Wireshark mailing list archives
Re: 802.11 monitoring help
From: Thomas Morton <morton.thomas () googlemail com>
Date: Wed, 17 Feb 2010 19:28:15 +0000
hey Frank,
1. Try disabling decryption.
After emailing the list that was what I tried next. This works: it picks up TCP traffic and seems to recognise the HTTP requests (though it doesn't present it in quite the right way, need to test that). The problem is I have to get this working with encryption (the monitor is going to sit on a network people will be using for a few months).
2. Try toggling the various settings for "Ignore the protection bit". 3. Try Toggling the setting for "Assume Packets have FCS".
I'll give these a shot tomorrow, thanks for the suggestion! Tom On 17 February 2010 16:59, Frank Barta <fbarta () gmail com> wrote:
I've seen some similar output behavior in Wireshark for Windows. I've not worked with the Linux version, so take these suggestions with a grain of salt: 1. Try disabling decryption. 2. Try toggling the various settings for "Ignore the protection bit". 3. Try Toggling the setting for "Assume Packets have FCS". You've likely already looked here, but in case you have not, there may be information in here which can help you: http://wiki.wireshark.org/CaptureSetup/WLAN . On Wed, Feb 17, 2010 at 11:44 AM, Thomas Morton < morton.thomas () googlemail com> wrote:Hey all, Im working on something that has hit a brick wall - so hopefully some external help will point me in the right direction. The premise is thus: Im trying to monitor traffic on a wireless network. I have Wireshark running on Backtrack Linux and a Ubiquiti wireless card (which supports promiscuous mode). I have joined the network ok and wireshark is up and sniffing the network fine. It captures data from/to the local machine perfectly (as you would expect). The problem is when you introduce a new machine into the network. Wireshark DOES capture all data to/from the new machine but it refuses to display most of it in a recognizable format. Broadcast/Multicast stuff (like NBNS packets) are displayed correctly showing both the source/destination IP addresses and the packet contents. But the problem is that stuff like HTTP traffic is just displayed as, I think, the raw 802.11 packet - and nothing i can do will convince Wireshark to decode that. The packets are recognized as either LLC, SNA or (this last appears to be the HTTP data) 0x05f8. The source/destination are displayed as MAC addresses. I have tried adding WPA decryption keys to Wireshark as well (just in case...) with no joy. Version is 1.0.3. Any suggestions *very* gratefully accepted! Tom ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org ?subject=unsubscribe___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org ?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- 802.11 monitoring help Thomas Morton (Feb 17)
- Re: 802.11 monitoring help Frank Barta (Feb 17)
- Re: 802.11 monitoring help Thomas Morton (Feb 17)
- Re: 802.11 monitoring help Joerg Mayer (Feb 17)
- Re: 802.11 monitoring help Frank Barta (Feb 17)
- Re: 802.11 monitoring help Jaap Keuter (Feb 17)
- Re: 802.11 monitoring help Thomas Morton (Feb 18)
- Re: 802.11 monitoring help Gerald Combs (Feb 18)
- Re: 802.11 monitoring help Thomas Morton (Feb 18)
- Re: 802.11 monitoring help Frank Barta (Feb 17)