Re: WLAN capture in Mac OSX - no IP packets

[Guy Harris <guy () alum mit edu>]

On Jun 16, 2010, at 6:45 PM, Alexandre Takacs wrote:

> I'd like to do packet capture on my WiFi network (which I have joined). I am only interested in data packets 
> (specifically traffic form my iPhone).
>
> I've installed WireShark and managed to have capture running in promiscuous mode. However I only see UDP packets from 
> other devices, no IP...

So what is the UDP traffic running over if it's not IP? :-)

I.e., what do you mean by "no IP packets"?  Do you mean "no TCP packets"?

If so, you're probably seeing only broadcast traffic.  The Wi-Fi adapters might not work in promiscuous mode; if you 
want to see traffic to and from other hosts, you might need to use monitor mode.

If you're running on Tiger, try capturing on wlt1 rather than en1.  If you're running on Leopard, try selecting 802.11 
or 802.11+radio information headers.  If you're running on Snow Leopard, then either try that or, if there's a checkbox 
for monitor mode, try checking that.

Note that if your network is encrypted, you might have to capture the initial setup packets when the other machines 
join the network, and enter the password for the network, so that traffic to or from other machines can be decrypted.
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe