187516
    Commented Jan 12, 2013 at 21:06

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .