Raymond Jender | 1 Nov 05:28 2009
Picon

Sniffing Wireless with Wireshark?


I am trying to use Wireshark to sniff 802.11g traffic.  I am successfully browsing over the air, but I cannot see any packets..  I am using version 1.2.3  on a Win 7 64 bit box.

Thanks,

Ray


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@...>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@...?subject=unsubscribe
Steve Evans | 1 Nov 05:42 2009
Picon

Re: Sniffing Wireless with Wireshark?

Are you using PCAP (or similar) adapters? Are you scanning the correct channels?

--- On Sun, 11/1/09, Raymond Jender <rayj00@...> wrote:

> From: Raymond Jender <rayj00@...>
> Subject: [Wireshark-users] Sniffing Wireless with Wireshark?
> To: wireshark-users@...
> Date: Sunday, November 1, 2009, 12:28 AM
> 
> I am trying to use Wireshark to sniff 802.11g
> traffic.  I am successfully browsing over the air, but
> I cannot see any packets..  I am using version
> 1.2.3  on a Win 7 64 bit box.
> 
> Thanks,
> 
> Ray
> 
> 
> 
> 
>       
> -----Inline Attachment Follows-----
> 
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users <at> wireshark.org>
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>          
>    mailto:wireshark-users-request@...?subject=unsubscribe

      
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@...>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@...?subject=unsubscribe

Guy Harris | 1 Nov 09:42 2009
Picon

Re: Sniffing Wireless with Wireshark?


On Oct 31, 2009, at 9:42 PM, Steve Evans wrote:

> Are you using PCAP (or similar) adapters?

Presumably by "PCAP (or similar) adapters" you mean "AirPcap (or  
similar) adapters":

	http://www.cacetech.com/products/airpcap.html

Windows, prior to the adoption of "Native 802.11":

	http://msdn.microsoft.com/en-us/library/aa503061.aspx

was not very friendly towards capturing on 802.11 networks, and, even  
with Native 802.11, capturing with WinPcap (the capture mechanism  
Wireshark uses on Windows) doesn't work all that well (WinPcap doesn't  
support NDIS 6, and thus doesn't support Native 802.11).  With  
WinPcap, on 802.11 networks, you can capture with promiscuous mode  
off, and capture traffic to and from your machine, which will  
*probably* work; promiscuous mode might not work at all, and monitor  
mode isn't supported.

AirPcap adapters are special (they don't plug into the normal Windows  
networking stack, so they can't be used as normal adapters to join a  
wireless network), and can capture (in what amounts to monitor mode)  
on Windows.
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@...>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@...?subject=unsubscribe

Jack Jackson | 1 Nov 06:50 2009

Re: (-0.2) Sniffing Wireless with Wireshark?

At 09:28 PM 10/31/2009, Raymond Jender wrote:

>I am trying to use Wireshark to sniff 802.11g traffic.  I am successfully 
>browsing over the air, but I cannot see any packets..  I am using version 
>1.2.3  on a Win 7 64 bit box.

I would try it both with "Capture packets in promiscuous mode" turned on 
and off. 

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@...>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@...?subject=unsubscribe

Steve Evans | 1 Nov 16:42 2009
Picon

Re: Sniffing Wireless with Wireshark?


> Presumably by "PCAP (or similar) adapters" you mean
> "AirPcap (or  
> similar) adapters":

Correct. We've grown accustomed to calling them "PCAP" for short.

--- On Sun, 11/1/09, Guy Harris <guy@...> wrote:

> From: Guy Harris <guy@...>
> Subject: Re: [Wireshark-users] Sniffing Wireless with Wireshark?
> To: "Community support list for Wireshark" <wireshark-users@...>
> Date: Sunday, November 1, 2009, 3:42 AM
> 
> On Oct 31, 2009, at 9:42 PM, Steve Evans wrote:
> 
> > Are you using PCAP (or similar) adapters?
> 
> Presumably by "PCAP (or similar) adapters" you mean
> "AirPcap (or  
> similar) adapters":
> 
>     http://www.cacetech.com/products/airpcap.html
> 
> Windows, prior to the adoption of "Native 802.11":
> 
>     http://msdn.microsoft.com/en-us/library/aa503061.aspx
> 
> was not very friendly towards capturing on 802.11 networks,
> and, even  
> with Native 802.11, capturing with WinPcap (the capture
> mechanism  
> Wireshark uses on Windows) doesn't work all that well
> (WinPcap doesn't  
> support NDIS 6, and thus doesn't support Native
> 802.11).  With  
> WinPcap, on 802.11 networks, you can capture with
> promiscuous mode  
> off, and capture traffic to and from your machine, which
> will  
> *probably* work; promiscuous mode might not work at all,
> and monitor  
> mode isn't supported.
> 
> AirPcap adapters are special (they don't plug into the
> normal Windows  
> networking stack, so they can't be used as normal adapters
> to join a  
> wireless network), and can capture (in what amounts to
> monitor mode)  
> on Windows.
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users <at> wireshark.org>
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>          
>    mailto:wireshark-users-request@...?subject=unsubscribe
> 

      
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@...>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@...?subject=unsubscribe

Guy Harris | 1 Nov 20:29 2009
Picon

Re: Sniffing Wireless with Wireshark?


On Nov 1, 2009, at 7:42 AM, Steve Evans wrote:

>> Presumably by "PCAP (or similar) adapters" you mean
>> "AirPcap (or
>> similar) adapters":
>
> Correct. We've grown accustomed to calling them "PCAP" for short.

Given that not everybody's familiar with that convention - I've never  
heard it, for example - and that "pcap" is also used to refer to  
libpcap/WinPcap (see the Wikipedia page for "pcap", for example),  
using the full name is probably a better idea on the list.
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@...>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@...?subject=unsubscribe

Raymond Jender | 1 Nov 22:40 2009
Picon

Re: Sniffing Wireless with Wireshark?


I do not have Airpcap.  It's a little pricey for me right now.  I am in a Wi-Fi learning mode right now in preparation for certifying (CWNA/CWSP).  Is there some open source equivalent to Airpcap?  Or some freeware software?

I also tried Wireshark promiscuous mode on and off.

And I could not find where the "802.11 channel" option is in Wireshark?

Is my Wireless adapter supposed to be shown in the Capture->Interfaces because it ain't!   My Wireless NIC is the Realtek RTL8191SE Wireless LAN 802.11n PCI-E NIC.

The Wireshark Capture Interfaces show:  Microsoft,  Realtek RTL8102/8103,  and two VMware Ethernet Adapters. (I have Backtrack 4 loaded as a VM, again for wireless learning)

The only interface I see packets on is the Microsoft one??? And no 802.11 packets.
I have to believe this is the wireless NIC.  I disconnected the ethernet cable.
When I look at the details of the Capture Interface, the 802.11 tab is greyed out?

I seem to missing something????

Thanks for all your help...

Ray
Windows 7 64 Bit


--- On Sun, 11/1/09, wireshark-users-request <at> wireshark.org <wireshark-users-request-IZ8446WsY0/dtAWm4Da02A@public.gmane.org> wrote:

From: wireshark-users-request-IZ8446WsY09bUvnAld5oAA@public.gmane.orgg <wireshark-users-request-IZ8446WsY0/dtAWm4Da02A@public.gmane.org>
Subject: Wireshark-users Digest, Vol 42, Issue 1
To: wireshark-users-IZ8446WsY0/dtAWm4Da02A@public.gmane.org
Date: Sunday, November 1, 2009, 2:00 PM

Send Wireshark-users mailing list submissions to
    wireshark-users-IZ8446WsY0/dtAWm4Da02A@public.gmane.org

To subscribe or unsubscribe via the World Wide Web, visit
    https://wireshark.org/mailman/listinfo/wireshark-users
or, via email, send a message with subject or body 'help' to
    wireshark-users-request-IZ8446WsY0/dtAWm4Da02A@public.gmane.org

You can reach the person managing the list at
    wireshark-users-owner-IZ8446WsY0/dtAWm4Da02A@public.gmane.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Wireshark-users digest..."


Today's Topics:

   1. Sniffing Wireless with Wireshark? (Raymond Jender)
   2. Re: Sniffing Wireless with Wireshark? (Steve Evans)
   3. Re: Sniffing Wireless with Wireshark? (Guy Harris)
   4. Re: (-0.2)  Sniffing Wireless with Wireshark? (Jack Jackson)
   5. Re: Sniffing Wireless with Wireshark? (Steve Evans)
   6. Re: Sniffing Wireless with Wireshark? (Guy Harris)


----------------------------------------------------------------------

Message: 1
Date: Sat, 31 Oct 2009 21:28:53 -0700 (PDT)
From: Raymond Jender <rayj00-/E1597aS9LQAvxtiuMwx3w@public.gmane.org>
Subject: [Wireshark-users] Sniffing Wireless with Wireshark?
To: wireshark-users <at> wireshark.org
Message-ID: <716509.9395.qm-r1As2xit2RevuULXzWHTWIglqE1Y4D90QQ4Iyu8u01E@public.gmane.org>
Content-Type: text/plain; charset="iso-8859-1"


I am trying to use Wireshark to sniff 802.11g traffic.? I am successfully browsing over the air, but I cannot see any packets..? I am using version 1.2.3? on a Win 7 64 bit box.

Thanks,

Ray




     
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.wireshark.org/lists/wireshark-users/attachments/20091031/998cfb42/attachment.html

------------------------------

Message: 2
Date: Sat, 31 Oct 2009 21:42:53 -0700 (PDT)
From: Steve Evans <sc_evans-/E1597aS9LQAvxtiuMwx3w@public.gmane.org>
Subject: Re: [Wireshark-users] Sniffing Wireless with Wireshark?
To: Community support list for Wireshark
    <wireshark-users-IZ8446WsY0/dtAWm4Da02A@public.gmane.org>
Message-ID: <258366.8928.qm-r1As2xit2RevuULXzWHTWIglqE1Y4D90QQ4Iyu8u01E@public.gmane.org>
Content-Type: text/plain; charset=iso-8859-1

Are you using PCAP (or similar) adapters? Are you scanning the correct channels?




--- On Sun, 11/1/09, Raymond Jender <rayj00-/E1597aS9LQAvxtiuMwx3w@public.gmane.org> wrote:

> From: Raymond Jender <rayj00-/E1597aS9LQAvxtiuMwx3w@public.gmane.org>
> Subject: [Wireshark-users] Sniffing Wireless with Wireshark?
> To: wireshark-users-IZ8446WsY0/dtAWm4Da02A@public.gmane.org
> Date: Sunday, November 1, 2009, 12:28 AM
>
> I am trying to use Wireshark to sniff 802.11g
> traffic.? I am successfully browsing over the air, but
> I cannot see any packets..? I am using version
> 1.2.3? on a Win 7 64 bit box.
>
> Thanks,
>
> Ray
>
>
>
>
>       
> -----Inline Attachment Follows-----
>
> ___________________________________________________________________________
> Sent via:? ? Wireshark-users mailing list <wireshark-users <at> wireshark.org>
> Archives:? ? http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
> ? ? ? ? ?
> ???mailto:wireshark-users-request <at> wireshark.org?subject=unsubscribe


     


------------------------------

Message: 3
Date: Sun, 1 Nov 2009 01:42:30 -0700
From: Guy Harris <guy-FrUbXkNCsVf2fBVCVOL8/A@public.gmane.org>
Subject: Re: [Wireshark-users] Sniffing Wireless with Wireshark?
To: Community support list for Wireshark
    <wireshark-users-IZ8446WsY0/dtAWm4Da02A@public.gmane.org>
Message-ID: <E331D4F0-26E2-484D-A659-D8169B42CFD8-FrUbXkNCsVf2fBVCVOL8/A@public.gmane.org>
Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes


On Oct 31, 2009, at 9:42 PM, Steve Evans wrote:

> Are you using PCAP (or similar) adapters?

Presumably by "PCAP (or similar) adapters" you mean "AirPcap (or 
similar) adapters":

    http://www.cacetech.com/products/airpcap.html

Windows, prior to the adoption of "Native 802.11":

    http://msdn.microsoft.com/en-us/library/aa503061.aspx

was not very friendly towards capturing on 802.11 networks, and, even 
with Native 802.11, capturing with WinPcap (the capture mechanism 
Wireshark uses on Windows) doesn't work all that well (WinPcap doesn't 
support NDIS 6, and thus doesn't support Native 802.11).  With 
WinPcap, on 802.11 networks, you can capture with promiscuous mode 
off, and capture traffic to and from your machine, which will 
*probably* work; promiscuous mode might not work at all, and monitor 
mode isn't supported.

AirPcap adapters are special (they don't plug into the normal Windows 
networking stack, so they can't be used as normal adapters to join a 
wireless network), and can capture (in what amounts to monitor mode) 
on Windows.


------------------------------

Message: 4
Date: Sat, 31 Oct 2009 22:50:31 -0700
From: Jack Jackson <jack-YsEDwyLE+RYE8Gx1Vj3tGg@public.gmane.org>
Subject: Re: [Wireshark-users] (-0.2)  Sniffing Wireless with
    Wireshark?
To: Community support list for Wireshark
    <wireshark-users-IZ8446WsY0/dtAWm4Da02A@public.gmane.org>
Message-ID: <20091101055032.D5190509D9-a5dPJioxbBD9PevJEoHr716hYfS7NtTn@public.gmane.org>
Content-Type: text/plain; charset="us-ascii"; format=flowed

At 09:28 PM 10/31/2009, Raymond Jender wrote:

>I am trying to use Wireshark to sniff 802.11g traffic.  I am successfully
>browsing over the air, but I cannot see any packets..  I am using version
>1.2.3  on a Win 7 64 bit box.

I would try it both with "Capture packets in promiscuous mode" turned on
and off.



------------------------------

Message: 5
Date: Sun, 1 Nov 2009 07:42:33 -0800 (PST)
From: Steve Evans <sc_evans-/E1597aS9LQAvxtiuMwx3w@public.gmane.org>
Subject: Re: [Wireshark-users] Sniffing Wireless with Wireshark?
To: Community support list for Wireshark
    <wireshark-users <at> wireshark.org>
Message-ID: <53930.20366.qm-r1As2xit2RevuULXzWHTWIglqE1Y4D90QQ4Iyu8u01E@public.gmane.org>
Content-Type: text/plain; charset=iso-8859-1


> Presumably by "PCAP (or similar) adapters" you mean
> "AirPcap (or 
> similar) adapters":

Correct. We've grown accustomed to calling them "PCAP" for short.



--- On Sun, 11/1/09, Guy Harris <guy-FrUbXkNCsVf2fBVCVOL8/A@public.gmane.org> wrote:

> From: Guy Harris <guy-FrUbXkNCsVf2fBVCVOL8/A@public.gmane.org>
> Subject: Re: [Wireshark-users] Sniffing Wireless with Wireshark?
> To: "Community support list for Wireshark" <wireshark-users-IZ8446WsY0/dtAWm4Da02A@public.gmane.org>
> Date: Sunday, November 1, 2009, 3:42 AM
>
> On Oct 31, 2009, at 9:42 PM, Steve Evans wrote:
>
> > Are you using PCAP (or similar) adapters?
>
> Presumably by "PCAP (or similar) adapters" you mean
> "AirPcap (or?
> similar) adapters":
>
> ??? http://www.cacetech.com/products/airpcap.html
>
> Windows, prior to the adoption of "Native 802.11":
>
> ??? http://msdn.microsoft.com/en-us/library/aa503061.aspx
>
> was not very friendly towards capturing on 802.11 networks,
> and, even?
> with Native 802.11, capturing with WinPcap (the capture
> mechanism?
> Wireshark uses on Windows) doesn't work all that well
> (WinPcap doesn't?
> support NDIS 6, and thus doesn't support Native
> 802.11).? With?
> WinPcap, on 802.11 networks, you can capture with
> promiscuous mode?
> off, and capture traffic to and from your machine, which
> will?
> *probably* work; promiscuous mode might not work at all,
> and monitor?
> mode isn't supported.
>
> AirPcap adapters are special (they don't plug into the
> normal Windows?
> networking stack, so they can't be used as normal adapters
> to join a?
> wireless network), and can capture (in what amounts to
> monitor mode)?
> on Windows.
> ___________________________________________________________________________
> Sent via:? ? Wireshark-users mailing list <wireshark-users-IZ8446WsY0/dtAWm4Da02A@public.gmane.org>
> Archives:? ? http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
> ? ? ? ? ?
> ???mailto:wireshark-users-request-IZ8446WsY0/dtAWm4Da02A@public.gmane.org?subject=unsubscribe
>


     


------------------------------

Message: 6
Date: Sun, 1 Nov 2009 11:29:00 -0800
From: Guy Harris <guy-FrUbXkNCsVf2fBVCVOL8/A@public.gmane.org>
Subject: Re: [Wireshark-users] Sniffing Wireless with Wireshark?
To: Community support list for Wireshark
    <wireshark-users <at> wireshark.org>
Message-ID: <986036C0-D1A8-4210-A195-8000D1A62B0E <at> alum.mit.edu>
Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes


On Nov 1, 2009, at 7:42 AM, Steve Evans wrote:

>> Presumably by "PCAP (or similar) adapters" you mean
>> "AirPcap (or
>> similar) adapters":
>
> Correct. We've grown accustomed to calling them "PCAP" for short.

Given that not everybody's familiar with that convention - I've never 
heard it, for example - and that "pcap" is also used to refer to 
libpcap/WinPcap (see the Wikipedia page for "pcap", for example), 
using the full name is probably a better idea on the list.


------------------------------

_______________________________________________
Wireshark-users mailing list
Wireshark-users-IZ8446WsY0/dtAWm4Da02A@public.gmane.org
https://wireshark.org/mailman/listinfo/wireshark-users


End of Wireshark-users Digest, Vol 42, Issue 1
**********************************************

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@...>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@...?subject=unsubscribe
Guy Harris | 1 Nov 22:57 2009
Picon

Re: Sniffing Wireless with Wireshark?


On Nov 1, 2009, at 1:40 PM, Raymond Jender wrote:

> I do not have Airpcap.  It's a little pricey for me right now.  I am  
> in a Wi-Fi learning mode right now in preparation for certifying  
> (CWNA/CWSP).  Is there some open source equivalent to Airpcap?  Or  
> some freeware software?

Yes.  There's a freeware product called "Linux" (well, it usually goes  
under names such as "Ubuntu" and "Fedora" and...); if you run that on  
your PC, you'll probably find it much easier to capture on 802.11  
networks.  Other freeware products that do better have names such as  
"FreeBSD", "NetBSD", "OpenBSD", "DragonFly BSD", "PC-BSD", etc..

Unfortunately, there's no freeware *for Windows* that will make this  
work better.

> And I could not find where the "802.11 channel" option is in  
> Wireshark?

There isn't one, at present, unless you have AirPcap (not even on  
UN*Xes such as Linux or *BSD).
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@...>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@...?subject=unsubscribe

Guy Harris | 1 Nov 23:02 2009
Picon

Re: Sniffing Wireless with Wireshark?


On Nov 1, 2009, at 1:57 PM, Guy Harris wrote:

> Unfortunately, there's no freeware *for Windows* that will make this
> work better.

Actually, that's not true.

There's no freeware for Windows that will make this work better *in  
Wireshark*.

However, there is Microsoft Network Monitor:

	http://go.microsoft.com/fwlink/?LinkID=103158&clcid=0x409

which is a free download, and which, at least on Windows Vista and  
probably Windows 7, should be able to capture on 802.11 devices.   
(It's not open source, but it is freeware - "free as in beer", i.e.  
you can download it without paying for it, but not "free as in  
speech", so you can't get the source to it from Microsoft, although  
the protocol descriptions it uses to dissect packets *are* available  
in source code form - they come with the download.)
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@...>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@...?subject=unsubscribe

Mohan Lal Jangir | 2 Nov 06:54 2009

IuUP decode as question

Dear list members,

I am using Wireshark version 1.2.3

I have some IuUP packets in pcap format. However I do not see IuUP protocol 
option in "decode as" list.

However preferences, protocols shows IuUP protocols which indicates 
Wireshark supports IuUP.

Please tell me how can I decode packets as IuUP.

What does "IuUP dynamic payload type" means in IuUP protocol preferences.

Thanks
-Mohan

P.S. - Please CC replies to me.

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@...>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@...?subject=unsubscribe


Gmane