Wireshark mailing list archives

Re: WLAN capture in Mac OSX - no IP packets

From: Alexandre Takacs <admin () mobile-mail ch>
Date: Thu, 17 Jun 2010 05:31:05 +0200

Hello

Thanks for your prompt response !

I'd like to do packet capture on my WiFi network (which I have joined). I am only interested in data packets 
(specifically traffic form my iPhone).

I've installed WireShark and managed to have capture running in promiscuous mode. However I only see UDP packets 
from other devices, no IP...


So what is the UDP traffic running over if it's not IP? :-)


Of course this should read no TCP ;)


If so, you're probably seeing only broadcast traffic.  The Wi-Fi adapters might not work in promiscuous mode; if you 
want to see traffic to and from other hosts, you might need to use monitor mode.

If you're running on Tiger, try capturing on wlt1 rather than en1.  If you're running on Leopard, try selecting 
802.11 or 802.11+radio information headers.  If you're running on Snow Leopard, then either try that or, if there's a 
checkbox for monitor mode, try checking that.


Running 1.2.9 under SnowLeopard (10.6.4). Don't see a checkbox for monitor mode - Tried to switch to 802.11 mode: I 
certainly see much more noise (including lots of "malformed packets" - is this normal ?) but still not the TCP stuff 
I'm looking for (such as plain vanilla http traffic)

Note that if your network is encrypted, you might have to capture the initial setup packets when the other machines 
join the network, and enter the password for the network, so that traffic to or from other machines can be decrypted.


Hmm... so what you are saying is that in an encrypted network I will not be able to access the plaintext content of the 
packets even if I have joined the network ?

Again many thanks for your help

Regards

alex 

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

Is Wireshark what I'm looking for? James Arthurs (Jun 16)
- Large Packet Captures Charles Wu (Jun 16)
  - Re: Large Packet Captures Jaap Keuter (Jun 16)
- Re: Is Wireshark what I'm looking for? Martin Visser (Jun 16)
  - WLAN capture in Mac OSX - no IP packets Alexandre Takacs (Jun 16)
    - Re: WLAN capture in Mac OSX - no IP packets Guy Harris (Jun 16)
    - Re: WLAN capture in Mac OSX - no IP packets Alexandre Takacs (Jun 16)