Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Promiscuous mode on MacBook Pro

From: Daniel Briley <daniel.briley () dbriley co uk>
Date: Thu, 7 Jan 2010 19:42:11 +0000
Thanks for the replies. I've already read and aware of the content in the links you've provided. I understand the 
difference between prom/monitor mode and I've also followed the guide relating to MacOS specifically. My question still 
stands - Is anyone able to shed some light on why promiscuous mode might not work in my situation?

Many thanks

Daniel

On 6 Jan 2010, at 20:58, Daniel Briley wrote:


Hi

I'm attempting to use Wireshark to monitor WiFi traffic between my mobile phone and my local WiFi network. I'm using 
a MacBook Pro with OS 10.6.2 installed. I have Wireshark 1.2.5 (SVN Rev 31296). It's the MacOS package from the 
Wireshark site. I've installed the Chmod script which gives me access to /dev/bpf*. I'm assuming this is working 
correctly as I'm able to capture from the WiFi no problem. The issue I'm encountering is when I try and use 
promiscuous mode to monitor WiFi traffic from my mobile phone. Entering promiscuous mode in Wireshark seems to make 
no difference. I still only see broadcast, mulitcast and unicast traffic to and from my laptop. No other traffic is 
visible. Using the ifconfig terminal command I can confirm that the interface has the PROMISC flag added to it while 
Wireshark is capturing, so I was expecting it to work. Monitor mode also seems to work, but I only get low level 
802.11 traffic from various SSIDs around me. I'm using the laptop's internal

  Airport Express card, which is actually an Atheros AR5008 chip as far as I can tell.


I've read all the Wireshark docs that I can find on the subject, which has got me this far. Can anyone help me out? 
Is it a case of everything reporting correctly but the drivers aren't actually honouring promiscuous mode? It seems 
odd that monitor mode would work well but promisc support would be broken. Any ideas?

Many thanks

Daniel


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: